Debian 10241 Published by

The following updates has been released for Debian 7 LTS:

[DLA 795-1] hesiod security update
[DLA 795-1] tiff security update



[DLA 795-1] hesiod security update

Package : hesiod
Version : 3.0.2-21+deb7u1
CVE IDs : CVE-2016-10151 CVE-2016-10152
Debian Bugs : #852094, 852093

It was discovered that there were two vulnerabilities in hesiod, Project
Athena's DNS-based directory service:

* CVE-2016-10151: A weak SUID check allowing privilege elevation.

* CVE-2016-10152: Use of a hard-coded DNS fallback domain
(athena.mit.edu) if configuration file could not be read.

For Debian 7 "Wheezy", this issue has been fixed in hesiod version
3.0.2-21+deb7u1.

We recommend that you upgrade your hesiod packages.


[DLA 795-1] tiff security update

Package : tiff
Version : 4.0.2-6+deb7u9
CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945
CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535
CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540
CVE-2016-10092 CVE-2016-10093 CVE-2017-5225
Debian Bug : 846837 820365 836570 851297

Numerous security vulnerabilities have been found through fuzzing on
various tiff-related binaries. Crafted TIFF images allows remote
attacks to cause denial of service or, in certain cases arbitrary code
execution through divide-by-zero, out of bunds write, integer and heap
overflow.

CVE-2016-3622

The fpAcc function in tif_predict.c in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a
denial of service (divide-by-zero error) via a crafted TIFF image.

CVE-2016-3623

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (divide-by-zero) by setting
the (1) v or (2) h parameter to 0. (Fixed along with
CVE-2016-3624.)

CVE-2016-3624

The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service
(out-of-bounds write) by setting the "-v" option to -1.

CVE-2016-3945

Multiple integer overflows in the (1) cvt_by_strip and (2)
cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and
earlier, when -b mode is enabled, allow remote attackers to cause
a denial of service (crash) or execute arbitrary code via a
crafted TIFF image, which triggers an out-of-bounds write.

CVE-2016-3990

Heap-based buffer overflow in the horizontalDifference8 function
in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (crash) or execute
arbitrary code via a crafted TIFF image to tiffcp.

CVE-2016-9533

tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers. Reported as MSVR 35094,
aka "PixarLog horizontalDifference heap-buffer-overflow."

CVE-2016-9534

tif_write.c in libtiff 4.0.6 has an issue in the error code path
of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp
members. Reported as MSVR 35095, aka "TIFFFlushData1
heap-buffer-overflow."

CVE-2016-9535

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions
that can lead to assertion failures in debug mode, or buffer
overflows in release mode, when dealing with unusual tile size
like YCbCr with subsampling. Reported as MSVR 35105, aka
"Predictor heap-buffer-overflow."

CVE-2016-9536

tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers in
t2p_process_jpeg_strip(). Reported as MSVR 35098, aka
"t2p_process_jpeg_strip heap-buffer-overflow."

CVE-2016-9537

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096,
and MSVR 35097.

CVE-2016-9538

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in
readContigStripsIntoBuffer() because of a uint16 integer
overflow. Reported as MSVR 35100.

CVE-2016-9540

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on
tiled images with odd tile width versus image width. Reported as
MSVR 35103, aka cpStripToTile heap-buffer-overflow.

CVE-2016-10092

heap-buffer-overflow in tiffcrop

CVE-2016-10093

uint32 underflow/overflow that can cause heap-based buffer
overflow in tiffcp

CVE-2017-5225

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in
the tools/tiffcp resulting in DoS or code execution via a crafted
BitsPerSample value.

Bug #846837

heap-based buffer verflow in TIFFFillStrip (tif_read.c)

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u9.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS