1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3484-1] xdelta3 security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Feb 19 16:50:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3484-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xdelta3
    CVE ID : CVE-2014-9765
    Debian Bug : 814067

    Stepan Golosunov discovered that xdelta3, a diff utility which works
    with binary files, is affected by a buffer overflow vulnerability within
    the main_get_appheader function, which may lead to the execution of
    arbitrary code.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 3.0.0.dfsg-1+deb7u1.

    For the stable distribution (jessie), this problem has been fixed in
    version 3.0.8-dfsg-1+deb8u1.

    For the testing distribution (stretch), this problem has been fixed
    in version 3.0.8-dfsg-1.1.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.0.8-dfsg-1.1.

    We recommend that you upgrade your xdelta3 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWxzifAAoJEAVMuPMTQ89E5BkP/R75kZvWctuo7+D+S+sqPkFc /n3w5o2FXUFIkp8GWj7WA+nECKEf95vNaBDukNdRv3c+WsDJ74wiAkKei9TGKwsa lt0lTvMOZDwyz6ZzKyCeJC64RhYduVwzYFYlzi96cv7whK67OgyTR1sdK6KS7rqs qHoVGs6f2mahy8LYTE57KszUz9im5ZRzC5Gzr0aYCi5q1Xwq1FJkZ3KoNUWrLWBm XB8e5GUTD0dJnjf2JmfB/cUhLuSnomHFBT3Dz8QuJRoTKCBIZv9aoly4tjVFIZpd cxAdt8E9gGe9jc86xk2c098LsI2ta9MfGUMaLhEIYqJF9NGnYAHCeatyj7yZnVIq 4NPdj7lXL1XmC/rtRWWYiI46wTfs1j60B95tEY3H9z9c83x67P3X1z5pEpv1Yq29 qjVvH3vkKA2YFjSo/DSs5Na3vJUE33o3aKPJ4fCmVAxJj8RQD8ktgd4JsomMu3i5 nUhuMl2VPU1JCyX9ckniqXo9Rtb5yDLvyA0lgxAk826fNboS4bFolcNC7Gx0BG3E hMXV2JSiS1SP559ct5nw8zMkggyX3vsYNScrahA3Y7SA7wnAbLTR9V2z/eFVRZfP NCxjVmrHDhx/r0K4bapLOsrLiICBld8dQVxzB+Qe7zRTjbh6Prc7UeCB+ahOjoar Zn0EbyC0roOV1QsHDIp5
    =FAR5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)