[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2694-1] tiff security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2694-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 28, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tiff
Version        : 4.0.8-2+deb9u6
CVE ID         : CVE-2020-35523 CVE-2020-35524


Two vulnerabilities have been discovered in the libtiff library and the
included tools, which may result in denial of service or the execution
of arbitrary code if malformed image files are processed.


For Debian 9 stretch, these problems have been fixed in version
4.0.8-2+deb9u6.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDZA9tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEey1g/9GXpOkzehU7F4pAqhpA4/OW2gCZVE3Msbh1awoxvg4oViDz0Q51q4EcVw
a/pXFZ8U8P8dkboo3dUaVzf6GKEWBXSGYOzJ1ogEEb9u7dhDiErr5kUeLV8sFAP3
AZVsM81aS9RHKSLv82eYyghvL4LvkEt3N2pxiElBd7oy2SRYRfMSDEZlDYZbmNR5
55cnCE8iJVhv1EJEPnFd/OZsynHdQEgF2CCd3hrKmjY97VHxe9kHkhrbsQjDzwwg
taWWR3ypR19/JWAJUp5r2ikv9s8ZZXHp92hBIFlIoLzfVy1AYmFvbD7w2woeuJbQ
5avOnUuuN0OpMgRGoE3TI4Gi9pbyoXJG+RhrShNZMuOt/0rwuOpsvllcLBVfO6T6
76vZQRpWKbUPeU2uzSb0nOCf35utnA4kXvtXRq77qN9Ob3WLQz/uPb6jH49EFnCM
ZLbGjhG85v0nOp/JGFQGXhBg8ah1tNobnTbXsCCeGQQv1ja4w30ru0vXIKKcnizL
IpqLkzV8WKR7F7LivUvFRzdgpgGSu/wXHSpIDhy0qC687OIUXEH6P7goKBPMdIdZ
NzZ9goPEHNgtZFr8yiM4pQ4qVVRAaKTPRm5P0mdhYGTsjpYhGS36mwMzQuEEhVCP
ylHMnP9XtRirg9z5sIfjLeK7IGTgE5Mkr6n9va79sekjGOSOrak=
=YOqX
-----END PGP SIGNATURE-----


Reply to: