[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1616-1] libextractor security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libextractor
Version        : 1:1.3-2+deb8u4
CVE ID         : CVE-2018-20430 CVE-2018-20431
Debian Bug     : 917214 917213

Two security issues were discovered in libextractor, a library for
extracting meta data from files of arbitrary type. An out-of-bounds
read in common/convert.c and a NULL Pointer Dereference in the OLE2
extractor may lead to a denial-of-service (application crash).

For Debian 8 "Jessie", these problems have been fixed in version
1:1.3-2+deb8u4.

We recommend that you upgrade your libextractor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwhIrxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRRyg//YpnxrEYZ4jUQr4ZWRzrfADhuIISAn5MTutUXGHLeYy6akkZ5EHjeDWeC
ELVDOWmEU6stBbFF0VZbxo2G9PudKF7CkbLTi6k1L4PYYQGwYiZva6QuXY+1U9+v
LxQLuZJQpZE9vzx9dWKOUnkRg3Vcb0ppgHnWeYKq0HBNDdnr76YGHR75GfMDmbDf
VwvPmpsXIjNOT9+1CbMYFIp7bNqzytKYNHUnFoIPVrJ7eOAFauHyq3YOWXYDw5TE
Nuj3TPHwE+dobhsJZGC2v4gPfLE9cnt8gqv6MiRaATgu3rANMghZY1PmCxEa6gN+
aer+MS+UuyJlUpHV7G0XE4On4DdD3RbZVf2hzUT+yK8jE7lnVbjjLFFIro8W/Vyd
C8aFWnwIfyEshi8sONCuUHY+Rfvu7d+EuECTHpnI3KadTKzvJ2kOA91jyC2sea0j
UL59VNMl6ZA18+SyOYwLC8v5XkKHHfUOISEQ6twVUaTJvJiCwsmDzGHD2zCSNOif
31c+64BBlVdm4HspWXTnH4DrTlQ2xK4jtlMEarHME7tXR7KA09eW1Cxj7HThN6yz
bIjj+OaK/uks9mmJKfxx4FkKU9G3fM2B8jISO6H4htpt37XPwYBmTqAlYS1jGBnn
cT/WR6L9LOT1lLd1+xZ2BO7ztJhM4RKxMoaw0RRqYAnHT5bNi2o=
=IVD9
-----END PGP SIGNATURE-----
Reply to: