[SECURITY] [DLA 890-1] ming security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 890-1] ming security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 10 Apr 2017 13:32:04 +0100
Message-id: <[🔎] 1491827524.4075550.939926472.56C71FB2@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ming
Version        : 1:0.4.4-1.1+deb7u2
CVE ID         : CVE-2017-7578

It was discovered that there were multiple heap-based buffer overflows in ming,
a library to generate SWF (Flash) files.

The updated packages prevent a crash in the "listswf" utility due to a
heap-based buffer overflow in the parseSWF_RGBA function and several other
functions in parser.c.

AddressSanitizer flagged them as invalid writes "of size 1" but the heap could
be written to multiple times. The overflows are caused by a pointer behind the
bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD.

For Debian 7 "Wheezy", this issue has been fixed in ming version
1:0.4.4-1.1+deb7u2.

We recommend that you upgrade your ming packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljrezoACgkQHpU+J9Qx
HlhAABAAkM/nIn634l1pPZkJlFtGIu42CcYlKa1uy5bdLnakbCDX7pGpFnsd6FH1
Xmcn4acsvm+eT42N9FefCKZB/fHlu4xTehVwsVaojQ85SQzYAZ0NbMsr8GT3WldJ
nsBeTQIYrTjScvIRSrrw2X8wP0oZ+FyfYMNJ2/AgoJlg0YB0fi32UPFDVo97tVBz
LIhBlhzJL22GwmrB4Z3KaB+8aw9IVHUtay1R2rN2QbiGVPz9WlFa3wcVeQ5VWyhb
iKUi5M9vbxaDCguX4BKc0h9EzlL5Fv2a5GTMMkL2SvIZPk0OhNOcW/hZj+onKorY
JJRbXaPdoNflxNvFiWUVje2tWGW6YANZIxTLYb0pEkcY1rboaSHhX2ioIXofxkrG
P5hop7Y1Tv0ylm4T05ZCZi+TA0pIDX4q7KtbiHteX65JVFWraJcXzkeGpX94QFlX
vK8mIuBaKBMloUQrPL3EpA8i0YV0m2nzfnP0FWk97Tp1jPyF1j6ysPeWDdy9rocl
8J3sznPtZ2SWROpJoaIhPh8ptti/C4Bl/JkuBnFH8tFlWTYvpI9XrJ6ea09uVDru
efqHEdjitK++E7j0zn0wxiCcH0eb5ZswuYjCxF8L0XdV0KXJTKmdi6Ei/gJEcGlh
k/RScvxfjpSScnSeP+3VJ93WYlfk8aceUPAXdPHvA3pWevJw0+8=
=/0OO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 889-1] potrace security update
Next by Date: [SECURITY] [DLA 892-1] libnl3 security update
Previous by thread: [SECURITY] [DLA 889-1] potrace security update
Next by thread: [SECURITY] [DLA 892-1] libnl3 security update
Index(es):
- Date
- Thread