Debian Security Advisory
DSA-4026-1 bchunk -- security update
- Date Reported:
- 09 Nov 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 880116.
In Mitre's CVE dictionary: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955.
- More information:
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.
For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1.
For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1.
We recommend that you upgrade your bchunk packages.