Thank you merci Le Lun 18 Fév 2019 8:13, Brian May <b...@debian.org> a écrit :
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Package : tiff > Version : 4.0.3-12.3+deb8u8 > CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663 > > > Brief introduction > > CVE-2018-17000 > > A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c > (called from TIFFWriteDirectoryTagTransferfunction) allows an > attacker to cause a denial-of-service through a crafted tiff file. This > vulnerability can be triggered by the executable tiffcp. > > CVE-2018-19210 > > There is a NULL pointer dereference in the TIFFWriteDirectorySec > function > in tif_dirwrite.c that will lead to a denial of service attack, as > demonstrated by tiffset. > > CVE-2019-7663 > > An Invalid Address dereference was discovered in > TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c, > affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote > attackers could leverage this vulnerability to cause a > denial-of-service > via a crafted tiff file. > > We believe this is the same as CVE-2018-17000 (above). > > For Debian 8 "Jessie", these problems have been fixed in version > 4.0.3-12.3+deb8u8. > > We recommend that you upgrade your tiff packages. > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlxqUl8ACgkQKpJZkldk > Svp6Rg//WyvFJG2F/3814EV8T61Vc2MvnaYHDAQzaH14SdN4USX/X6h0ylvLwD0y > PSZ2OgcT2i86SZcjF3Fpd0n3mPkIYxNlF2fwimmKNoniBIDiZSIGFCFo3F55Y132 > tS8OBMrzLt6DU4V83EDjM/fKbVZLFezDzTiUsVH2tdFCgpxcK+e4eppSAqHXobKH > uymEQDC9+/fBs6UWReFOB+AY16JA6QBzW7U0VyENpQWHFbyteamqF3Y8K+4Gm3RB > NW+Jn31cdO0NUZtwfcE6epDazvq/TJ4epADOtBLGUc7rLRvrxIENjMyOiPwC7R8N > yJbHM5mmz0Z5GswDtohhFoWg0EpcXlXMkW38moDSwEEJ5EE0TYF2aXrLg6aJw4Eb > o7zOlQbLIvuaJkvAUInBhPHiuHq2iCVZV8Mlyp7TjB46dokwGpXzetf2/qSF5Mp8 > uJKQ2B5vYfDs6681AMJmcOLbWSEXNr8K75tOZfdWPEDPST0XhYUHprjEVGQ3Y823 > NxCOk+M+WQ4cZDXHNVFH/9pSpJyzsKYdBAiw7rVJO/20lXPMBuEvCrXqDvGW1WgA > TqPrPj9TOlyWAsN0cBSRy9yVsD66jKJBo/f0qzu50/WWpRAQdo3NbqE9wQPdZdl6 > 8R6HbU69byxURIM+IS0H9dfqAIxW3sKy+WgKZYgDDzW7ERGA1hU= > =wy9I > -----END PGP SIGNATURE----- > >
