[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 799-1] ming security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ming
Version        : 1:0.4.4-1.1+deb7u1
CVE ID         : CVE-2016-9264 CVE-2016-9265 CVE-2016-9266
                 CVE-2016-9827 CVE-2016-9828 CVE-2016-9829
                 CVE-2016-9831
Debian Bug     : 843928


Multiple security issues have been found in Ming. They may lead
to the execution of arbitrary code or causing application crash.

CVE-2016-9264

    global-buffer-overflow in printMP3Headers

CVE-2016-9265

    divide-by-zero in printMP3Headers

CVE-2016-9266

    left shift in listmp3.c

CVE-2016-9827

    listswf: heap-based buffer overflow in _iprintf

CVE-2016-9828

    listswf: heap-based buffer overflow in _iprintf

CVE-2016-9829

    listswf: NULL pointer dereference in dumpBuffer

CVE-2016-9831

    listswf: heap-based buffer overflow in parseSWF_RGBA

For Debian 7 "Wheezy", these problems have been fixed in version
0.4.4-1.1+deb7u1.

We recommend that you upgrade your ming packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYifYlAAoJEPZk0la0aRp9fxoQAKTkzD2VzHuErMFjuATxej1X
j1cUCpPQTJ0aDNb4Ip3dFLHCGv4KGDUCrvapSJD5ssMGF5XqFLL9yzJze0SP0KPi
QYgp4arp7NymP1SzqmJu3CXyuVIiysKv1mbjbGCxtRN9bI7zdRHZLNZFejAoe3qD
VU/9INSER6s2TRLy+bOPBiMM9E4cRTiCiXflF+UmpMoPT4OCd9rvqOG/pBwYhoRn
6BFFkmmeqGmLF7i7U0hYgU1OhnyjhZfnBSrOMuEEYt2ilhq2fdQqj+uEfwnXXNuB
QjT9hKStfC/F9K+1QQqWwP5HwzE+QMw2HxHAAmrh35mWD3k8cmoPMZo9AtCUExoW
uza6e/8ZdtD/kM1zY01UcYXmcLbIS39ZA5FIXaIvo4gcaYV4V+7G4vusRUeiE1Lk
83fHvCFhOeZbbrJpHBkN1KYlbbi6UZasFXGFSpXkfAjYp6u9wAZEhWaM45ixYvA2
vjkmLP5vpkbcFzxA+56k62+mhL+5ZCUJ3Q6bWYDJa6e0ytiH5A8q8wnS0HFfowS/
x+oLaCvfjBBe3KvvRblp4UHbsVziPFdwvdl/HNli5UKfEQrGswDGbhWX+eU8exqJ
r+iiuOnpRhopuFW95bPOzQJDrhel6ekL7h+DT7sFvM0cOpkv/cR8HTfeVmA5vQCH
8WmbTBSkpn7Jop2yo1Vx
=Clp+
-----END PGP SIGNATURE-----


Reply to: