[SECURITY] [DLA 438-1] libebml security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 438-1] libebml security update
From: Damyan Ivanov <dmn@debian.org>
Date: Sun, 28 Feb 2016 17:36:43 +0000
Message-id: <[🔎] 20160228173643.GA28652@ktnx.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : libebml
Version        : 0.7.7-3.1
CVE ID         : CVE-2015-8790 CVE-2015-8791

Two security-related issues were fixed in libebml, a library for accessing the
EBML format:

CVE-2015-8790

    The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3
    allows context-dependent attackers to obtain sensitive information from
    process heap memory via a crafted UTF-8 string, which triggers an invalid
    memory access.

CVE-2015-8791

    The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows
    context-dependent attackers to obtain sensitive information from process
    heap memory via a crafted length value in an EBML id, which triggers an
    invalid memory access.

For Debian 6 "squeeze", these issues have been fixed in libebml version
0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 436-1] ia32-libs security update
Next by Date: [SECURITY] [DLA 440-1] dansguardian package update
Previous by thread: [SECURITY] [DLA 436-1] ia32-libs security update
Next by thread: [SECURITY] [DLA 440-1] dansguardian package update
Index(es):
- Date
- Thread