[SECURITY] [DLA 4026-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4026-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
January 20, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : tiff
Version : 4.2.0-1+deb11u6
CVE ID : CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433
CVE-2023-26965 CVE-2023-26966 CVE-2023-52356 CVE-2024-7006
Debian Bug :
Multiple vulnerabilities were fixed in tiff, a library and tools
providing support for the Tag Image File Format (TIFF).
CVE-2023-2908
NULL pointer dereference in tif_dir.c
CVE-2023-3316
NULL pointer dereference in TIFFClose()
CVE-2023-3618
Buffer overflow in tiffcrop
CVE-2023-25433
Buffer overflow in tiffcrop
CVE-2023-26965
Use after free in tiffcrop
CVE-2023-26966
Buffer overflow in uv_encode()
CVE-2023-52356
segfault in TIFFReadRGBAStrip()/TIFFReadRGBATile()
CVE-2024-7006
NULL pointer dereference in TIFFReadDirectory()/TIFFReadCustomDirectory()
For Debian 11 bullseye, these problems have been fixed in version
4.2.0-1+deb11u6.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmeOa4sACgkQiNJCh6LY
mLHueBAAixZGF7C+0tfZJlYlRTL89aOuzmF4AN5k1lpdy9q/zNKJbQa2ELNidpsS
2CYNZcxqX6EGqBgji374TMyn3TBWpbJlElKdBvGkRGaBg8GNE0m4dkkZ+r6vV5Gy
9KIDQgls5LyIZmITMhi9fPwfBA+8ia00Rfk2StbRcts9Rmu3zXdjEHYTpMYX43HU
j7fyvG0cXLioh/f/JIfUSsJ8b6ec0tMcaL+0BjtUHMfYVr2icSQLpX6/kOprJAko
B3V3rF6f06MC+VvfyoF+TbGBidlwJFddOBsCAgNK7049ewCn7XPz3hzONYgyjzT4
0vHExzWppNXAMeTPs8rE3romQ31nWtJvnWpzyGZiwHSm6fQOun6pbS4zD0PeGzAf
k/Eji6d2yhloB5AnVeivatl1kuDWjGNusH5PdJ/34vlWBbJhJksRhjYMDEEr8zi9
lDaf83kPYS0atWIHVPu5P8B8swsi3qFruzaXlH58iyDYrQeXuNVEGThTA9OugjmZ
u6ZLEM7p5zBlLJ/3kGeV9rtvcvDSoOyWsVAc5n63KYDyWQRMDkXLIAMmlIBJBDST
Ao093mhtVp6xY8Og7XwunrLd+sNjAFXXRccG7hcVFShVm223PTjt1LeGsqQFYuPw
4RIcTzDYV7uHXePbdQTkdWjvwmNVpq/lENmlfiTD4yE3ub2sDJo=
=viBQ
-----END PGP SIGNATURE-----
Reply to: