1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4095-1] gcab security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Jan 24 21:30:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gcab
    CVE ID : CVE-2018-5345
    Debian Bug : 887776

    It was discovered that gcab, a Microsoft Cabinet file manipulation tool,
    is prone to a stack-based buffer overflow vulnerability when extracting
    .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with
    the privileges of the user running gcab, if a specially crafted .cab
    file is processed.

    For the stable distribution (stretch), this problem has been fixed in
    version 0.7-2+deb9u1.

    We recommend that you upgrade your gcab packages.

    For the detailed security status of gcab please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/gcab

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpo6kRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TLGQ//SlIEWkG2FFPQN+Qnl5kUX1wJLfs/u7P/kzwlqjFjSgQAPqre+llu27I/ Hxt8y2xBS8BiFTKXsxDAKJ5AH22lSfx7GP5zxNH60vyTPuKETj6EVIpw99VtRI1k p8S7qteakBKCRbBrsFWpNUYgnxx6iI9dxD6SZZX5p+vsgL33nSrJvNkEvyQzAEjf dmw2R7ozXZNerChPL3tVObsNfq2FSoHI0hm5TdM4C+aAj0Bg9kY/DQoApl7lt4m1 gbN8JSMu5QJkTbCKWDhrGM4O5uH7/ASKDQFP27VHCsGhfhsKq36i6fWUXAOMIdxN +YQQgcAVXKVFA4esi1oCf+b0NFvQ0kcDUJRo0xgcfFtug7e0ZJX7SzIIwD0smMTu tILCQMWPd0y93gsdOflJqW5H7uYHWzLBQVAC8XvJ7i+WX+itBU88k6Kis4oCK4it FBbfd8ma6yDYwHSOc3Ceq3+XYdDBu3wXRjAh4ZyjgTqjyXxW0iXalm3WMWxh11j2 YomV8N6CTel8MBXZcLlNz+G/M1qt3UHzTTpufgQEo8ud5+NDeUh+CgMpKyvUBDaP xD65XPhB71jzI1/yeSCc84exSCdLuj1o4+uyhsA/GRaR1WMueZhnZjJyFll/4oJh fuFJGDaTfpk3r1+6Rpdk+3ln6f8bYN8lbxjYQVNho7ykbgayId8=
    =RwBy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)