tiff 4.0.6-2ubuntu0.1 source package in Ubuntu

Changelog

tiff (4.0.6-2ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted field data in an extension tag
    - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c.
    - CVE-2015-7554
  * SECURITY UPDATE: DoS and possible code execution via large width field
    in a BMP image
    - debian/patches/CVE-2015-8668.patch: properly calculate size in
      tools/bmp2tiff.c.
    - CVE-2015-8668
  * SECURITY UPDATE: heap-buffer-overflow in tiffcrop
    - debian/patches/CVE-2016-10092.patch: properly increment buffer in
      tools/tiffcrop.c.
    - CVE-2016-10092
  * SECURITY UPDATE: heap-based buffer overflow in tiffcp
    - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow
      in tools/tiffcp.c.
    - CVE-2016-10093
  * SECURITY UPDATE: off-by-one error in tiff2pdf
    - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c.
    - CVE-2016-10094
  * SECURITY UPDATE: DoS in tiff2rgba tool
    - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in
      libtiff/tif_getimage.c, libtiff/tif_predict.c.
    - CVE-2016-3622
  * SECURITY UPDATE: DoS in rgb2ycbcr tool
    - debian/patches/CVE-2016-3623.patch: validate parameters in
      tools/rgb2ycbcr.c.
    - CVE-2016-3623
    - CVE-2016-3624
  * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
    - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
      tools/thumbnail.c.
    - CVE-2016-3632
    - CVE-2016-8331
  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel
      change in libtiff/tif_dir.c, avoid null pointer dereference in
      libtiff/tif_dirwrite.c
    - CVE-2016-3658
  * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
    - debian/patches/CVE-2016-3945.patch: fix integer overflow in
      tools/tiff2rgba.c.
    - CVE-2016-3945
  * SECURITY UPDATE: DoS and possible code execution via overflow in
    horizontalDifference8 function
    - debian/patches/CVE-2016-3990.patch: add check to
      libtiff/tif_pixarlog.c.
    - CVE-2016-3990
  * SECURITY UPDATE: DoS and possible code execution in tiffcrop
    - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
    - CVE-2016-3991
    - CVE-2016-5322
  * SECURITY UPDATE: DoS and possible code execution in tiff2pdf
    - debian/patches/CVE-2016-5652.patch: properly handle markers in
      tools/tiff2pdf.c.
    - CVE-2016-5652
  * SECURITY UPDATE: DoS in tiffsplit
    - debian/patches/CVE-2016-9273.patch: don't recompute value in
      libtiff/tif_strip.c.
    - CVE-2016-9273
  * SECURITY UPDATE: DoS via crafted tag values
    - debian/patches/CVE-2016-9297.patch: NULL-terminate values in
      libtiff/tif_dirread.c.
    - CVE-2016-9297
  * SECURITY UPDATE: DoS caused by CVE-2016-9297
    - debian/patches/CVE-2016-9448.patch: check for NULL in
      libtiff/tif_dirread.c.
    - CVE-2016-9448
  * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES
    of length one
    - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
    - CVE-2016-9453
  * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips
    - debian/patches/CVE-2016-9532.patch: check for overflows in
      tools/tiffcrop.c.
    - CVE-2016-9532
  * SECURITY UPDATE: multiple out-of-bounds writes issues
    - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
      libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
      tools/tiffcrop.c.
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9536
    - CVE-2016-9537
  * SECURITY UPDATE: assertion failure via unusual tile size
    - debian/patches/CVE-2016-9535-1.patch: replace assertions with
      runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h.
    - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in
      libtiff/tif_predict.c.
    - CVE-2016-9535
  * SECURITY UPDATE: integer overflow in tiffcrop
    - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in
      tools/tiffcp.c, tools/tiffcrop.c.
    - CVE-2016-9538
  * SECURITY UPDATE: out-of-bounds read in tiffcrop
    - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c.
    - CVE-2016-9539
  * SECURITY UPDATE: out-of-bounds write via odd tile width versus image
    width
    - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c.
    - CVE-2016-9540
  * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
    - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
    - CVE-2017-5225

 -- Marc Deslauriers <email address hidden>  Fri, 24 Feb 2017 10:20:01 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2017-02-24
Uploaded to:
Yakkety
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
tiff_4.0.6.orig.tar.gz 2.1 MiB 4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c
tiff_4.0.6-2ubuntu0.1.debian.tar.xz 35.2 KiB 72c88e746acb700392875a0e4c10d980e31cedd30fe745e2d54c75ab92559216
tiff_4.0.6-2ubuntu0.1.dsc 2.3 KiB 47a978483f9cb92481f95cf5e1aa0f5b34e18e96f3edab0b695a33da4b7b9d56

View changes file

Binary packages built by this source

libtiff-doc: No summary available for libtiff-doc in ubuntu yakkety.

No description available for libtiff-doc in ubuntu yakkety.

libtiff-opengl: No summary available for libtiff-opengl in ubuntu yakkety.

No description available for libtiff-opengl in ubuntu yakkety.

libtiff-opengl-dbgsym: No summary available for libtiff-opengl-dbgsym in ubuntu yakkety.

No description available for libtiff-opengl-dbgsym in ubuntu yakkety.

libtiff-tools: No summary available for libtiff-tools in ubuntu yakkety.

No description available for libtiff-tools in ubuntu yakkety.

libtiff-tools-dbgsym: No summary available for libtiff-tools-dbgsym in ubuntu yakkety.

No description available for libtiff-tools-dbgsym in ubuntu yakkety.

libtiff5: No summary available for libtiff5 in ubuntu yakkety.

No description available for libtiff5 in ubuntu yakkety.

libtiff5-dbgsym: No summary available for libtiff5-dbgsym in ubuntu yakkety.

No description available for libtiff5-dbgsym in ubuntu yakkety.

libtiff5-dev: No summary available for libtiff5-dev in ubuntu yakkety.

No description available for libtiff5-dev in ubuntu yakkety.

libtiffxx5: No summary available for libtiffxx5 in ubuntu yakkety.

No description available for libtiffxx5 in ubuntu yakkety.

libtiffxx5-dbgsym: No summary available for libtiffxx5-dbgsym in ubuntu yakkety.

No description available for libtiffxx5-dbgsym in ubuntu yakkety.