[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2705-1] scilab security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2705-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
July 07, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : scilab
Version        : 5.5.2-4+deb9u1
CVE ID         : CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 
                 CVE-2021-31598

Multiple issues have been discovered in scilab, particularly in ezXML embedded library:

CVE-2021-30485

    Descriptionincorrect memory handling, leading to a NULL pointer dereference
    in ezxml_internal_dtd()

CVE-2021-31229

    Out-of-bounds write in ezxml_internal_dtd() leading to out-of-bounds write
    of a one byte constant

CVE-2021-31347, CVE-2021-31348

    incorrect memory handling in ezxml_parse_str() leading to out-of-bounds read

CVE-2021-31598

    Out-of-bounds write in ezxml_decode() leading to heap corruption

For Debian 9 stretch, these problems have been fixed in version
5.5.2-4+deb9u1.

We recommend that you upgrade your scilab packages.

For the detailed security status of scilab please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/scilab

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDnLjIACgkQ0+Fzg8+n
/wZCVA//QGHjMXqEDMGgBlKA06HsTifv+EkXWcowJ3AwP1MG8HiasWYovdxqUqvd
hFOmsVdYoVDmE9Mb0UvaniRoNavdvKou7I6ZMf4PGnwp+YZulaj5KmdJ4+MVLeVe
EPeQB9lz2mVut0wCWMEm665fYGMwGj5beJKdyj6ley8BKs22r8VEotTrP3wvCyh5
sykKPursI3+JLzraTgilk8cn55tl6VY8u/bIVPrT0KHu+Nm+KlKLNLyfjnfJHbl3
LXiNegYWrSzo1Ant3BgdF3jf3RO8n8j7o5ULkIzgQg+sLaC3dOdomJAE2M2kV9ak
lYnqeQsjp8ceKdi/kVOIBq5xV4okhztRun5bcu7mhXhzlwGiDmjwvdn6mCbBFzOj
2ov88xwAe+G1GCOhvRaclAaWA3o6fz5oqLTfpsn+DAOSrkR06LAeKYS3Zs8puuD0
ZLQGmH1P+VGZDmwMg9tXNtvajCaHXxMwunSTtN/QhmZM7cGpaAWXfOLIpOzAJ9Rt
n6fE9TGWAi8/1MSFKVFeY87SQbkV7nNT9Fb9RXJs8LAhrtgpxEpWRd5wHDTLEPCk
IlXhA41iE6sWt+7v11h0fxYajYR61AFygOXlid1PoX6kNcLidSReJLtasdQryHOB
3DzYstcG09q9Lt/EifFQdKsOzncXh/bZL/gphRcVZt/AJ8h3FpA=
=Mvga
-----END PGP SIGNATURE-----
Reply to: