[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1198-1] libextractor security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libextractor
Version        : 1:0.6.3-5+deb7u1
CVE ID         : CVE-2017-15266 CVE-2017-15267 CVE-2017-15600
                 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922
Debian Bug     : 878314 880016

Leon Zhao discovered several security vulnerabilities in libextractor,
a universal library and command-line tool to obtain meta-data about
files. NULL Pointer Dereferences, heap-based buffer overflows, integer
signedness errors and out-of-bounds read may lead to a denial-of-service
(application crash) or have other unspecified impact.

For Debian 7 "Wheezy", these problems have been fixed in version
1:0.6.3-5+deb7u1.

We recommend that you upgrade your libextractor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloluHlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ4dBAAmeb7pnWQuvp9PWpcaQAGPJeSucEAg+ukXTLVptzUh6/2LQ3H09Hnbk3j
+ZY8JDK6mxB6ouZdi95Fn7yT5mr8K2dcZv1AkBk1FyAe72vX0WIyNra9r4xDBo9q
Cv6YtCvap6bXo2abRobzNQRzMqFiNZMecCEKnNP99LMOokcUV38pj43w+EekZ7v7
x28IgkE9DBol7eDJJinCXzkvm1lbeSzunSJ9kP0wLFznPDDM4aJ3hsKd7Va3s1Cx
LBsethyFv1NnBDGo/h9L/hYuNfwTdUiGk9IDru/878yjpwIrCF9p1JmIDfc2ckkd
l9Zrd7XvR/lCkGzGcoCt8U7Knv0buvfFMW5AVxIeETE7Gb37pnmHYYd5uYyRhbZi
MJsVqM/2halY6MiCoVs8M2QOUls0y/+0uo188WhqNaXBpgTPrvuJtXqlAew4r6Uj
VsbWmUHSI8wh/XP1Wmkw3pQKjdkD/pmxozHtwkd66XdtsaTUL0Q8eIBFtLOjuqXM
8yomOzezbKS7J6fTHMYhbMFMyd4Oqkwpyzk8aQ83NJWOumI3lRF47InidWWg7zQY
SOo764tBoH7tABWooctV19ofDUCos7JUjkSpCRtqnurOjJS3qHDpR3rQRit5t23x
DdgrP74HjpW/jpYsXEtisbpTPbJLl9PowOndU/O8QrArFm6dFl8=
=EVir
-----END PGP SIGNATURE-----


Reply to: