[SECURITY] [DLA 1680-1] tiff security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1680-1] tiff security update
From: Brian May <bam@debian.org>
Date: Mon, 18 Feb 2019 18:13:17 +1100
Message-id: <[🔎] 20190218071317.24msksmtmy7pjaka@silverfish.pri>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : tiff
Version        : 4.0.3-12.3+deb8u8
CVE ID         : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663


Brief introduction 

CVE-2018-17000

    A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c
    (called from TIFFWriteDirectoryTagTransferfunction) allows an
    attacker to cause a denial-of-service through a crafted tiff file. This
    vulnerability can be triggered by the executable tiffcp.

CVE-2018-19210

    There is a NULL pointer dereference in the TIFFWriteDirectorySec function
    in tif_dirwrite.c that will lead to a denial of service attack, as
    demonstrated by tiffset.

CVE-2019-7663

    An Invalid Address dereference was discovered in
    TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c,
    affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote
    attackers could leverage this vulnerability to cause a denial-of-service
    via a crafted tiff file.

    We believe this is the same as CVE-2018-17000 (above).

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u8.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlxqUl8ACgkQKpJZkldk
Svp6Rg//WyvFJG2F/3814EV8T61Vc2MvnaYHDAQzaH14SdN4USX/X6h0ylvLwD0y
PSZ2OgcT2i86SZcjF3Fpd0n3mPkIYxNlF2fwimmKNoniBIDiZSIGFCFo3F55Y132
tS8OBMrzLt6DU4V83EDjM/fKbVZLFezDzTiUsVH2tdFCgpxcK+e4eppSAqHXobKH
uymEQDC9+/fBs6UWReFOB+AY16JA6QBzW7U0VyENpQWHFbyteamqF3Y8K+4Gm3RB
NW+Jn31cdO0NUZtwfcE6epDazvq/TJ4epADOtBLGUc7rLRvrxIENjMyOiPwC7R8N
yJbHM5mmz0Z5GswDtohhFoWg0EpcXlXMkW38moDSwEEJ5EE0TYF2aXrLg6aJw4Eb
o7zOlQbLIvuaJkvAUInBhPHiuHq2iCVZV8Mlyp7TjB46dokwGpXzetf2/qSF5Mp8
uJKQ2B5vYfDs6681AMJmcOLbWSEXNr8K75tOZfdWPEDPST0XhYUHprjEVGQ3Y823
NxCOk+M+WQ4cZDXHNVFH/9pSpJyzsKYdBAiw7rVJO/20lXPMBuEvCrXqDvGW1WgA
TqPrPj9TOlyWAsN0cBSRy9yVsD66jKJBo/f0qzu50/WWpRAQdo3NbqE9wQPdZdl6
8R6HbU69byxURIM+IS0H9dfqAIxW3sKy+WgKZYgDDzW7ERGA1hU=
=wy9I
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1679-1] php5 security update
Next by Date: [SECURITY] [DLA 1681-1] gsoap security update
Previous by thread: [SECURITY] [DLA 1679-1] php5 security update
Next by thread: [SECURITY] [DLA 1681-1] gsoap security update
Index(es):
- Date
- Thread