[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2660-1] libgetdata security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2660-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
May 13, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libgetdata
Version        : 0.9.4-1+deb9u1
CVE ID         : CVE-2021-20204

One security issue has been discovered in libgetdata

    CVE-2021-20204

        A heap memory corruption problem (use after free) can be triggered when processing
        maliciously crafted dirfile databases. This degrades the confidentiality,
        integrity and availability of third-party software that uses libgetdata as a library.

For Debian 9 stretch, this problem has been fixed in version
0.9.4-1+deb9u1.

We recommend that you upgrade your libgetdata packages.

For the detailed security status of libgetdata please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libgetdata

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCdPw0ACgkQ0+Fzg8+n
/wbrsg/4yqtSRrVIx4RP7XTZUC9NFa2YkX0eXgAIf2WedW9x6kFQPDx8RoV6TEwH
hj9oxRNnNbmmYHABfZ/7F9OAasz5rKUnf916HWdzIfJdbu1xS21alHYMxXrP63mC
IjcKbln5dUnnNCljIdMgDkf11Sq5ylYoe+houbo/pPsephb1c5mQALRzQDQgqCxN
cJUB7dU4ikPanJypDqbHsf8ToNex1RsGBMTCFUghJZxGCYFqAVbAWTUY1civtQ/x
ABBQ5L9BvQzVxOteZsjzMFJM6gzMR6gnGCiWVgIzLhDmCXk/IYHuxchwr6ubOD8V
M0vEi5ntkAoWmdD5QRoMOc/B+uyWcsITQjVGgFkc9UvQhgj9gf8/IM9l4a8JOIw2
wYyO27BnLwZnS34IBrYbwExRf33lBA+KrdtyN5YJ97C4DTEPnos8Xo9MPVnU8B8W
X8NS/6/UrRRv4XiSW1hcybPDJMhcZeJMuVufxIDfUqqSnH/yerWFAmjzi2ZNn8rC
6aQELqx/Z1qnpRiINkoYm5TtrpG87nzcAyvN7qbJcYQRpuMKiiQZiYbIAtL1hNnF
OB3xLjooi61of9ObaJ9MlEwxBJk1GcNGMlEHgMbucumstHwwisoKDzlgVbhNUYZE
ZPxZpBUvpC7xIvMIcR7AIhZ3Whxqg3L0sY2niad+7ZbPC7y1eg==
=pqt1
-----END PGP SIGNATURE-----


Reply to: