[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1807-1] vcftools security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : vcftools
Version        : 0.1.12+dfsg-1+deb8u1
CVE ID         : CVE-2018-11099 CVE-2018-11129 CVE-2018-11130


Webin security lab - dbapp security Ltd found three issues in vcftools, a collection of tools to work with VCF files. Different functions in header.cpp are vulnerable to denial of services due to use-after-free issues or information disclosure due to heap-based buffer over-read.


For Debian 8 "Jessie", these problems have been fixed in version
0.1.12+dfsg-1+deb8u1.

We recommend that you upgrade your vcftools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzsRc5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdNnA/9FOQBK0PxgvhuGMUWCAsOAFyRxxvVpFMcgUB/vpWAd/AaLuWPq84eBsAn
VzwYS/VjiBeFm1qFk2QK6Z1TJFSSrVFeGlxWhpPwBIU7fZlksuP0EjWihvj/p4iw
JJ+zbHgTokIIZ3Y8DCN9yGtv8o7f7ACt4CN36I4XkSl5wqelsKokWLlBp6muBaEm
NUoBa3I6MIM0szy4DsKTIC7pIzxkbJ7MJA97gFNWNiWb1SG6hmv2Sc8kccqfPlJd
GhMDAsNZ1x5bmQDUb+VYzFHvdPpDAolzl+qjkWE7187BPW5Tcw+hegvwktBBQstR
L76zHtLjj9DrZL+w4mk85uoChGJYK6QfXNysBznQHdrE0HlETznziRufXAxF2OSb
BG6d2p+FVlUgHmKPIT2hNQHQMntyp8HhlN3bLP6mCLMMvPP65S5A87CjWB2khMWC
wiyOlbSIYdGjCf/t16x10Y9asalCf4tX67p8tlF93NEz/jzKN//hUaVIVu/eVunW
AtpypmAo+buYEED8eIOsfq/kij8J9PFZGcaEt+9PHMxGQXl0zp/eDzC5Ox8lyMST
d9qwEtNU5/07uRzblQw3wkdXeaCslOInk+/+LZbJ+Kt0oWnw2zNN93+O3ytztWIF
J9RwLZgyQ4Szt1yi4AHY2KciLHfIzSKrx28EOaNDzd9g3nhxtuw=
=9rT8
-----END PGP SIGNATURE-----


Reply to: