Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1103 tiff security update 4 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libtiff Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-7602 CVE-2017-7601 CVE-2017-7600 CVE-2017-7599 CVE-2017-7598 CVE-2017-7597 CVE-2017-7596 CVE-2017-7595 CVE-2017-7594 CVE-2017-7593 CVE-2017-7592 CVE-2017-5225 CVE-2016-10270 CVE-2016-10269 CVE-2016-10267 CVE-2016-10266 CVE-2016-9535 CVE-2016-3658 Reference: ESB-2017.0814 ESB-2017.0534 ESB-2017.0304 ESB-2017.0114 Original Bulletin: http://www.debian.org/security/2017/dsa-3844 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3844-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-3658 CVE-2016-9535 CVE-2016-10266 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u3. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.0.7-6. For the unstable distribution (sid), these problems have been fixed in version 4.0.7-6. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkKRdoACgkQEMKTtsN8 TjbMcw//f0VJNmMflOto4WH265ya5DVXZLqekecdrUWOBn4Q1IfzjJPsIH1eJRuc caJEbFn2qOqAauZj4KZvOKoo74tCPEiME03mcXm5CneKVMhyUYtou8GC/HqbtlFQ 0A0I/ckKUwpWci52jO6Hm643G8wj6FluHP0lvcQjj6RFxsaplrgLX+yiuRlKam65 yWkRx+9MJDHj7jWFfOazbTAJK/Ed5vUBmK3b5kaNJDfFh8ygXRldWQA3cigiYklZ xC3l04noC2u6TtKIAXAMTCrcWYOweiUHlqkINjmvE8xmRM9Sj2hEzBVYI3qcgcUv pmsOHYUcBJRcPoqNEUSYDqP3Xdf6bP2kEC4zXluaJAw/fFb2vAxn3I/E5sNREElf cNtUTWCtBvUn5UPQEIgs1FiGh4a+dqN7YWyedmOR52PXdkudPJz0K9R+PHIWClfh WnK5LUdmK7VaDO5y38HWt26rEackKpUyD+FIGo5onw4Q2slgmQg5dar5+4XzeBLj TiVzj+ffqJnqSTUrk7CBhD6BThQMmi82QzmhRouRHzkHVLekzB61fiJA7UcDwlN6 GlU4+ZMyNXU2BGxAvoKXCvN45Z3/8VdX64Q+ZQDozrepebmRI7L1xEh2/H9iSFZ/ Kp3L6iI2s4q/99blg72j27XAJMzMFaBuzfJVczgHlugkv5rA6V8= =b6ZG - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWQq0MIx+lLeg9Ub1AQj09A/+NUNP9aGH3BBRoYHsfraNwg6auN98DPNT 7hsJqk2/G6GisYJRJ1eFn+tnKa1XlJyYQ8Ok5L2LCA6QkQ+b1nKucdeDfVw+iyiK bCTk5CLqEMXIyhiOFVdxXYZluZe73hGp6w+CztDIKkBNROXsGFZM4zDQAUkdpLrn 7vjtvyvs3Q2RkYuQsoCdG8B9dEKJKHBBP25aDS3/gv18z8R2YI33ooPDgVP3EDni vSEoBDvrhJsvi8V/UdE2I58csod4dX/tDBe6N6PdHOSTiyxBd8bElzzhZHk3/mEg TDK1ypjhcsQ5YAnQAQxIKly7HSfTZMNsp2G7Ztkc0K6hWB/uMB2j50KvMhN+GFRe 4Iu7aV/EmnOWQkgs9AMAqwzT1OxZ6ySvJDj/i/PPV7+22v5eE8SxfApoGrlJNl4V AUOmTXkMm5NsKVPI5M0zYXaSPz5EzZ5j/wwzjqvzD13l9i1pNVZq0owUjJFfWu3q 6idyzN4nwhgJ8KkcAaIXWYzAHIJGzng/QPgHhhOnunckeEqEc5n2GIT7MfulbS1f IiwNk0/fqlQtQI7zBDvVjB6hpVrbeXI+QgzsX88hplzy58CUDh7jSdPjidWG1j6x 4Cq8MkdI90qE1EbBxdej36kvWuRdg2sfXiHppOkC7/WzxRfo23trC5DEkLf6r27s 7lxlPLhQ2Ek= =dTGI -----END PGP SIGNATURE-----