[SECURITY] [DLA 2777-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2777-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
October 03, 2021 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : tiff
Version : 4.0.8-2+deb9u7
CVE ID : CVE-2020-19131 CVE-2020-19144
Two security issues were found in TIFF, a widely used format for
storing image data, as follows:
CVE-2020-19131
Buffer Overflow in LibTiff allows attackers to cause
a denial of service via the "invertImage()" function
in the component "tiffcrop".
CVE-2020-19144
Buffer Overflow in LibTiff allows attackers to cause
a denial of service via the 'in _TIFFmemcpy' funtion
in the component 'tif_unix.c'.
For Debian 9 stretch, these problems have been fixed in version
4.0.8-2+deb9u7.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFh178ACgkQDTl9HeUl
XjDiNQ/+Oj6juJ04ey0Crr+s6fd/R1wR7SyF80J7nVTwPT0bU5f/4MB5R+/kIg0v
P3FE5wE71gaeQ/yuRRT0DQgUiQoSj4N1LB0TubcB96x4KfAyc2Hm7qp85DRPNfx3
ZIO6wbsgmEb7xwQzoV7Y3fJzRIf+ato5ZxqvUPltENV+oplTOKLce0n7iWj1g2O/
5B1Yam67fGbE1eO54dgQ0DqdjdEnXMiGNMapd8I3IEEkZY54+pNltKpN9J35lkI1
w51aZ59s+nvjbdkpZ+miHMYrq4xNhCNHPia8Om7SYYVDBC3ABw3KaPu82M2Y7Vex
vzuCizJCT31uLEeVO48Pf6dJHzx3aobBt+G9zMVLr2c6QTn46k0OSd5yIy/gvIZu
0P4srk+RGLN9qd0MYVUudmj2B7/wJIYt4NdS4Qb0NyFOKyHQrCQpCOE8tkb4y35z
9uAZJtFIVtEDxXNca/08yF3X4j5Jt4rlyhPWI4JutOWNaYXJ1nQ+6hS4BkZy9O0d
TVP59wLeiWhmHtjVQbJXjJK+Ajb15c4FsqxSCfvFM4p3Qz6E9a8iPPXO0y2gn480
8dJeb9oOgMkmeWhaRefTyEzhctCO55oUuOncKLSXBanxPMWszWFWrV56Ig8MxAZJ
Hx7IONfyWr/GCmy0AFUY6T7gS/FDPHJHTMRsFI50ogj61bdCELo=
=1VJN
-----END PGP SIGNATURE-----
Reply to: