|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-610-1 (tiff3)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 610-1] tiff3 security update 


Date:
    	      Mon, 5 Sep 2016 00:04:45 +0200


Message-ID:
    	      <6e0d5ecc-e383-e5f5-c032-52c4930fc041@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff3
Version        : 3.9.6-11+deb7u1
CVE ID         : CVE-2010-2596 CVE-2013-1961 CVE-2014-8128
   	 	 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547
                 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186
                 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990
                 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315
                 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320
                 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323
                 CVE-2016-5875 CVE-2016-6223


Several security vulnerabilities were discovered in tiff3, a library
providing support for the Tag Image File Format (TIFF). An attacker
could take advantage of these flaws to cause a denial-of-service
against an application using the libtiff4 or libtiffxx0c2 library
(application crash), or potentially execute arbitrary code with the
privileges of the user running the application.

For Debian 7 "Wheezy", these problems have been fixed in version
3.9.6-11+deb7u1.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXzJp9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkEhQP/iUwZjv20sBhgPXPdJR4Iyoa
5tVOsNNj8XlCQW319wSr229bzFJO+vGRkMQ3WXIk4Spoa4/PvUa7xAun5tlHl8LL
EJ6lw0jEG9ofmci0jrNeVxfQoTj0k2mboxoMw8ERB/6N9U1o15/a5E3FzTIrY8qJ
0D77CMnMETSG1ejPVqSX5V4//9aW0Zqf9+gUCGxKKlz1cI7JFFeP9xH8TudAIOrY
8cdF9R69CmsrNfm0MdB/+Yw0F9H+JJigsgn6dbUWVtD+5Sw1GIV1GBOT4Ul/QFSQ
0rWF7s7qXL+gZUIF6LTcRttT1GAxw76yeTpYLna/bZ1HQg6C3zhFH5xGAWPp265D
BPAXWAVd1yeDUPWgwTXTZdq2aDJos2jKHVRBmdbwgB6i63l7+64SGV0MNn82LxoX
pyKpMQxsM1RDxUAD2a6+aBi/e2zdiq+HuUnuHOLvZWucwGNXdbLRWGni2XA2d0Hy
uvLhD7Kq0MsKwgTQZGRGs2WOUnr5g9TNgmGZP0AjP3gmdzmv2yVQOahcIaSPXQs2
aY5aR0gypY9DSSDiJgm3BCnWhtaLyoWL16sNqJo1QA1YEHuTny80cWbXgSKeDN8j
sclRs13DpzDG9OTYsLpb4ttBF4L5z7qU6Lf1Pj6/1OE+yzjovVwtudLPGX1gUQ4Q
6Vsf5tjDWqszYU/1tvdI
=YJpO
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds