[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1109-1] libraw security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libraw
Version        : 0.14.6-2+deb7u3
CVE ID         : CVE-2017-14608

CVE-2017-14608
     An out of bounds read flaw related to kodak_65000_load_raw has been
     reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker
     could possibly exploit this flaw to disclose potentially sensitive
     memory or cause an application crash.


For Debian 7 "Wheezy", these problems have been fixed in version
0.14.6-2+deb7u3.

We recommend that you upgrade your libraw packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZx+gDXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHMsIQAILxO/0BsWCVDBkAYK+DBGHj
E/n9tjPdLTL8CGQv6TeeLlluKkDUuZTlTZ8yB1NwWsyT6Xd1x3MyXeviQBL061x1
Ika97N0IiggAeW50cgcSqyYk0FNMh9nGJbHdQV5p06XFDaTAyWsK3cvcOQLU7N5l
Lb2N8INIaLG8GtYAhL8DD5/He7Vvdk6q8NLEMP77Vs/8H0+WHFytOCf8rhmWPCIv
ntiloNxLoobgmM4zDYaxIfHJ0UsYA48KUp0hmS7kWkJQ76kfR30vei4fP8yGmHhS
nUXcwdlmNEu0k3Zc+jM4Zj3FDimZ2PZbX7gZyhIvmoOhoxiG7lt9EwA3b7ElgX6t
sCTLnJ1b0hUnAdtFtLg2rkGW+CcGGHtQ8rGrLzxy7RMZz/z98YC1VHW1WvAE5ecN
1a/p27NsANKtm66TA790surh/epNZhHZI/1tXAESYbKBhJnRdmz8rNd7D4BpiA2p
RbuEmsNmxf9sK3KBjbE6MteFend9B7m07KTP0mKc19icYumhe0otn7kABWEXd+q7
402OmWmHDvBeFbtbyp/RqwekXt/bYQICJrwcGlNcFwTonAWOtIWs55Zx2uKA6OmB
btVfvSTmjGZyUC5d04GRaDD4HUXW5mwIh/Pu6Q0fhfiL9G2WU1wjCLNgpIljzR+y
Oc0PZ1XEXdkRoKB2+Jmk
=Uyj3
-----END PGP SIGNATURE-----


Reply to: