drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in Libquicktime
Name: |
Zahlenüberlauf in Libquicktime |
|
ID: |
DSA-3800-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie |
|
Datum: |
Do, 2. März 2017, 10:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 |
|
Applikationen: |
Libquicktime |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 02, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libquicktime CVE ID : CVE-2016-2399 Debian Bug : 855099
Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application.
For the stable distribution (jessie), this problem has been fixed in version 2:1.2.4-7+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2:1.2.4-10.
We recommend that you upgrade your libquicktime packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAli3yA4ACgkQEL6Jg/PV nWQCZQf7BHcwCzHyQChbZepTJHk+ENGTd/D5oz9hIY8CAp5f3p5MG+50ALf9KVJv WGMOTzU3NgpKDWSJTDNvZgHqyJJLKmtZqKeL0Vm8jFU97F0Op4XkfwUHXRe2fnMM KH6CwRyaog0vHAa7SlXbawlP4/DZPVemDyvvW8XY3vOjdkq0iIKehXs6TTncH7eH vGdVccJIO6S43ywNAkZPcRhVIz7Kfj2yiGx7kqbfiRs+dqgeaW9gUkLwrtMKnwr8 BbA8ff2Q5u0g+QQIMYBR2282+abrYR0tvlEV/Acl5IfKgsJOsQnhtPYZFxceBa8U Q2LB2iUEMU3NSvX09AxHY6V45zXtrA== =w488 -----END PGP SIGNATURE-----
|
|
|
|