Debian alert DLA-2932-1 (tiff)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2932-1] tiff security update | |
| Date: | Sun, 06 Mar 2022 17:18:56 +0000 | |
| Message-ID: | <alpine.DEB.2.21.2203061718100.4593@postfach.intern.alteholz.me> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2932-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz March 06, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : tiff Version : 4.0.8-2+deb9u8 CVE ID : CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 Debian Bug : Several issues have been found in tiff, a library and tools to manipulate and convert files in the Tag Image File Format (TIFF). CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u8. We recommend that you upgrade your tiff packages. For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmIk7QBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdiLBAApuH41axQzsBZu9eEE4Ty95ok9avGpUurh+9iVcEKxY3TH9N64VEVFLE+ NY5S/rQzOr841Ru/AYGynmthQOEQfp+EAZX/7jpea2nN+BeNDjOpgfvrm3IIalka ftez/w6XXYHGVNYAeh0hkK/zuoHYV+JGODLU1eGSFmISYwRm+wASlbadrBqn3zh5 ZE4UJK8bF7VDF4Vv8H7VUvbta/d7m5T5CeJ3XK3ki7sg2ZI+qJh+XN6PD39cJsP/ KtRgwKxGfUsL7kTqLgHoXIwjschntyrfvW8aJJO5nPNT4YJkQwiF9fyOn5Uv2ztA 5Rfov6/pKe82rnZej/9+UCAlDjz7Iq0BgER3mb/XTJCx+7dw526EPZEmITVA+MHs B8wtuo9I9uBmMPMYBubzPNQEyNdV1tCXn1UDgtbX/qL8h/9155Y9oFf8J2tRqg0n iqq1GjB/6qguaeRsfxyS4tOhG1pbYYVRgTUnkl2tl9IIyuRtWPEUmGFUoE+87nn3 DiE8hTuokLdeGZ5H1OLWSsT5rw6L9/TWpnpsG6a0HsKQaFBEGJvTO6zxZ8svfdxY jbnL6uPJ+CpEvrokURxQiB+vpSOMCGWNPYozXXhwAx+kjSy640HHvmjCkwqkntXW LHw5gK5MrHRT+hJJx7/eTUAIlUw7YMTdL/U08P+N6iSvk8f4q3s= =gP3s -----END PGP SIGNATURE-----