[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3353-1] xfig security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3353-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
March 05, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xfig
Version        : 1:3.2.7a-3+deb10u1
CVE ID         : CVE-2021-40241
Debian Bug     : 992395

A security issue has been discovered in xfig, a diagramming tool for the
interactive generation of figures under X11.

CVE-2021-40241:
    A potential buffer overflow exists in the file src/w_help.c at line 55.
    Specifically, the length of the string returned by getenv("LANG") may become
    very long and cause a buffer overflow while executing the sprintf() function.
    This vulnerability could potentially allow an attacker to execute arbitrary
    code or cause a denial-of-service condition.

For Debian 10 buster, this problem has been fixed in version
1:3.2.7a-3+deb10u1.

We recommend that you upgrade your xfig packages.

For the detailed security status of xfig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xfig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmQEvKEACgkQ0+Fzg8+n
/waH1g/+IW/TB5mq/oTzEmohkmCwfz/j6WiRQr90yWo3TU/o2HkO7owpbqJuMNvi
gLADPK4qd1sL52oAZ9hThjnxaDtnqGRxkuRVxu0IVIMeH/wlXzj2+r58k+iBOhzY
oE07ccCa436IhS72djbBRNvEDBZv72NQicU3fXQXPJcizyOvITw/x+ykc9gBHICO
UnDj9HE9x5QTDH+BgTVZg/43jAzC2SF2Ydq/Z7yrKI1MFvZgZFXNrYc+BtBHlQWU
Z1ZSb+WxltKDb8tb9buPZzdhZmfPnz/6y0fDylEfSislTVjbK0CbgL0AxCNTqniD
JX7/KWCrVvg7goTk9br3DMlqvX1EMRe+cEY8VZealIFwQ8GTyBMhx1Kq8iCwrH/v
8oSoIGNw1y48ijvvwl5r73Twxb7PJoB8NWidt99gnwMlH6jf40CB7m/K2pxoft+p
so5yGBIMIYxty5A+82NK9wesS4ckYJy9aMsYpge4tzkL98T1zYfraHVUZeEVc01I
e4rsDlrO73MRyjgPkLUU+EoFjv+Z23BypjRpCiE2NUGk964pa2vThANWkOsTC1qj
7GPq7Sa664bPojjaPdD4BWHn062ibVoeAd88IHyJxwzijM3vLtjrJoma7hmcYYpV
0Km5ITJ0+nZ2wxgRcD+P4S4OGZvVRNJdkDcoWfddi2SJyXM4OeE=
=rD2W
-----END PGP SIGNATURE-----


Reply to: