Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4593-1] freeimage security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4593-1] freeimage security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4593-1] freeimage security update
  • Date: Fri, 27 Dec 2019 22:12:01 +0000
  • List-archive: https://lists.debian.org/msgid-search/20191227221201.rfyv7qpq3n5hpn67 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 27 Dec 2019 22:12:21 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <PY8U62xjCiK.A.xlH.FHoBeB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4593-1 security AT debian.org
https://www.debian.org/security/ Hugo Lefeuvre
December 27, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : freeimage
CVE ID : CVE-2019-12211 CVE-2019-12213
Debian Bug : 929597

It was found that freeimage, a graphics library, was affected by the
following two security issues:

CVE-2019-12211

Heap buffer overflow caused by invalid memcpy in PluginTIFF. This
flaw might be leveraged by remote attackers to trigger denial of
service or any other unspecified impact via crafted TIFF data.

CVE-2019-12213

Stack exhaustion caused by unwanted recursion in PluginTIFF. This
flaw might be leveraged by remote attackers to trigger denial of
service via crafted TIFF data.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.17.0+ds1-5+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 3.18.0+ds2-1+deb10u1.

We recommend that you upgrade your freeimage packages.

For the detailed security status of freeimage please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/freeimage

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl4GgCUACgkQEMKTtsN8
TjYEAhAAlG23fvEZtYYEB7RDesOVnBYEtjAmSCDaomqEOJFcvUtMHkkHZ4x4vcg9
w3X2FyRynTfZ75r0fp0cMs1ocrfa7SVaVmVBVi3fd/4nEzJtrjGcHAYwMrw7F2DH
GZ7+PBQSuNYd4k87RQl2xKvlRNIH4ifbZnIdpVsiuOEPFt8vlLYgh/31lIzrdT/v
YwPV7rdY7/3yNIUV7XOdhGKZ/esipZRPQLes3nduq5A9wo8kGwbQPnVMzLBLAwIH
T1bMStWau0Wbb7sXSr19LbkxBBVyDP9sZ/1rQfNLxHQFtg/zJfj0kfC1N4//1IrC
HVXU4BF0KMiyCi+Zk08c0S1d3Wt+f++wzKegOwgqII5qVurAaBqHcveu2tahVbuo
oQr+ObI3AlREWuhI6WE1u8KwTi5EKvUTkqJtoegX90GAilNMDs34JgjuyC7EB9vn
sows7yzH/UnLti+1TBHaux45cu5UU5p4QKVunvizs2YR34xITWPJ2Zv+b8/LCm3/
ZuXdwdyn2HU/C8wTFnPlk3d9I6nGcPaVmGwH9/zhRU8DV5ERf2Nqqfyk4LPW4hkj
TcegCC/Ti45/yceQ5ELn4Yo9B+clQIQscxrUtA5DaZwSlvXMaVfoDFK6vZnbaDY7
fsRA17VCzc1+L7iHhs0WUks145MW97FsEAU4uCoKdH+jlcBhSoc=
=PzJY
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4593-1] freeimage security update, Moritz Muehlenhoff, 27.12.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang