[SECURITY] [DLA 1951-1] libtomcrypt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1951-1] libtomcrypt security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 09 Oct 2019 14:16:39 -0700
Message-id: <[🔎] 75cfef1e-02af-4cd4-9eca-3ce6fa9b5dff@www.fastmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libtomcrypt
Version        : 1.17-6+deb8u1
CVE ID         : CVE-2019-17362

It was discovered that there was a denial of service vulnerability
in the libtomcrypt cryptographic library.

An out-of-bounds read and crash could occur via carefully-crafted
"DER" encoded data (eg. by importing an X.509 certificate).

For Debian 8 "Jessie", this issue has been fixed in libtomcrypt version
1.17-6+deb8u1.

We recommend that you upgrade your libtomcrypt packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2eTgUACgkQHpU+J9Qx
Hljq7hAAvPVyKHaD1S3flhSjdc/AEFyTyjTgiXG5EqsVttXIfH3xjthQzRcrARJt
QQaZjkCuiQMnxToet/ufO9+z0ltMNur/8gYL8OapDRBcs5Y+R/gJcbPC2J2vzi27
HN58v7TYD+n9aZ1I/wzRkucgC59zh0bpQrgyKHOsnR5SqJws/l79B2g0Gzd+sY8r
2HiMltYcU4aS2399G3ZY1bwrTLWAGhPaYGqv1qdnHmwOg6ioGobGP9PZq/oGqIzA
vobvxDFpnnw9BojP2W4jmaw7PeturxpP1/FRgkt5/fpdEr3iY6CPuGG2vwSpfdaq
xA9DOyqHttrwthUMadDcVhsikg+tIX09oVPIZD/701ftQJufW/pVGCffJugKjk0g
uHN/oYhTK3E6PrpxrLCoqYSFz4ZQgiuG6h+LwMieJHIXRhQotsTJiEGfnfUTkC3c
c3H2dI2ygy/c5qSUMk3jZFohrJfpYoFz74phKaerG71V6JhVOqdWdI5GRorBhm4H
Hfl1ZqtCgWGqy6f4PBDZtU7YwX7qhRiTYQ1KHpNgrBqE/joiJidYO+xofGJs7719
GBtE7ukPRcSJmLUo5a4vt52uL22vqGmC/4U9zIu2pnT80PMQmJBaZ8cNhetsK9og
M8O7fMQNdwS1VwEIHj6gBOpjcCoh269J93+DD4fr+EwNb+/Pqt0=
=FiOf
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1950-1] openjpeg2 security update
Next by Date: [SECURITY] [DLA 1952-1] rsyslog security update
Previous by thread: [SECURITY] [DLA 1950-1] openjpeg2 security update
Next by thread: [SECURITY] [DLA 1952-1] rsyslog security update
Index(es):
- Date
- Thread