[SECURITY] [DLA 923-1] partclone security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 923-1] partclone security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Fri, 28 Apr 2017 22:15:42 +0200
Message-id: <[🔎] 20170428201542.o3kruoyg2ul6p6b5@hle-laptop.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : partclone
Version        : 0.2.48-1+deb7u1
CVE ID         : CVE-2017-6596
Debian Bug     : 857966 

It was discovered that partclone, an utility to backup partitions,
was prone to a heap-based buffer overflow vulnerability due to
insufficient validation of the partclone image header. This could allow
remote attackers to cause a 'Denial of Service attack' in the context
of the user running the affected application via a crafted partition
image.

For Debian 7 "Wheezy", these problems have been fixed in version
0.2.48-1+deb7u1.

We recommend that you upgrade your partclone packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlkDomgACgkQrJCsPsUk
Bl6rZw//TBYpdeDMtNm7ezx7fWX5XylXVkcfG9KidSq4T3PI0HElgI3Y5xkyHl4+
DaWqXapexZ7csRABwSlm8jkpg6RhdY4LmVSnwpzNftiN90p+Ix8RfJOW3Kv0VjE7
XzrBFEnGllc088jK4kW8CQ62L6dbri6xJaR/8xz7nMPO8IN9nqV0ok4q2sBE7+1u
WTufk+qYAVgePGW+qzfPZQK8TaBfLZ8hQ2JuGhqD1K71P/dGqm4Zf3LieWWhaHpH
ZkkFZr47lrV/NNb9Karll1XnwMH0MRAT+tFPdaeVIIWq3I2W+iEy7i/888IVGXVJ
bZxppDtyzlrshs2/bIVpLcYEATWRR78GznFPfVmQ4aFONyO0F4PPiwQaiTKZEmvJ
1BMpccj/JaAhAGxFmlq+eXXfLRxHAnX7MCqAFnoEmHZi9aBY0p+46Qc5wfoETFjg
HnEVDeni8GrVgXEgof640MEiiBVxwKhz36IVGqr3bHvSvZh2PAt2wwUgBezEq//U
rHAxlP0hCfsto101FGPvsGEeuCC0rm2sN6FEqOZmk0DgDaqHZY/fjpKSSEgathgH
kvfq0ta2ZvZ5gFJYkecunIqtfvPrYkrV1kdoLlPVsgyuNel+TGHVgdNUWslgYFdl
YJg5e2yc7tLBnC4j5kzlOql0SG3naNanc88XF2Hf0nFeEcsMUSs=
=nJyA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 922-1] linux security update
Next by Date: [SECURITY] [DLA 924-1] tomcat7 security update
Previous by thread: [SECURITY] [DLA 922-1] linux security update
Next by thread: [SECURITY] [DLA 924-1] tomcat7 security update
Index(es):
- Date
- Thread