Debian Security Advisory

DLA-795-1 tiff -- LTS security update

Date Reported:
23 Jan 2017
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 846837, Bug 820365, Bug 836570, Bug 851297.
In Mitre's CVE dictionary: CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3945, CVE-2016-3990, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9540, CVE-2016-10092, CVE-2016-10093, CVE-2017-5225.
More information:

It was discovered that there were two vulnerabilities in hesiod, Project Athena's DNS-based directory service:

  • CVE-2016-10151

    A weak SUID check allowing privilege elevation.

  • CVE-2016-10152

    Use of a hard-coded DNS fallback domain ( if configuration file could not be read.

For Debian 7 Wheezy, this issue has been fixed in hesiod version 3.0.2-21+deb7u1.

We recommend that you upgrade your hesiod packages.