Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 201701-35 ] Mozilla SeaMonkey: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3762-1 security ( -at -) debian.org

https://www.debian.org/security/ Laszlo Boszormenyi (GCS)

January 13, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tiff

CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945

CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315

CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321

CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875

CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448

CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534

CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538

CVE-2016-9540 CVE-2016-10092 CVE-2016-10093

CVE-2016-10094

 

Multiple vulnerabilities have been discovered in the libtiff library

and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf

and tiffsplit, which may result in denial of service, memory disclosure

or the execution of arbitrary code.

 

There were additional vulnerabilities in the tools bmp2tiff, gif2tiff,

thumbnail and ras2tiff, but since these were addressed by the libtiff

developers by removing the tools altogether, no patches are available

and those tools were also removed from the tiff package in Debian

stable. The change had already been made in Debian stretch before and

no applications included in Debian are known to rely on these scripts.

If you use those tools in custom setups, consider using a different

conversion/thumbnailing tool.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.0.3-12.3+deb8u2.

 

For the testing distribution (stretch), these problems have been fixed

in version 4.0.7-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.0.7-4.

 

We recommend that you upgrade your tiff packages.

 

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×