it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5361-1] tiff security update

From: Aron Xu <aron AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5361-1] tiff security update
Date: Fri, 24 Feb 2023 08:12:14 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1pVTBe-004d3O-PT AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=WF7JHosX5ut2fbXt1FiK7BffvGM5vlb/sU/2LzyEAsU=; b=VR NpfzlbQI63siFf0zp+82MoYRkTPuXfhZIIq9Dm3tGDJGV+ddzEl6t4yD5CSz/tO6ceOq8U+nBQ0oZ 91y2JZ0fRVQm3ajaXFjF+S061ZTMxpFIeE9mGxMLnk/c0jITcMXced1O6r+HGxkwEy6R4e1ZNegQY 63wpB9xDXZ7tVZDCV3VAhEVVY/Um7VQhGqdlu4huMvA5VkeCWRjbn4L8OTwONf+jAw9am2D/PzRR1 y0XX2RomNzv2Awdbyd45DprTPHQilwQrZ0lM+3R4N6No7nAtqSP0WZkVz7PqF8SiRIAraLwddrAwT JyYEJB8F3YzLwpCl3wm1dNdsZh+ID98Q==;
Old-return-path: <aron AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 24 Feb 2023 08:12:43 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <A7H3xdxmzpI.A.7UF.7FH-jB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5361-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
February 24, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tiff
CVE ID : CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798
CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802
CVE-2023-0803 CVE-2023-0804
Debian Bug : 1031632

Several flaws were found in tiffcrop, a program distributed by tiff, the Tag
Image File Format (TIFF) library and tools. A specially crafted tiff file
can lead to an out-of-bounds write or read resulting in a denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 4.2.0-1+deb11u4.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmP4cKgACgkQO1LKKgqv
2VQfDAf+MqPWnZDOJE9ODll1HaWwwgphMDKkusbI8M+zTBC5MWCmDP40tCw5BFfH
alYN28L1mtlxYVCZir98bzbhCm7U5hSfj2kEutTlNnjw+cQMLuezyeeeG7VjOODe
MB1BtANLhPVdLgOtHo+8Hp7131RiyI9rXb62m8zCcSFAcrBeylsvvovDvJnEqQWf
mEoPngkTWxXxiUlJcrQPen17PTRx1mqsLMX2ngYssOP97BfO5RUxPWmFneuRvCTl
+YhvFR0c8gFYpG7sErVXf/R8TRLsoIpPc7LwEIGsibhE44iNMM9mOz89pKfw7a0b
LLHFjW8hzJ+7QB3YADVogXvqGTwb0Q==
=qsxY
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5361-1] tiff security update, Aron Xu, 24.02.2023

Archiv bereitgestellt durch MHonArc 2.6.24.