[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2777-1] tiff security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2777-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
October 03, 2021                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : tiff
Version        : 4.0.8-2+deb9u7
CVE ID         : CVE-2020-19131 CVE-2020-19144

Two security issues were found in TIFF, a widely used format for
storing image data, as follows:

CVE-2020-19131

    Buffer Overflow in LibTiff allows attackers to cause
    a denial of service via the "invertImage()" function
    in the component "tiffcrop".

CVE-2020-19144

    Buffer Overflow in LibTiff allows attackers to cause
    a denial of service via the 'in _TIFFmemcpy' funtion
    in the component 'tif_unix.c'.

For Debian 9 stretch, these problems have been fixed in version
4.0.8-2+deb9u7.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFh178ACgkQDTl9HeUl
XjDiNQ/+Oj6juJ04ey0Crr+s6fd/R1wR7SyF80J7nVTwPT0bU5f/4MB5R+/kIg0v
P3FE5wE71gaeQ/yuRRT0DQgUiQoSj4N1LB0TubcB96x4KfAyc2Hm7qp85DRPNfx3
ZIO6wbsgmEb7xwQzoV7Y3fJzRIf+ato5ZxqvUPltENV+oplTOKLce0n7iWj1g2O/
5B1Yam67fGbE1eO54dgQ0DqdjdEnXMiGNMapd8I3IEEkZY54+pNltKpN9J35lkI1
w51aZ59s+nvjbdkpZ+miHMYrq4xNhCNHPia8Om7SYYVDBC3ABw3KaPu82M2Y7Vex
vzuCizJCT31uLEeVO48Pf6dJHzx3aobBt+G9zMVLr2c6QTn46k0OSd5yIy/gvIZu
0P4srk+RGLN9qd0MYVUudmj2B7/wJIYt4NdS4Qb0NyFOKyHQrCQpCOE8tkb4y35z
9uAZJtFIVtEDxXNca/08yF3X4j5Jt4rlyhPWI4JutOWNaYXJ1nQ+6hS4BkZy9O0d
TVP59wLeiWhmHtjVQbJXjJK+Ajb15c4FsqxSCfvFM4p3Qz6E9a8iPPXO0y2gn480
8dJeb9oOgMkmeWhaRefTyEzhctCO55oUuOncKLSXBanxPMWszWFWrV56Ig8MxAZJ
Hx7IONfyWr/GCmy0AFUY6T7gS/FDPHJHTMRsFI50ogj61bdCELo=
=1VJN
-----END PGP SIGNATURE-----
Reply to: