[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1378-1] tiff3 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff3
Version        : 3.9.6-11+deb7u11
CVE ID         : CVE-2018-8905
Debian Bug     : 893806

A heap-based buffer overflow was discovered in the LZWDecodeCompat
function in tif_lzw.c (LibTIFF 4.0.9 and earlier). This vulnerability
might be leveraged by remote attackers to crash the client via a
crafted TIFF LZW file.

For Debian 7 "Wheezy", these problems have been fixed in version
3.9.6-11+deb7u11.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlr44TkACgkQLVy48vb3
khkz0gf9EHAkzzjc3zZSh60d5zW5tp94hbKQC1E8HaQOc4/SRxxxi+ialRSR0SSa
z+V5PKQCqIsXRhGbm20drp75zwUFWrsX8UpQxd1Nj+M/2dROGyFKsfsghcP0bcAi
TtWiMbt1aVZvFcNv5AJAzMlN5B4HakqIUClxSqNOKOp+qQA8j/LtncNfNeB1pLX6
nFJ3B5PYA/48CVYuB5A7Z1I67xvxhPYjW44GJedTDALrg+6G4WTf8cfvvXbdFcYX
aSmCe1vf6vO4TCZx7l37ZVT9BAaUznXHB0AsYxR+eZPSOrc43MfuMucNC3gyGteG
5x2bBnxYe6OCGAEMIJqDo5+Fl5beAA==
=m1LP
-----END PGP SIGNATURE-----
Reply to: