Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0486 jbigkit security update 11 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jbigkit Publisher: Debian Operating System: Debian GNU/Linux 7 Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-6369 Original Bulletin: http://www.debian.org/security/2014/dsa-2900 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running jbigkit check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2900-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 10, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : jbigkit CVE ID : CVE-2013-6369 Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images. For the stable distribution (wheezy), this problem has been fixed in version 2.0-2+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your jbigkit packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTRvjcAAoJEBDCk7bDfE42yZgP/jMx2SQ1jSj0SdBTicDm5dok RRYB6Y6ZkfSoIN9Yp2FuNMn88fJMp5ecRaHtnUL8E4WV+aW1NYUCu7BPpb3SnsBG SnvHjJxgG+MDGC6NBap+rD6dwx4lKWMDEdU2Hm6M/GNvpGb144tRY5mCGeGCuQCR vQbzjWh7eB1rqHvFRT+HALbOl2aqLgTKVjQS76Pw6S/QxG5eIwMFojdGZju+wgsC 232b1NauudTl74gayIA2V7m2U2J/Qj16EbLtUp7rd+AgNeaOPCbAtRZPfz0K2JBP zoxHpSvfbm2s4D4Mf9YdlEVS65kQfwNvGfATtH1UogQmHDvV8pZvaVP0RD1NFyCm iCs2CZJhg9/WwHBMJDsa+VXTukdGSjbK5nmtezQabL1/0r3pufuE6NmbybmURAhg iiCOF7jUWFcQ9agQDTSq1roDqptcUL66leDlrboLcOWTS5jjDGwGWZ/7W7lyELKt ckQc4h+fs770nhV6bjR2k4WtnQldpBANBva7TP7a8oUc69XPX6Blu+5j/jnFU6RC XZXMkHhzAJojvBpgQ1oOeUWrtsISd9Ypo/UuAN2hKIufxSwNg6IYQiqnLjy2PEHK 2m2kQewah1UJwCNJ7AbH6nUMdoZFzV8BINLb7posky3WJ5p630Vx585L7X8uhn2k 53EV1XEGBLtOxnUv49jP =yzUL - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU0c+1xLndAQH1ShLAQISbQ/+OnA5iuPW+Te4NtMcSWyUbjlFPPQ62EaP dcCddad7rrlxTeyzWkhKiCGmtY6kcOKIYMk4o3ej/ks25VG7SBMptViksDDzwT88 olK8++0CnCoZ0rKKMpkuFMzS03AW66wBzFSEjj0hCNdP42Aecq69LbbAqyTwP0Pk NFPtUBzQTakEO5VToHiKl0ZLUjpkkf5wWuNRz39/KvDXRC2OtNpX00KQwnfpWVlS Eu6pBmnByAzm9MXehocrVz+ITPLLPF4PJSOJ/Qu5FaFOR1NcK/+i9ZfjNCqRYOBC cGDxMifkiW68N+KrNHd0gu+n4vXWCmzlbA6tjuieMqY1i6gPX3rxWUnUYT9smc9N m9JqJaKZvUDw0t9zdSdbWgHWlT2qlnq42mLDgrD4+QLHJrTIbSjc1FBvBXUuswBv gsge7IXMjcagA+b6Hl0OnlEvcXIdAR1GptZLqvWFUeooi9FSafbyvE2iAFz7PRVT I9mknLcHY199rztEEFatVgcsgZd2OXURmeivFFi3Q3KxOk3w3lxvZInIGT04UtuI mDup99xNFU3hCIqYRrxsrN2cOXt/GCp3NUxunI7Yyo3poTNtb+HLOh3QV8anUFP/ oPdaZTD9gHMmLUyl+qSP06ty8gEX0Kqhq6zfCd3Y8zfbUVh1OgTb9wCPE2JjcZms orCP6VyoN/g= =XYjZ -----END PGP SIGNATURE-----