Debian Security Advisory
DSA-3551-1 fuseiso -- security update
- Date Reported:
- 16 Apr 2016
- Affected Packages:
- fuseiso
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 779047.
In Mitre's CVE dictionary: CVE-2015-8836, CVE-2015-8837. - More information:
-
It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities.
- CVE-2015-8836
A stack-based buffer overflow may allow attackers who can trick a user into mounting a crafted ISO 9660 file system to cause a denial of service (crash), or, potentially, execute arbitrary code.
- CVE-2015-8837
An integer overflow leads to a heap-based buffer overflow, which allows an attacker (who can trick a user into mounting a crafted ISO 9660 file system) to cause a denial of service (crash), or, potentially, execute arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed in version 20070708-3+deb7u1.
The stable distribution (jessie) does not contain fuseiso packages.
For the unstable distribution (sid), these problems have been fixed in version 20070708-3.2.
We recommend that you upgrade your fuseiso packages.
- CVE-2015-8836