[SECURITY] [DLA 1346-1] tiff security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1346-1] tiff security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Sun, 15 Apr 2018 22:34:19 -0400
Message-id: <[🔎] 20180416023419.GA20418@hle-laptop.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff
Version        : 4.0.2-6+deb7u19
CVE ID         : CVE-2018-7456
Debian Bug     : 891288 

A NULL Pointer Dereference was discovered in the TIFFPrintDirectory
function (tif_print.c) when using the tiffinfo tool to print crafted
TIFF information. This vulnerability could be leveraged by remote
attackers to cause a crash of the application.

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u19.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlrUC10ACgkQLVy48vb3
khmXmwf7Bfz6v8Lle0D5CA8pae67570bO31pJpcbdcC9JMpdWVB9Pci8FAULtaE5
kJPGjy/nonKy5nSSctEEzydoVqQ6hkiknpWU+eKd7gZu+pcaC0lXtULrKsvQ6g1W
j1KBaZV4XGhnRrKVixtTwMphUlTaJa/pv5/WZeJp5pMAKEwv93zBCStf1efx1XYu
/+4Ey+glVtpS+rLRjzLJtFULQfCcPIZb9hTCLlQcErWxAJm6Xxw+ZNedzirQe2Im
+q9o/toDIJHzb6ZpG+PW5/wdTCQ5pqoov/k5bZI8Q+7LbqLKBifBrOUefGm8HkJd
ov//MNlueQRseHr4JhJH1tGvKwf+8w==
=0znQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1345-1] perl security update
Next by Date: [SECURITY] [DLA 1347-1] tiff3 security update
Previous by thread: [SECURITY] [DLA 1345-1] perl security update
Next by thread: [SECURITY] [DLA 1347-1] tiff3 security update
Index(es):
- Date
- Thread