[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 2965-1] tiff security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2965-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
June 22, 2014                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tiff
CVE ID         : CVE-2013-4243
Debian Bug     : 742917

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff
command line tool.  Executing gif2tiff on a malicious tiff image could
result in arbitrary code execution.

For the stable distribution (wheezy), this problem has been fixed in
version 4.0.2-6+deb7u3.

For the testing distribution (jessie), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 4.0.3-9.

We recommend that you upgrade your tiff packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTpn43AAoJELjWss0C1vRzdBMgAMSF6LOZehhGi/s/gETqfDBh
5kRsWm/fjKjj+0RFivyW1o5N2DLX1Mkl5i2N6mwP7k7PkFqd4g5POWB/EmILfKB6
63UU1V2Xq8AYduj2txiYND+JUzkYKvEgBIuWWaOdQlhoa3ruTu8gEq5raA24sME5
fwkbmMGNffTRrileo/lw7I/N5wXjiBq8p/WTq9V0G3Dq0BZKMpQmneyfe3M122FG
CiBLcP48bi1b3G1fQ8EtKvaDlvfq8j55k4jiH8If0KD+t1NSZKOPiPH8voH3Oxnm
8Ijix65NPdVYQ+ZtPZDnr6qGEIbMpbmDxggzBaHX4TXfJEmYzxxt9nLIzP5zf90j
bFbP5cCub++3psoCBQ+jEh5TmILBJdU6xqPNcMOrUyCZYcDoIc8F0u1MLdmupDiY
Hlk9LLrgueVj7lyM6A5y6pWMfca0+Rir5F1TTlO1nZZv7q4KRPI3E7dgXIX19gmU
eytQSou61bYAuQJI0Cgb6G532h+xD09c4iwAu5aADiK6wKTQ5XWjdl7DjGJt4RIx
bKtuprofvaVJ1iUWaFCaRGo2fQs0Z4e8mgZtT6a0xLNZdmwmLpjgK3ngFhf1sEsf
rKYuEV9m1COm27mBo90J+4RUa7BGXh/H+mtj0zbH3UqZdfWxOlZYEOZa2VVKDlgw
Ulfn2kUOBvs+Gh68/wqoqjjILsrnzXBxjAhwJSR0/UjLcOWw54KZ+Kyw2gT0lf2Q
AoNOE9qWxk0ZNSDBI5SwH2Sf0XfDqwqoQ7YJSc6AuvsPOWXnsOdo5FHRXiKa3gVo
aBykVk4H4IcOqld4+2h+QUtTqxYYR7LdWRawzekDKXRUtyUngrCP97BbwxX8afq7
t6YSUnE5zCxgeSss1LKSx3bMi4JitJoi64g5z+hrYQRSwVzamqVBnt1aB7gT4WZh
WlqgAkjAHaiyD1XdULhpCA5N+dZKvt51C2YaN6mOnOFKsPqfWltn2R94nHzIhONl
d7tRjPd1JkXgYp5H6fK71hREGZmBEQQNbdgYI5bOWFBRb8RbtS0yzgEV3VwGDbqQ
W/f6ATDntaPGA045PS9S1EjtDG2bLBPxEs5Fk/BBxFfYntYMh/xpMCEKL5VfVcYN
uvsMvd97aHTBSvMixq6Ncrt0roE/jaWkUEU/JUXHNRWNUBInmJUGwoVI4HB2TA9c
4ih1E+XIJxwFHZAOVBKA1DUBFAA4n0BZ/UpwJnh5TT1V/+F53/msrDXZ9FVvcvCl
pontPEW/fJZbO6sC4nhJMjEjOjZv4q2JsUV2HowOhnNfhpdmvVrvcgSlgCHK00OP
Y/Qbj8g7DbsDqAOO5rOdvB69V4xWjeBMLBmEYvYZ4yX1dHG9Y2uwyXaHRJidTQE=
=ZGfn
-----END PGP SIGNATURE-----


Reply to: