[SECURITY] [DLA 405-1] tiff security update

2016-01-3013:24:07

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Package : tiff
Version : 3.9.4-5+squeeze14
CVE ID : CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784
Debian Bug :

Several security flaws have been found and solved in libtiff, a
library that provides support for handling Tag Image File Format
(TIFF). These flaws concern out of bounds reads and writes in the
LogL16Decode, LogLuvDecode24, LogLuvDecode32, LogLuvDecodeTile,
LogL16Encode, LogLuvEncode24, LogLuvEncode32 and NeXTDecode functions.

These IDs were assigned for the problems: CVE-2015-8781,
CVE-2015-8782, CVE-2015-8783 and CVE-2015-8784.

For Debian 6 "Squeeze", these issues have been fixed in tiff version
3.9.4-5+squeeze14. We recommend you to upgrade your tiff packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-amd64libtiff5-dev< 4.0.3-12.3+deb8u1libtiff5-dev_4.0.3-12.3+deb8u1_kfreebsd-amd64.deb
Debian7i386libtiffxx0c2< 3.9.6-11+deb7u4libtiffxx0c2_3.9.6-11+deb7u4_i386.deb
Debian7kfreebsd-amd64libtiff5< 4.0.2-6+deb7u5libtiff5_4.0.2-6+deb7u5_kfreebsd-amd64.deb
Debian7powerpclibtiff-tools< 4.0.2-6+deb7u5libtiff-tools_4.0.2-6+deb7u5_powerpc.deb
Debian8alltiff< 4.0.3-12.3+deb8u1tiff_4.0.3-12.3+deb8u1_all.deb
Debian8armhflibtiff5-dev< 4.0.3-12.3+deb8u1libtiff5-dev_4.0.3-12.3+deb8u1_armhf.deb
Debian6amd64libtiff4-dev< 3.9.4-5+squeeze14libtiff4-dev_3.9.4-5+squeeze14_amd64.deb
Debian7armellibtiff-tools< 4.0.2-6+deb7u5libtiff-tools_4.0.2-6+deb7u5_armel.deb
Debian7alllibtiff-doc< 4.0.2-6+deb7u5libtiff-doc_4.0.2-6+deb7u5_all.deb
Debian7armellibtiff4< 3.9.6-11+deb7u4libtiff4_3.9.6-11+deb7u4_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	kfreebsd-amd64	libtiff5-dev	< 4.0.3-12.3+deb8u1	libtiff5-dev_4.0.3-12.3+deb8u1_kfreebsd-amd64.deb
Debian	7	i386	libtiffxx0c2	< 3.9.6-11+deb7u4	libtiffxx0c2_3.9.6-11+deb7u4_i386.deb
Debian	7	kfreebsd-amd64	libtiff5	< 4.0.2-6+deb7u5	libtiff5_4.0.2-6+deb7u5_kfreebsd-amd64.deb
Debian	7	powerpc	libtiff-tools	< 4.0.2-6+deb7u5	libtiff-tools_4.0.2-6+deb7u5_powerpc.deb
Debian	8	all	tiff	< 4.0.3-12.3+deb8u1	tiff_4.0.3-12.3+deb8u1_all.deb
Debian	8	armhf	libtiff5-dev	< 4.0.3-12.3+deb8u1	libtiff5-dev_4.0.3-12.3+deb8u1_armhf.deb
Debian	6	amd64	libtiff4-dev	< 3.9.4-5+squeeze14	libtiff4-dev_3.9.4-5+squeeze14_amd64.deb
Debian	7	armel	libtiff-tools	< 4.0.2-6+deb7u5	libtiff-tools_4.0.2-6+deb7u5_armel.deb
Debian	7	all	libtiff-doc	< 4.0.2-6+deb7u5	libtiff-doc_4.0.2-6+deb7u5_all.deb
Debian	7	armel	libtiff4	< 3.9.6-11+deb7u4	libtiff4_3.9.6-11+deb7u4_armel.deb