drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in gcab
Name: |
Pufferüberlauf in gcab |
|
ID: |
DSA-4095-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Mi, 24. Januar 2018, 23:02 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5345 |
|
Applikationen: |
gcab |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : gcab CVE ID : CVE-2018-5345 Debian Bug : 887776
It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially crafted .cab file is processed.
For the stable distribution (stretch), this problem has been fixed in version 0.7-2+deb9u1.
We recommend that you upgrade your gcab packages.
For the detailed security status of gcab please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gcab
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpo6kRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TLGQ//SlIEWkG2FFPQN+Qnl5kUX1wJLfs/u7P/kzwlqjFjSgQAPqre+llu27I/ Hxt8y2xBS8BiFTKXsxDAKJ5AH22lSfx7GP5zxNH60vyTPuKETj6EVIpw99VtRI1k p8S7qteakBKCRbBrsFWpNUYgnxx6iI9dxD6SZZX5p+vsgL33nSrJvNkEvyQzAEjf dmw2R7ozXZNerChPL3tVObsNfq2FSoHI0hm5TdM4C+aAj0Bg9kY/DQoApl7lt4m1 gbN8JSMu5QJkTbCKWDhrGM4O5uH7/ASKDQFP27VHCsGhfhsKq36i6fWUXAOMIdxN +YQQgcAVXKVFA4esi1oCf+b0NFvQ0kcDUJRo0xgcfFtug7e0ZJX7SzIIwD0smMTu tILCQMWPd0y93gsdOflJqW5H7uYHWzLBQVAC8XvJ7i+WX+itBU88k6Kis4oCK4it FBbfd8ma6yDYwHSOc3Ceq3+XYdDBu3wXRjAh4ZyjgTqjyXxW0iXalm3WMWxh11j2 YomV8N6CTel8MBXZcLlNz+G/M1qt3UHzTTpufgQEo8ud5+NDeUh+CgMpKyvUBDaP xD65XPhB71jzI1/yeSCc84exSCdLuj1o4+uyhsA/GRaR1WMueZhnZjJyFll/4oJh fuFJGDaTfpk3r1+6Rpdk+3ln6f8bYN8lbxjYQVNho7ykbgayId8= =RwBy -----END PGP SIGNATURE-----
|
|
|
|