Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0893
tiff security update
15 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: tiff
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35524 CVE-2020-35523
Reference: ESB-2021.0715
Original Bulletin:
http://www.debian.org/security/2021/dsa-4869
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4869-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : tiff
CVE ID : CVE-2020-35523 CVE-2020-35524
Two vulnerabilities have been discovered in the libtiff library
and the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed.
For the stable distribution (buster), these problems have been fixed in
version 4.1.0+git191117-2~deb10u2.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBL3p4ACgkQEMKTtsN8
Tjb83RAAsLQG7a9SCrmbsAhFrRZTH6CMG8GEKx5vRqYTQF2cpH1dtP9keaT121jX
ohu1k8C4akWp9NTITVeGzpKPyu5F+GOQTKT9KxUIgHhtO6AIuYqYQCi/GQSkitWx
5MXCawve17g8ND+aomhPafV3LiIqHH2jt/iig0Z2ld1vbtjuUY3XgtN2B++P/XJ2
N80JmpRqjyepdorrhE1Wj7N6IqV9SDRa+EwUTo3l6/vOngIuWY9D8gP2kJ2OWtg5
k/VDW6gLn+RP/DwbmYEdu/RZmyRvpFJrIeIeDGm9U9ivesfEFYake6Dk1DEJJR8p
gcWiWhcN3zlP588yfCCd9ZN8WimUVLUWSlckJst42J5jBEZinrcS0IKkj+OmflfP
ldl3zjnIJ4+CO7O7ooSMqjz3oH90l09yAwiOHMBLYgP4H4gt8BT3UOReDu6X4Gqk
Du0zESCC7WhynVLg7FydTorV9xzX/GOqPIp453EqafTMDrfUOTCBpXtBZ7zsbrCd
H1Qtj1QszXW5u7/i1GsfrK1EEIko5p4/GJBynHbJoifcMlhZ7fWfqYIZpxIJVs0I
al2ym94BY+FubOIqWWZKSEFbqycPyl91ZbIls8e7fTtkX4WYz8U+YedvQ1wI2SCQ
JzKTC8tkPlWMN3kv8cl3S+4lLs+tkCpE1XwySvN93e8Uv+eWLVI=
=hcSA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYE67yONLKJtyKPYoAQj+eA//Ts1ecvDhGfn9Q8F9gJbAy+ZLABM3LEbR
XPmCpBQI0gq8LYlUfc4ZHtfQNkXst5La43OF4XDfM7n3/W47CwVhZgqkbV7IVgfN
rbBQFaP9edjZ5wAk/0SxAF/9G7OEaeJtugE976iYMvsr2YLzfnsdK0XR/XFOhN4P
I1Y5zvf/JRdtWJHRRGIyTtWEm+UNoevrLyY/hz2xFZ+RqJEZB96MtqAHpPvmwozd
/iM9AM5SbCq+0i9aqn03/EMUEMHUqMxfRkDtkaO+dqutCBp3YTdPvtO76QR5NlT0
gYfYsvzjJtJJpKCXkGLg1qnej9mnIo5a2HR/b/+XoG07MY9pU18zxE6IWw2A0nG6
X4k+DHY57sj4YU2uq3uoTbbhr83bCjhAjkFWXM01ygro9nfExhjjFDiqjC8dLiO/
5MMPmA0xjKQFd+itER5FX2miuKJSsmQr4caQ8efpYI+BKBukfTsxPYENmAWW8HBN
kAW42Uy4iW3UcFMqlRpIjZWTepCz7S4Qy+JrswBeLrCJ6gDhJz820xrjjwDAZEsB
3GKYEDGJ/eiM8EqpPtG2yIYRoPryK83GRhFqN84a/2CCbtbHwvLYAqmfQVP8pavY
g42O5KgAxosSPpAvNoL1e/qfH+4PqOyrFs9c/lb4OFYSpoUXpTMabhBsSxQ4A/X9
84eEaWh6kMM=
=qtiy
-----END PGP SIGNATURE-----