[SECURITY] [DLA 402-1] tiff security update

2016-01-2616:43:46

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Package : tiff
Version : 3.9.4-5+squeeze13
CVE ID : CVE-2015-8665 CVE-2015-8683
Debian Bug : 809021 808968

Two security flaws have been found and solved in libtiff, library that provides
support for handling Tag Image File Format (TIFF). These flaws concern out of
bounds reads in the TIFFRGBAImage interface, when parsing unsupported values
related to LogLUV and CIELab. CVE-2015-8665 was reported by limingxing and
CVE-2015-8683 by zzf of Alibaba.

For Debian 6 "Squeeze", these issues have been fixed in tiff version
3.9.4-5+squeeze13. We recommend you to upgrade your tiff packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-i386libtiff5-alt-dev< 4.0.2-6+deb7u5libtiff5-alt-dev_4.0.2-6+deb7u5_kfreebsd-i386.deb
Debian6i386libtiff4< 3.9.4-5+squeeze13libtiff4_3.9.4-5+squeeze13_i386.deb
Debian8ppc64ellibtiff-opengl< 4.0.3-12.3+deb8u1libtiff-opengl_4.0.3-12.3+deb8u1_ppc64el.deb
Debian7armhflibtiffxx0c2< 3.9.6-11+deb7u1libtiffxx0c2_3.9.6-11+deb7u1_armhf.deb
Debian7powerpclibtiff5-dev< 4.0.2-6+deb7u5libtiff5-dev_4.0.2-6+deb7u5_powerpc.deb
Debian7kfreebsd-amd64libtiff-opengl< 4.0.2-6+deb7u5libtiff-opengl_4.0.2-6+deb7u5_kfreebsd-amd64.deb
Debian7s390xlibtiff5-dev< 4.0.2-6+deb7u5libtiff5-dev_4.0.2-6+deb7u5_s390x.deb
Debian7i386libtiff4< 3.9.6-11+deb7u1libtiff4_3.9.6-11+deb7u1_i386.deb
Debian7s390xlibtiff5< 4.0.2-6+deb7u5libtiff5_4.0.2-6+deb7u5_s390x.deb
Debian6amd64libtiff4< 3.9.4-5+squeeze13libtiff4_3.9.4-5+squeeze13_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-i386	libtiff5-alt-dev	< 4.0.2-6+deb7u5	libtiff5-alt-dev_4.0.2-6+deb7u5_kfreebsd-i386.deb
Debian	6	i386	libtiff4	< 3.9.4-5+squeeze13	libtiff4_3.9.4-5+squeeze13_i386.deb
Debian	8	ppc64el	libtiff-opengl	< 4.0.3-12.3+deb8u1	libtiff-opengl_4.0.3-12.3+deb8u1_ppc64el.deb
Debian	7	armhf	libtiffxx0c2	< 3.9.6-11+deb7u1	libtiffxx0c2_3.9.6-11+deb7u1_armhf.deb
Debian	7	powerpc	libtiff5-dev	< 4.0.2-6+deb7u5	libtiff5-dev_4.0.2-6+deb7u5_powerpc.deb
Debian	7	kfreebsd-amd64	libtiff-opengl	< 4.0.2-6+deb7u5	libtiff-opengl_4.0.2-6+deb7u5_kfreebsd-amd64.deb
Debian	7	s390x	libtiff5-dev	< 4.0.2-6+deb7u5	libtiff5-dev_4.0.2-6+deb7u5_s390x.deb
Debian	7	i386	libtiff4	< 3.9.6-11+deb7u1	libtiff4_3.9.6-11+deb7u1_i386.deb
Debian	7	s390x	libtiff5	< 4.0.2-6+deb7u5	libtiff5_4.0.2-6+deb7u5_s390x.deb
Debian	6	amd64	libtiff4	< 3.9.4-5+squeeze13	libtiff4_3.9.4-5+squeeze13_amd64.deb