security update for tiff
This update for tiff fixes the following issues:
* CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for
invalid images (bsc#964225)
* CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).
* CVE-2016-5875: heap-based buffer overflow when using the PixarLog
compressionformat (bsc#987351)
* CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in
tif_pixarlog.c (bsc#984837)
* CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function
(bsc#984831)
* CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in
libtiff.so (bsc#984842)
* CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in
tif_pixarlog.c (bsc#984808)
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#974614
VUL-1: CVE-2016-3945: tiff: Out-of-bounds Write in the tiff2rgba tool
bnc#974618
VUL-1: CVE-2016-3623: libtiff: Divide By Zero in the rgb2ycbcr tool
bnc#975069
VUL-1: CVE-2016-3990: tiff: out-of-bounds write in horizontalDifference8() in tiffcp tool
bnc#975070
VUL-1: CVE-2016-3991: tiff: out-of-bounds write in loadImage() in tiffcrop tool
bnc#984808
VUL-1: tiff: CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
bnc#984831
VUL-1: tiff: CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function
bnc#984837
VUL-0: tiff: CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c
bnc#984842
VUL-1: tiff: CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so
bnc#987351
VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLog compressionformat
