[SECURITY] [DLA 2010-1] bsdiff security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2010-1] bsdiff security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 26 Nov 2019 22:29:02 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1911262227180.3033@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bsdiff
Version        : 4.3-15+deb8u1
CVE ID         : CVE-2014-9862

An issue in bsdiff, a tool to generate/apply a patch between two binaryfiles, has been found.

Using a crafted patch file an integer signedness error in bspatch could beused for a heap based buffer overflow and possibly execution of arbitrarycode.



For Debian 8 "Jessie", this problem has been fixed in version
4.3-15+deb8u1.

We recommend that you upgrade your bsdiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3dmR5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdfbg//esgosF/QmWOO1YensbcRkW3wnBh8Q4gzPFbOtUmc/OjeW7ACSlCYr/XU
mwBd7kyq+X4SVVN2PMVK21IA2YxIf0UQaKkCX2ThxvEJbxg5tYBM5mBIF1S9NqtM
1Br6GOgT2bpMKfNv28thYjYKOfb1VwSahnTucsK2zoiUqk+OuKAFHUeUupOSZuEc
T5ACRQBRZwzR1FhAsahrV19ADUg4cP9v3J3HQsurDiZoDw5g3R75zcaMggAdriPc
g11hhbvwhHMMqaCv0lVaRflCLKadvQ4YEPzS1eSb1W5JiK9mjOASLQ52t5+TwATM
OT+QIXbXqonhvlhmnJ+4BXfg4NDw16hUNOqErhiGqMTcADKEUS35xic2h7JA7cwZ
eMB3n/PKv+HfsMiYgn7htdrGfzckyNgByjXuPyXQA+0ubEUwMyb6cLE1OvCw8+CK
JZh8/SKlWLtUMqxzSOt/zm7ddoQGb9uTblKAnI6/t7Zg+kekB7csK6agrOSa7MMq
Vi0akSNSByNNPZEtStIJpXAUFoVWcYMIxBxN7z7ACZ8K0RmnC0TSIwABzVXN3C2y
IxJkngiRDrF6GbuA7yXsPlHajt3S74iRmV6oJt2KdXg7ynbvvuRorC/rKC48rp59
FDuY9hOahIdNBv2/yGBO8tdVWv/9VB4umVZoKpByS5vj1yXVyXE=
=B1g/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2009-1] tiff security update
Next by Date: [SECURITY] [DLA 2011-1] xmlrpc-epi security update
Previous by thread: [SECURITY] [DLA 2009-1] tiff security update
Next by thread: [SECURITY] [DLA 2011-1] xmlrpc-epi security update
Index(es):
- Date
- Thread