Debian Security Advisory
DSA-3526-1 libmatroska -- security update
- Date Reported:
- 23 Mar 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-8792.
- More information:
It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory.
For the oldstable distribution (wheezy), this problem has been fixed in version 1.3.0-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 1.4.1-2+deb8u1.
For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your libmatroska packages.