Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0893 tiff security update 15 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tiff Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-35524 CVE-2020-35523 Reference: ESB-2021.0715 Original Bulletin: http://www.debian.org/security/2021/dsa-4869 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4869-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2020-35523 CVE-2020-35524 Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. For the stable distribution (buster), these problems have been fixed in version 4.1.0+git191117-2~deb10u2. We recommend that you upgrade your tiff packages. For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBL3p4ACgkQEMKTtsN8 Tjb83RAAsLQG7a9SCrmbsAhFrRZTH6CMG8GEKx5vRqYTQF2cpH1dtP9keaT121jX ohu1k8C4akWp9NTITVeGzpKPyu5F+GOQTKT9KxUIgHhtO6AIuYqYQCi/GQSkitWx 5MXCawve17g8ND+aomhPafV3LiIqHH2jt/iig0Z2ld1vbtjuUY3XgtN2B++P/XJ2 N80JmpRqjyepdorrhE1Wj7N6IqV9SDRa+EwUTo3l6/vOngIuWY9D8gP2kJ2OWtg5 k/VDW6gLn+RP/DwbmYEdu/RZmyRvpFJrIeIeDGm9U9ivesfEFYake6Dk1DEJJR8p gcWiWhcN3zlP588yfCCd9ZN8WimUVLUWSlckJst42J5jBEZinrcS0IKkj+OmflfP ldl3zjnIJ4+CO7O7ooSMqjz3oH90l09yAwiOHMBLYgP4H4gt8BT3UOReDu6X4Gqk Du0zESCC7WhynVLg7FydTorV9xzX/GOqPIp453EqafTMDrfUOTCBpXtBZ7zsbrCd H1Qtj1QszXW5u7/i1GsfrK1EEIko5p4/GJBynHbJoifcMlhZ7fWfqYIZpxIJVs0I al2ym94BY+FubOIqWWZKSEFbqycPyl91ZbIls8e7fTtkX4WYz8U+YedvQ1wI2SCQ JzKTC8tkPlWMN3kv8cl3S+4lLs+tkCpE1XwySvN93e8Uv+eWLVI= =hcSA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYE67yONLKJtyKPYoAQj+eA//Ts1ecvDhGfn9Q8F9gJbAy+ZLABM3LEbR XPmCpBQI0gq8LYlUfc4ZHtfQNkXst5La43OF4XDfM7n3/W47CwVhZgqkbV7IVgfN rbBQFaP9edjZ5wAk/0SxAF/9G7OEaeJtugE976iYMvsr2YLzfnsdK0XR/XFOhN4P I1Y5zvf/JRdtWJHRRGIyTtWEm+UNoevrLyY/hz2xFZ+RqJEZB96MtqAHpPvmwozd /iM9AM5SbCq+0i9aqn03/EMUEMHUqMxfRkDtkaO+dqutCBp3YTdPvtO76QR5NlT0 gYfYsvzjJtJJpKCXkGLg1qnej9mnIo5a2HR/b/+XoG07MY9pU18zxE6IWw2A0nG6 X4k+DHY57sj4YU2uq3uoTbbhr83bCjhAjkFWXM01ygro9nfExhjjFDiqjC8dLiO/ 5MMPmA0xjKQFd+itER5FX2miuKJSsmQr4caQ8efpYI+BKBukfTsxPYENmAWW8HBN kAW42Uy4iW3UcFMqlRpIjZWTepCz7S4Qy+JrswBeLrCJ6gDhJz820xrjjwDAZEsB 3GKYEDGJ/eiM8EqpPtG2yIYRoPryK83GRhFqN84a/2CCbtbHwvLYAqmfQVP8pavY g42O5KgAxosSPpAvNoL1e/qfH+4PqOyrFs9c/lb4OFYSpoUXpTMabhBsSxQ4A/X9 84eEaWh6kMM= =qtiy -----END PGP SIGNATURE-----