Debian Security Advisory
DLA-795-1 tiff -- LTS security update
- Date Reported:
- 23 Jan 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 846837, Bug 820365, Bug 836570, Bug 851297.
In Mitre's CVE dictionary: CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3945, CVE-2016-3990, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9540, CVE-2016-10092, CVE-2016-10093, CVE-2017-5225.
- More information:
It was discovered that there were two vulnerabilities in hesiod, Project Athena's DNS-based directory service:
A weak SUID check allowing privilege elevation.
Use of a hard-coded DNS fallback domain (athena.mit.edu) if configuration file could not be read.
For Debian 7
Wheezy, this issue has been fixed in hesiod version 3.0.2-21+deb7u1.
We recommend that you upgrade your hesiod packages.