[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1734-1] libraw security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libraw
Version        : 0.16.0-9+deb8u4
CVE ID         : CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5808
                 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819


Secunia Research has discovered multiple vulnerabilities in libraw, a raw image decoder library, which can be exploited to cause a Denial of Service.
The issues contain divisions by zero, out-of-bounds read memory access,
heap-based buffer overflows and NULL pointer dereferences.


For Debian 8 "Jessie", these problems have been fixed in version
0.16.0-9+deb8u4.

We recommend that you upgrade your libraw packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlydOxZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd4bxAAtDMOyUoEJqsFtGpMHjwzAVik6l8tW4I417s4ul9rCePNuTY0UFlgc4Km
GEMsjdpCaZQi53X7F5QKQMfoGJzcnNWWJ9nm+j8eB45ZQAwjbr9/ChplMksohWbz
cp4xTnheR0V5mtlwMF3BWOhDDmiUd7rvjjJ8E9ZUkoTG5WY4yku/JqHBKH60Gd1A
xfavGCMFRA+cxcKH0dZvJSMcys+DLTqXc54D8uhMmNaZwqLzR4Je4qoBqLPYbfs8
9kSzCUdl88bJWdWZplfUFpSgLb48KweCVuTf+gYHARctXG9nCdvFCjkjE2CGqQX4
AR7/R70Bo9K0yBEXm3Tz1QDYl4btHg+Xfdc8CJcRwdzKbfzJdOav4QgAT5I8Vhbv
qDAr1yb5sWaKb8pa7Wk4GFCxWiylV3PoQYXyBfJlIab9u9nawunAOkLAnHUYJlSd
NR0rftIMfM9D8r8p9KIY7gvRJYW8E5r8cAQB2EQ/6Vf8mT2JsTGw06eitv/4beyW
v+jEq69hRyhdUT8ItAeyDGJUDBOH1W5xGtiYOZCbFRJ+IuNTRbuTuq3DHlt7rNvM
6GLQmekenTPQ8vVcHDcqTi5UJwp5JOj0DppjljM7qSPqjovXIOnI6Gb2PIZFOwxj
rYIfGVBPJthHEwOu2A5tgtMXchuxHtfkY+2Hnnilmh2OzabFuBY=
=DF6i
-----END PGP SIGNATURE-----


Reply to: