[SECURITY] [DSA 3844-1] tiff security update

2017-05-0321:06:19

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

Debian Security Advisory DSA-3844-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 03, 2017 https://www.debian.org/security/faq

Package : tiff
CVE ID : CVE-2016-3658 CVE-2016-9535 CVE-2016-10266
CVE-2016-10267 CVE-2016-10269 CVE-2016-10270
CVE-2017-5225 CVE-2017-7592 CVE-2017-7593
CVE-2017-7594 CVE-2017-7595 CVE-2017-7596
CVE-2017-7597 CVE-2017-7598 CVE-2017-7599
CVE-2017-7600 CVE-2017-7601 CVE-2017-7602

Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service, memory
disclosure or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 4.0.3-12.3+deb8u3.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 4.0.7-6.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.7-6.

We recommend that you upgrade your tiff packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armhflibtiff-opengl< 4.0.3-12.3+deb8u3libtiff-opengl_4.0.3-12.3+deb8u3_armhf.deb
Debian7amd64libtiff-tools< 4.0.2-6+deb7u13libtiff-tools_4.0.2-6+deb7u13_amd64.deb
Debian8s390xlibtiff5-dev< 4.0.3-12.3+deb8u3libtiff5-dev_4.0.3-12.3+deb8u3_s390x.deb
Debian7armhflibtiff-tools< 4.0.2-6+deb7u13libtiff-tools_4.0.2-6+deb7u13_armhf.deb
Debian8mipsellibtiff-tools< 4.0.3-12.3+deb8u3libtiff-tools_4.0.3-12.3+deb8u3_mipsel.deb
Debian7amd64libtiff5< 4.0.2-6+deb7u13libtiff5_4.0.2-6+deb7u13_amd64.deb
Debian7armhflibtiff5< 4.0.2-6+deb7u13libtiff5_4.0.2-6+deb7u13_armhf.deb
Debian8kfreebsd-amd64libtiff5< 4.0.3-12.3+deb8u3libtiff5_4.0.3-12.3+deb8u3_kfreebsd-amd64.deb
Debian8amd64libtiffxx5< 4.0.3-12.3+deb8u3libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb
Debian8kfreebsd-i386libtiff5< 4.0.3-12.3+deb8u3libtiff5_4.0.3-12.3+deb8u3_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armhf	libtiff-opengl	< 4.0.3-12.3+deb8u3	libtiff-opengl_4.0.3-12.3+deb8u3_armhf.deb
Debian	7	amd64	libtiff-tools	< 4.0.2-6+deb7u13	libtiff-tools_4.0.2-6+deb7u13_amd64.deb
Debian	8	s390x	libtiff5-dev	< 4.0.3-12.3+deb8u3	libtiff5-dev_4.0.3-12.3+deb8u3_s390x.deb
Debian	7	armhf	libtiff-tools	< 4.0.2-6+deb7u13	libtiff-tools_4.0.2-6+deb7u13_armhf.deb
Debian	8	mipsel	libtiff-tools	< 4.0.3-12.3+deb8u3	libtiff-tools_4.0.3-12.3+deb8u3_mipsel.deb
Debian	7	amd64	libtiff5	< 4.0.2-6+deb7u13	libtiff5_4.0.2-6+deb7u13_amd64.deb
Debian	7	armhf	libtiff5	< 4.0.2-6+deb7u13	libtiff5_4.0.2-6+deb7u13_armhf.deb
Debian	8	kfreebsd-amd64	libtiff5	< 4.0.3-12.3+deb8u3	libtiff5_4.0.3-12.3+deb8u3_kfreebsd-amd64.deb
Debian	8	amd64	libtiffxx5	< 4.0.3-12.3+deb8u3	libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb
Debian	8	kfreebsd-i386	libtiff5	< 4.0.3-12.3+deb8u3	libtiff5_4.0.3-12.3+deb8u3_kfreebsd-i386.deb