1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3800-1] libquicktime security update

    From Sebastien Delafond@1:229/2 to All on Thu Mar 2 10:30:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1 [email protected] https://www.debian.org/security/ Sebastien Delafond
    March 02, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libquicktime
    CVE ID : CVE-2016-2399
    Debian Bug : 855099

    Marco Romano discovered that libquicktime, a library for reading and
    writing QuickTime files, was vulnerable to an integer overflow
    attack. When opened, a specially crafted MP4 file would cause a denial
    of service by crashing the application.

    For the stable distribution (jessie), this problem has been fixed in
    version 2:1.2.4-7+deb8u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 2:1.2.4-10.

    We recommend that you upgrade your libquicktime packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAli3yA4ACgkQEL6Jg/PV nWQCZQf7BHcwCzHyQChbZepTJHk+ENGTd/D5oz9hIY8CAp5f3p5MG+50ALf9KVJv WGMOTzU3NgpKDWSJTDNvZgHqyJJLKmtZqKeL0Vm8jFU97F0Op4XkfwUHXRe2fnMM KH6CwRyaog0vHAa7SlXbawlP4/DZPVemDyvvW8XY3vOjdkq0iIKehXs6TTncH7eH vGdVccJIO6S43ywNAkZPcRhVIz7Kfj2yiGx7kqbfiRs+dqgeaW9gUkLwrtMKnwr8 BbA8ff2Q5u0g+QQIMYBR2282+abrYR0tvlEV/Acl5IfKgsJOsQnhtPYZFxceBa8U Q2LB2iUEMU3NSvX09AxHY6V45zXtrA==
    =w488
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)