[SECURITY] [DLA 1260-1] tiff3 security update

2018-01-2720:12:34

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Package : tiff3
Version : 3.9.6-11+deb7u9
CVE ID : CVE-2017-18013
Debian Bug : 885985

A vulnerability has been discovered in the libtiff image processing
library which may result in an application crash and denial of
service.

CVE-2017-18013

NULL pointer dereference via crafted TIFF image

For Debian 7 "Wheezy", these problems have been fixed in version
3.9.6-11+deb7u9.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9s390xlibtiff-opengl< 4.0.8-2+deb9u2libtiff-opengl_4.0.8-2+deb9u2_s390x.deb
Debian9armellibtiff-opengl< 4.0.8-2+deb9u2libtiff-opengl_4.0.8-2+deb9u2_armel.deb
Debian8armhflibtiffxx5< 4.0.3-12.3+deb8u5libtiffxx5_4.0.3-12.3+deb8u5_armhf.deb
Debian8mipsellibtiffxx5< 4.0.3-12.3+deb8u5libtiffxx5_4.0.3-12.3+deb8u5_mipsel.deb
Debian7alltiff< 4.0.2-6+deb7u18tiff_4.0.2-6+deb7u18_all.deb
Debian9mipsellibtiffxx5-dbgsym< 4.0.8-2+deb9u2libtiffxx5-dbgsym_4.0.8-2+deb9u2_mipsel.deb
Debian7armhflibtiffxx0c2< 3.9.6-11+deb7u9libtiffxx0c2_3.9.6-11+deb7u9_armhf.deb
Debian7armhflibtiff-tools< 4.0.2-6+deb7u18libtiff-tools_4.0.2-6+deb7u18_armhf.deb
Debian8s390xlibtiff-tools< 4.0.3-12.3+deb8u5libtiff-tools_4.0.3-12.3+deb8u5_s390x.deb
Debian8ppc64ellibtiff-tools< 4.0.3-12.3+deb8u5libtiff-tools_4.0.3-12.3+deb8u5_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	s390x	libtiff-opengl	< 4.0.8-2+deb9u2	libtiff-opengl_4.0.8-2+deb9u2_s390x.deb
Debian	9	armel	libtiff-opengl	< 4.0.8-2+deb9u2	libtiff-opengl_4.0.8-2+deb9u2_armel.deb
Debian	8	armhf	libtiffxx5	< 4.0.3-12.3+deb8u5	libtiffxx5_4.0.3-12.3+deb8u5_armhf.deb
Debian	8	mipsel	libtiffxx5	< 4.0.3-12.3+deb8u5	libtiffxx5_4.0.3-12.3+deb8u5_mipsel.deb
Debian	7	all	tiff	< 4.0.2-6+deb7u18	tiff_4.0.2-6+deb7u18_all.deb
Debian	9	mipsel	libtiffxx5-dbgsym	< 4.0.8-2+deb9u2	libtiffxx5-dbgsym_4.0.8-2+deb9u2_mipsel.deb
Debian	7	armhf	libtiffxx0c2	< 3.9.6-11+deb7u9	libtiffxx0c2_3.9.6-11+deb7u9_armhf.deb
Debian	7	armhf	libtiff-tools	< 4.0.2-6+deb7u18	libtiff-tools_4.0.2-6+deb7u18_armhf.deb
Debian	8	s390x	libtiff-tools	< 4.0.3-12.3+deb8u5	libtiff-tools_4.0.3-12.3+deb8u5_s390x.deb
Debian	8	ppc64el	libtiff-tools	< 4.0.3-12.3+deb8u5	libtiff-tools_4.0.3-12.3+deb8u5_ppc64el.deb