it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Michael Gilbert <mgilbert AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 2965-1] tiff security update
- Date: Sun, 22 Jun 2014 03:00:35 -0400
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- Old-return-path: <gilbert AT psidef.org>
- Priority: urgent
- Resent-date: Sun, 22 Jun 2014 07:00:59 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <qaojc4yclUG.A.r7.r8npTB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2965-1 security AT debian.org
http://www.debian.org/security/ Michael Gilbert
June 22, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tiff
CVE ID : CVE-2013-4243
Debian Bug : 742917
Murray McAllister discovered a heap-based buffer overflow in the gif2tiff
command line tool. Executing gif2tiff on a malicious tiff image could
result in arbitrary code execution.
For the stable distribution (wheezy), this problem has been fixed in
version 4.0.2-6+deb7u3.
For the testing distribution (jessie), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 4.0.3-9.
We recommend that you upgrade your tiff packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTpn43AAoJELjWss0C1vRzdBMgAMSF6LOZehhGi/s/gETqfDBh
5kRsWm/fjKjj+0RFivyW1o5N2DLX1Mkl5i2N6mwP7k7PkFqd4g5POWB/EmILfKB6
63UU1V2Xq8AYduj2txiYND+JUzkYKvEgBIuWWaOdQlhoa3ruTu8gEq5raA24sME5
fwkbmMGNffTRrileo/lw7I/N5wXjiBq8p/WTq9V0G3Dq0BZKMpQmneyfe3M122FG
CiBLcP48bi1b3G1fQ8EtKvaDlvfq8j55k4jiH8If0KD+t1NSZKOPiPH8voH3Oxnm
8Ijix65NPdVYQ+ZtPZDnr6qGEIbMpbmDxggzBaHX4TXfJEmYzxxt9nLIzP5zf90j
bFbP5cCub++3psoCBQ+jEh5TmILBJdU6xqPNcMOrUyCZYcDoIc8F0u1MLdmupDiY
Hlk9LLrgueVj7lyM6A5y6pWMfca0+Rir5F1TTlO1nZZv7q4KRPI3E7dgXIX19gmU
eytQSou61bYAuQJI0Cgb6G532h+xD09c4iwAu5aADiK6wKTQ5XWjdl7DjGJt4RIx
bKtuprofvaVJ1iUWaFCaRGo2fQs0Z4e8mgZtT6a0xLNZdmwmLpjgK3ngFhf1sEsf
rKYuEV9m1COm27mBo90J+4RUa7BGXh/H+mtj0zbH3UqZdfWxOlZYEOZa2VVKDlgw
Ulfn2kUOBvs+Gh68/wqoqjjILsrnzXBxjAhwJSR0/UjLcOWw54KZ+Kyw2gT0lf2Q
AoNOE9qWxk0ZNSDBI5SwH2Sf0XfDqwqoQ7YJSc6AuvsPOWXnsOdo5FHRXiKa3gVo
aBykVk4H4IcOqld4+2h+QUtTqxYYR7LdWRawzekDKXRUtyUngrCP97BbwxX8afq7
t6YSUnE5zCxgeSss1LKSx3bMi4JitJoi64g5z+hrYQRSwVzamqVBnt1aB7gT4WZh
WlqgAkjAHaiyD1XdULhpCA5N+dZKvt51C2YaN6mOnOFKsPqfWltn2R94nHzIhONl
d7tRjPd1JkXgYp5H6fK71hREGZmBEQQNbdgYI5bOWFBRb8RbtS0yzgEV3VwGDbqQ
W/f6ATDntaPGA045PS9S1EjtDG2bLBPxEs5Fk/BBxFfYntYMh/xpMCEKL5VfVcYN
uvsMvd97aHTBSvMixq6Ncrt0roE/jaWkUEU/JUXHNRWNUBInmJUGwoVI4HB2TA9c
4ih1E+XIJxwFHZAOVBKA1DUBFAA4n0BZ/UpwJnh5TT1V/+F53/msrDXZ9FVvcvCl
pontPEW/fJZbO6sC4nhJMjEjOjZv4q2JsUV2HowOhnNfhpdmvVrvcgSlgCHK00OP
Y/Qbj8g7DbsDqAOO5rOdvB69V4xWjeBMLBmEYvYZ4yX1dHG9Y2uwyXaHRJidTQE=
=ZGfn
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1WyblT-0004mM-K0 AT alpha.psidef.org">https://lists.debian.org/E1WyblT-0004mM-K0 AT alpha.psidef.org
- [IT-SecNots] [SECURITY] [DSA 2965-1] tiff security update, Michael Gilbert, 22.06.2014
Archiv bereitgestellt durch MHonArc 2.6.19.