[SECURITY] [DLA 892-1] libnl3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 892-1] libnl3 security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 10 Apr 2017 19:03:06 +0100
Message-id: <[🔎] 1491847386.4157328.940316544.74ADD424@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libnl3
Version        : 3.2.7-4+deb7u1
CVE ID         : CVE-2017-0553
Debian Bug     : #859948

It was discovered that there was an integer overflow in libnl3, a library for
dealing with netlink sockets.

A missing check in nlmsg_reserve() could have allowed a malicious application
to execute arbitrary code within the context of the WiFi service.

For Debian 7 "Wheezy", this issue has been fixed in libnl3 version
3.2.7-4+deb7u1.

We recommend that you upgrade your libnl3 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljru3cACgkQHpU+J9Qx
HliUxA/9GbQaKd86uVcwkq9zvkj2ZawG0bWmxVGsrWHet+P3T4oOcEXRT1KzIfoD
m58ge3SiagHVdRpmR3tkkIRniJGpoVVbGpJR65t3trIJOa7irql43BBBeLkPVh9h
aDB74/OK23fo9G4JqlPH4+BUfC2CAkwMt6VbIzhHIuF0m5Pr2Ad52A8mK6ZVUmBP
1Hx0APkEEwPhuWp5eCPLt02fRzLHNC6DHMAm+ushvq1k4pxPyj2lzzMbRnwnJ7lf
1c4bG5BIzKpz7BTdmSnSZKPRB1lYO7axIQAkoqii8mGmXkMM62G+oIMZhgOXATd2
fQI4gMUcoZFC5Dt4FlRGz7GRWeGUNHnjHQ53ZSkYDW6vbWaNrkGijXRcewq4p8qf
ZgA3Ujk0+Vd8TjFE1iZQTTwZhW9CK9o4SOuX2yVe9lGm7r85+anKCpoiKxDrgYPt
hx2dHU30W7sLtCCQNzKqjmKYw6d1+uY0hFLJ8i1gycggoi0T5Tg+28bcw4ivsYJj
X9eRn67oRs+ppQzpdygU4ZEIVtXCKVvp5gHdrUkIyrNU1JAov52y6/Bmt2NaazSr
IqTiEvjUVw9ephhs/jm0/eVGK7bU9m6X2ejXkRHR0fpidzmS+81NbcWck87kmbv7
M59nhLG4khRgYYk7uBvRt2ocTbYfAqfO5B2ubt4Vl6/HJ7xwkpM=
=owXU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 890-1] ming security update
Next by Date: [SECURITY] [DLA 891-1] libnl security update
Previous by thread: [SECURITY] [DLA 890-1] ming security update
Next by thread: [SECURITY] [DLA 891-1] libnl security update
Index(es):
- Date
- Thread