[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-1478-1] libextractor security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libextractor
Version        : 1:1.3-2+deb8u2
CVE ID         : CVE-2018-14346 CVE-2018-14347 
Debian Bug     : #904903 #904905

It was discovered that there were two vulnerabilities in libextractor,
a library to obtain metadata from files of arbitrary type.

  * A stack-based buffer overflow in unzip.c. (CVE-2018-14346)

  * An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347)

For Debian 8 "Jessie", these issues have been fixed in libextractor
version 1:1.3-2+deb8u2.

We recommend that you upgrade your libextractor packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluCpsMACgkQHpU+J9Qx
HlhwQQ/7BJ/MbTr9F4zWumr0slSv7Cy6jb4SUt7DoksTfyERdQwqVvfZOMClskth
957WeUKKbNVYbMBBtS3SZBSefzYJhNUfGwSWESW9FoAbrandkp2lIVEEuqBxGnRn
B+znSd3hAkpt1xaPEKSgqAZhMAr7kK7onQbfNJg22jK+6irp4ToCmE7zHjdcoBTR
7bk1iBE8ZaHCUnlCTtdrIh7fMW4WxCeUkJWdjxMZ7HdxhePYHt/A3EWhy33rfSBw
y09I6IPdfo0v/jtnUZc612ytEK540wllRcFvsK+Uoe7o9USmSuY7vc7I8t4mT0fM
BvBnrSMZiY8oBDOSkTDPFpHB8yP5lEBGMmEnzTOJu0Fy7AgljA5gSXpvB1EfGKg6
tJ7v8JQ8Kt/8KD4pQF5kRhUmDzubAkFFYWTEpmP4eVHHkziN3yLHlW54f/SOrETj
DDrKfHSxEvGexolZHeB88nxqlKANiLVhLTRKy9b9FSkiistm8jGyC+U+ivsn70vm
vNMkdHsh7J6A8P3LPrKxSWFdwdlU2suPiMay4qQ8MI9UHNK4rhlN9RtwzNDMBdco
JKUx9nu80gGOSF8TEj6PLBHN+yzKG6tEo1ahVDM+koSCdNTmtaGK5zJoHObf5uhJ
xCR6x7XKgSi/bHnzjVQZPU2MwS6lMW3ORKbBVjzxY+Xk6sryywI=
=6Xno
-----END PGP SIGNATURE-----


Reply to: