[SECURITY] [DLA 2009-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : tiff
Version : 4.0.3-12.3+deb8u10
CVE ID : CVE-2017-17095 CVE-2018-12900 CVE-2018-18661
CVE-2019-6128 CVE-2019-17546
Several issues have been found in tiff, a Tag Image File Format library.
CVE-2019-17546
The RGBA interface contains an integer overflow that might lead
to heap buffer overflow write.
CVE-2019-6128
A memory leak exists due to missing cleanup code.
CVE-2018-18661
In case of exhausted memory there is a null pointer dereference
in tiff2bw.
CVE-2018-12900
Fix for heap-based buffer overflow, that could be used to crash an
application or even to execute arbitrary code (with the permission
of the user running this application).
CVE-2017-17095
A crafted tiff file could lead to a heap buffer overflow in pal2rgb.
For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u10.
We recommend that you upgrade your tiff packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3dmCZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd9LRAAr0Rd9+KqBflydKwo6NKuLGRNHI4G+mFPOMBIN+MSro1LwkZ9TeSyB9C7
62ANXPSZb5Se/ICFsv7GtmvAzsDJep0JF7IEiIoT48FFVCMGmfoNF9Z+Kac8ZnBI
bSN47mJuLQ1Qd/gdxnzftZdIVREpGfAn0nV2koU5hs5dHKe+7Pz5Ol3zikUmmXbj
oB4xRCcpdgDF0YMQd9VJUtZGiBvnzY5ODlOxHPA1c75rdAG76YL3GKdN5BDmkktc
eVjTdU8lRYa7lZFRDDpT7Re6KM6eP11u2N4CDLd9Dzf8daHzELtIV5Dvi3LnYFq2
LK9jH7nMwjr1OQVaGBEfyO1ytSN5yellUYtKAsVJwql+LvXSpxaOBU1VVuoBxeBd
j9sIazEgkQJSXKESuzSRjQsZxxTGobAQh07LKJ6oJgs2C8V6JlXn4ais2V28AOPV
shUE4zeZumShqWDXpXDzipzFyHBYjE6YKARJAK65s7PlvzvjVzIAgbIjuQV7HauJ
MHisL77Yb5lZnkkHu8pFH93FJ5v339N3sirPHMT/khkZnQNiqI8JIKazs0QOi7f7
OiFyjjWuUjVQh87eih3pSdcCRNFTHCiMuYdVmlTnxkg+1nf0Kih+V1PQm+lYNNa8
BpoMiqTGkr7o7evywxp7fAPkRqUVMqtNQMuXd4MnJdgwlsNA14E=
=l51z
-----END PGP SIGNATURE-----
Reply to: