[SECURITY] [DLA 1557-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : tiff
Version : 4.0.3-12.3+deb8u7
CVE ID : CVE-2018-17100 CVE-2018-17101 CVE-2018-18557
CVE-2018-17100
An int32 overflow can cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted
image file
CVE-2018-17101
Out-of-bounds writes can cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted
image file
CVE-2018-18557
Out-of-bounds write due to ignoring buffer size can cause a denial
of service (application crash) or possibly have unspecified other
impact via a crafted image file
For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u7.
We recommend that you upgrade your tiff packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJb1bbpXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHDbEP/28TZ2w42xZ2IvihCQ5tQEje
7HtfwqucCBc/c1Yh3MqdxKbZ/LJNrAp1HzwpxqgBxyA3F/hzNcoVV9U7WGPsebLL
KoWAh5rNg/7SxyOqYjUTbAL8QQ1hmIt4ehJt+VfSca70EY/ARBZZKk6n8Zp/UriE
vuExOARw/Lo6qz2wionT8btwvUSymHuo4LoT48iCMvzdszUbMFYdVoW2oo6a1GeN
LhcOaNdHo0bi+lOCUM7xw8K/By0zin7XW5MQI3QDDcSQOUvzB5bjQTWRkN01CLa3
XmYuG7pXvxOQlpTAIe8OYeVcSxGL0z9hT/cVfbVpHV9T1XLbrY1mkh0z+lIHD3O4
P5KbCUu/bhvPqUFZwK1Quni/NNA1zLlg7UQfI2+9vSxPqjXc9Z5Jzo5sN5wRHN/a
Gz3j/KTlmxq6PlU0P58O3E0UwTZZfQ33EKrvm+ViwAWuYpGfdzeJ+DTQzCTLAh2s
QMBCPwqbNQ5/vKqdmc7rwnudLaic6Jm6uGmZmTmMK0FNSV9lKqGpXuj2wC5e3oep
kuif0lysgcK3dZLSAPTjhzZ9hYJs5CnWwG7fSSpj6iSQ0Qh6eQhh7gtWWURd05q8
H/+6daMWHGwj+4QiyvoWbgHPLeJsigT1E/F8p3yXrPJEfQs5ZfGmCxRs6vbj4+wr
GgwCRGkAh7HPDUSQWGin
=SYwD
-----END PGP SIGNATURE-----
Reply to: