[SECURITY] [DLA 610-1] tiff3 security update

Type debian
Reporter Debian
Modified 2016-09-04T22:05:02


Package : tiff3 Version : 3.9.6-11+deb7u1 CVE ID : CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875 CVE-2016-6223

Several security vulnerabilities were discovered in tiff3, a library providing support for the Tag Image File Format (TIFF). An attacker could take advantage of these flaws to cause a denial-of-service against an application using the libtiff4 or libtiffxx0c2 library (application crash), or potentially execute arbitrary code with the privileges of the user running the application.

For Debian 7 "Wheezy", these problems have been fixed in version 3.9.6-11+deb7u1.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS