it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 6023-1] tiff security update
- Date: Fri, 10 Oct 2025 18:47:04 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/aOlUqExDJVEjLWiT AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=+xA9ipU2mLl+KF6g8Q+H0iwyWNC3Jbcj0ElxUBswo8k=; b=S4 4jYWk2D2W4pHZjwZTfG6TAnDNpSjs2jbk2Mbq8KKoa+QsF0mC4s0JSNHMwn0/ycurownS9BHXzLNG 7MkRJ1QoouJNywqAj83xNsUHT+J6szCL2XrMHBql0W/WHPmxDsy8XmfVYxqWYlK1dzFSuhF7T5SuZ FKSsu0+Mwo5Db2tz6anqFn/i/EyA1ewIlraV2lUgda3ECXguZ4zCdi+JobB5xrri5DLG19HMDxSZR /bng8RCBqEy/73g6YFkOCA7XgfAfNpLaJXsVXxRrFaLU9slzpqJCBe0tsH5gzEYwiCgDeXeUZQXk+ 879xRgL3K5RdszxZwzZORKG3tmOWH77w==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Fri, 10 Oct 2025 18:47:30 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <PKBhYpRcpiM.A.LnvF.CTV6oB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6023-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tiff
CVE ID : CVE-2025-9900
It was discovered that missing input sanitising in the libtiff library
could result in denial of service or potentially the execution of
arbitrary code if malformed image files are processed.
For the oldstable distribution (bookworm), this problem has been fixed
in version 4.5.0-6+deb12u3.
For the stable distribution (trixie), this problem has been fixed in
version 4.7.0-3+deb13u1.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjpVGMACgkQEMKTtsN8
TjYsNQ/+JAb8jRMA8nNw65Yu0wTjItQNHW84HkRoZh0a2ShH+4VU//8pWhorry4O
hviqderdnuMnJv7dVwO44E07LdVZww5PdOr2dvU8ica0KGD4h5GuEeCmhoRhcltK
x3cyTPXdqOaXTC54qaq4GskDBNRJiKbZXksIQQn0AiFQtN7lVvHIPGGMpYYK6sBM
bAAl0Hs84M3N4slkDMTcnlv2eF/KL5nWI8HsyI2p7CViI2oo5CkkL14K3cX6n+Oi
9Cdz6aoUhR/H8uou/yXAnVleyipFOMmTLAEGvYB7e16euEcyiuZhWWym2X1x7yjU
lB5lNRFoOar+fPSuXxofLNe3RK18GK3HKoNcJqoZPITRLwZMv80IGRDgLuzqVI+1
ZGXkp9ZpLk7A8+cdDQSzWGhN5vWWi3MLqt7s0EhqJNI+lLDTLQCdzB2Ca4msLlIJ
k/ouNAtaw28NzFX2JV6cwWEtot/Qzj/LikaQisp1+GMiXiCGE7JZgY7NmepBytw3
7IEK5MFQ6hFDGFXBC6f4omX75oBubEbd+uQvIl/+oJnlR7uCuOj/vsyxIcv88iUn
5ihr4H+sC1Fgtp3dXxwTJybuwCvoiy9X2LTKsTvIkLmrzkL325fZzr+mrw33FkQG
NKmU8+9fcmpvOBUDq1HsAa3qWYTnvVpr9YL97+De6gyvNd+Ak7s=
=1gMt
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 6023-1] tiff security update, Moritz Muehlenhoff, 10.10.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.