[SECURITY] [DLA 995-1] swftools security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 995-1] swftools security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 20 Jun 2017 22:25:07 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1706202224130.20403@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : swftools
Version        : 0.9.2+ds1-3+deb7u1
CVE ID         : CVE-2017-8400 CVE-2017-8401

CVE-2017-8400
     In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in
     the function png_load() in lib/png.c:755. This issue can be triggered
     by a malformed PNG file that is mishandled by png2swf.
     Attackers could exploit this issue for DoS; it might cause arbitrary
     code execution.

CVE-2017-8401
     In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in
     the function png_load() in lib/png.c:724. This issue can be triggered
     by a malformed PNG file that is mishandled by png2swf.
     Attackers could exploit this issue for DoS.


For Debian 7 "Wheezy", these problems have been fixed in version
0.9.2+ds1-3+deb7u1.

We recommend that you upgrade your swftools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZSYSjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHcoMQAI3tUrGQFk73C+8gW/ODzFZy
fnasbnK44+Jz1srFNqHCOduT2b7wuqrLevmwJ6C1Vty4eWRu2i87vOzsPbTUHnZU
rChx/lTLIcmafHu4kIPY6rdA7Cvk3LZ7MvPJAPRzploMi2wxZ9pCPEuoCz4x1tde
xNF2SSN/0THbcqjxMp2G0z1GZigeyYiSADZB544kMkOqZ7mTgjCZwSSKULIu/oL5
rNJH0cNlsVi4vvUe6ob5AqFkniTvttJcdDEr8DdIpyH3RZ6rcPE/2DbcbIadrTjW
cIXKiDtdARaixJNr810yKTs+NamT9hzU6kO7W7K7gRiorVjd1o4S8yC40ZDxBaJG
uXFddLn1K9KHk12SwjkwK3/IfEzxxMYLWKT02nUZZU3pIHKS/RFN3J0HmQXucryN
XFj3wlA6rW2m6ffOG3kHoazzCplH2m0PAh3r6G+Ka4i/HYK3l39DaNHnoRYLbfT4
Ox/b2I5QxNZHH6877QKjw2goiM+QEBmwtyy/Rd7sNU7nmm79ueVgm24tll4/DOg1
9UgGBG8E7Jcx80bYiKCYzLuPnNLvYjK354qmi7rkwIEYgvnQctJM9lmB/Zl9gtK2
sKdttuF7AFIdTZJ4Y8rayuBVURCvbu6oPmZTJSV3qeMaJeDccfCByV106wLRbB5T
D6p4FJi9vxOje5cHCgUj
=9fH0
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 994-1] zziplib security update
Next by Date: [SECURITY] [DLA 996-1] tomcat7 security update
Previous by thread: [SECURITY] [DLA 994-1] zziplib security update
Next by thread: [SECURITY] [DLA 996-1] tomcat7 security update
Index(es):
- Date
- Thread