[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1158-1] bchunk security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bchunk
Version        : 1.2.0-12+deb7u1
CVE ID         : CVE-2017-15953 CVE-2017-15954 CVE-2017-15955
Debian Bug     : 880116

Several vulnerabilities were discovered in bchunk, a tool to convert a
CD image in .bin/.cue format into a set of .iso and .cdr/.wav tracks.
It was possible to trigger a heap-based buffer overflow with an
resultant invalid free when processing a malformed CUE (.cue) file
that may lead to the execution of arbitrary code or a application crash.

For Debian 7 "Wheezy", these problems have been fixed in version
1.2.0-12+deb7u1.

We recommend that you upgrade your bchunk packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln7pddfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRVZA//XWDFB88JCDrmnr3YfPVaiTYRArYvxdoEUyk4WNvx6kRe0ZFxhPqlFC3h
6lk6Z/fEMW/h+E6ox0xtXKqDXXn+zjtbBr8POhUr3AfuW+n9cHakYTHEBFjGxjYT
saSDsdhZCOLCdZulEXC4vCnjdbXGNTN1kgOI2DHy+s4IBsaP0AB0bYDu5ihAPFuz
II0+TE8qlphwSnXBoxT8DP47wKOvkS/w+z/k8KfOiN+74LTj5/JwZjyZEd3fwR7M
L/S99ifRWR1UvcuF0bbrmrt6hET+fn/ZOYxs3h+ZPld50bXnMGu1udhjDZ7a4QiP
qx8EdifKC3xYbALI6/Ovm3u/qQaYbaCH6pmbFsvE+ssMvSdRO9DGOEJQl/OxiBsc
2u7sKc2Px2hSwQTHy326jMyGDaDShSNjscZfgnkfo/waWW2IUHP8ps9kpPfurlOd
z2BZM9nxVfL9facbxo8u8hMdzTPSoEn3sxzGNHOdjMznFp29t4b9TuS+N8dJDr35
3uu5FaC+bj4Jhk3WgSgjUI595Ewujhq2375TYk4DAPsimHdCW/Y1jdEE+9CS5UQb
td4B3bjWYACwOndLbg92CT+PIXCV9vob4dA7refnm29QII8WOlWSA0ntxdtql9do
LOp98aYR4g0J2pNNHfkm1Q5h++oHnEs6L4FdBmvOBai9Ks3zxuY=
=Qgwv
-----END PGP SIGNATURE-----


Reply to: