Debian 10260 Published by

The following updates has been released for Debian:

[DLA 547-2] graphicsmagick regression update
[DLA 877-1] tiff security update
[DLA 878-1] libytnef security update
[DSA 3823-1] eject security update



[DLA 547-2] graphicsmagick regression update

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u6
CVE ID : CVE-2016-5240
Debian Bug : N/A

The fix for CVE-2016-5240 was improperly applied which resulted in
GraphicsMagick crashing instead of entering an infinite loop with the
given proof of concept.

Furthermore, the original announcement mistakently used the identifier
"DLA 574-1" instead of the correct one, "DLA 547-1".

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u6.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


[DLA 877-1] tiff security update

Package : tiff
Version : 4.0.2-6+deb7u11
CVE ID : CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269

libtiff is vulnerable to multiple buffer overflows and integer overflows
that can lead to application crashes (denial of service) or worse.

CVE-2016-10266

Integer overflow that can lead to divide-by-zero in
TIFFReadEncodedStrip (tif_read.c).

CVE-2016-10267

Divide-by-zero error in OJPEGDecodeRaw (tif_ojpeg.c).

CVE-2016-10268

Heap-based buffer overflow in TIFFReverseBits (tif_swab.c).

CVE-2016-10269

Heap-based buffer overflow in _TIFFmemcpy (tif_unix.c).

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u11.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 878-1] libytnef security update

Package : libytnef
Version : 1.5-4+deb7u1
CVE ID : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301
CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305
CVE-2017-6801 CVE-2017-6802


CVE-2017-6298
Null Pointer Deref / calloc return value not checked

CVE-2017-6299
Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c

CVE-2017-6300
Buffer Overflow in version field in lib/tnef-types.h

CVE-2017-6301
Out of Bounds Reads

CVE-2017-6302
Integer Overflow

CVE-2017-6303
Invalid Write and Integer Overflow

CVE-2017-6304
Out of Bounds read

CVE-2017-6305
Out of Bounds read and write

CVE-2017-6801
Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef

CVE-2017-6802
Heap-based buffer over-read on incoming Compressed RTF Streams,
related to DecompressRTF() in libytnef


For Debian 7 "Wheezy", these problems have been fixed in version
1.5-4+deb7u1.

We recommend that you upgrade your libytnef packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3823-1] eject security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3823-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : eject
CVE ID : CVE-2017-6964
Debian Bug : 858872

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to
check if a given device is an encrypted device handled by devmapper, and
used in eject, does not check return values from setuid() and setgid()
when dropping privileges.

For the stable distribution (jessie), this problem has been fixed in
version 2.1.5+deb1+cvs20081104-13.1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.5+deb1+cvs20081104-13.2.

We recommend that you upgrade your eject packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/