1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3772-1] libxpm security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Jan 26 20:40:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libxpm
    CVE ID : CVE-2016-10164

    Tobias Stoeckmann discovered that the libXpm library contained two
    integer overflow flaws, leading to a heap out-of-bounds write, while
    parsing XPM extensions in a file. An attacker can provide a specially
    crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the
    user running the application.

    For the stable distribution (jessie), this problem has been fixed in
    version 1:3.5.12-0+deb8u1. This update is based on a new upstream
    version of libxpm including additional bug fixes.

    For the testing distribution (stretch) and the unstable distribution
    (sid), this problem has been fixed in version 1:3.5.12-1.

    We recommend that you upgrade your libxpm packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliKSw5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ri9Q//Z3BxxTXj2xOhUA6sYvs+9ikwYDGP0AznBA0SRLk0KV/Gu+CNzQIaXDiY ZD4eU7Hb8hICGnBpQVSG3bsgC6bPWmfD1jKzj+dwQSdVjdFdYiNDfVN3NPUY0L54 Ssx/xT8PbPgD3XZI+kVCbdphKJNvmudAxrBHWAfsUgDVs9heWDfFYQ+s8h6FOspX SqNO6Bmcplkx27U2I/dKsRhuho8ZqK3SjYJEBmDzXlSC/PDFTykPxjt4Fzw10RD8 FxwEfQpHJD/U2GIQe5JsekOhlaQiXeIGzD7DdmipTFXtKkQ9eZO8EWY1p3pgwF/a tohJ64r0616iUYTN15HcYcRxVfGCzN9ULuyUEMXI263O/fFGvKeSorXZmxupy7OM HePCDp3CuzqqsR8PvbsLXsPobDpEfj441FKhZ84qnbfOsZ7p4FttdQPeL8/4wket 6y9MHvcMo4dTMfc5g++MZY+PtA3aOGl7k7jwPz08otuCtClX23f23BFuDECzmh8H 2Fe82x2FnfMdN0Xy7FzDdyMPSlp1O6QhKNWw8bNSWNUNBR7th2BT7HkerKag3Xvh mckzSAF/+IHsDYUy84X5sDeRcBylfTCPp96HQrkSrpJklNRP33QzJ85HVFNjmVOC KprZP5Tz2rTS60zJyz58DjVxbK8rKMkm46XauLFSTSJQj1yraYM=
    =V3wb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)