Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0486
jbigkit security update
11 April 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: jbigkit
Publisher: Debian
Operating System: Debian GNU/Linux 7
Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-6369
Original Bulletin:
http://www.debian.org/security/2014/dsa-2900
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running jbigkit check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2900-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 10, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : jbigkit
CVE ID : CVE-2013-6369
Florian Weimer of the Red Hat product security team discovered multiple
buffer overflows in jbigkit, which could lead to the execution of
arbitrary code when processing malformed images.
For the stable distribution (wheezy), this problem has been fixed in
version 2.0-2+deb7u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your jbigkit packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTRvjcAAoJEBDCk7bDfE42yZgP/jMx2SQ1jSj0SdBTicDm5dok
RRYB6Y6ZkfSoIN9Yp2FuNMn88fJMp5ecRaHtnUL8E4WV+aW1NYUCu7BPpb3SnsBG
SnvHjJxgG+MDGC6NBap+rD6dwx4lKWMDEdU2Hm6M/GNvpGb144tRY5mCGeGCuQCR
vQbzjWh7eB1rqHvFRT+HALbOl2aqLgTKVjQS76Pw6S/QxG5eIwMFojdGZju+wgsC
232b1NauudTl74gayIA2V7m2U2J/Qj16EbLtUp7rd+AgNeaOPCbAtRZPfz0K2JBP
zoxHpSvfbm2s4D4Mf9YdlEVS65kQfwNvGfATtH1UogQmHDvV8pZvaVP0RD1NFyCm
iCs2CZJhg9/WwHBMJDsa+VXTukdGSjbK5nmtezQabL1/0r3pufuE6NmbybmURAhg
iiCOF7jUWFcQ9agQDTSq1roDqptcUL66leDlrboLcOWTS5jjDGwGWZ/7W7lyELKt
ckQc4h+fs770nhV6bjR2k4WtnQldpBANBva7TP7a8oUc69XPX6Blu+5j/jnFU6RC
XZXMkHhzAJojvBpgQ1oOeUWrtsISd9Ypo/UuAN2hKIufxSwNg6IYQiqnLjy2PEHK
2m2kQewah1UJwCNJ7AbH6nUMdoZFzV8BINLb7posky3WJ5p630Vx585L7X8uhn2k
53EV1XEGBLtOxnUv49jP
=yzUL
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU0c+1xLndAQH1ShLAQISbQ/+OnA5iuPW+Te4NtMcSWyUbjlFPPQ62EaP
dcCddad7rrlxTeyzWkhKiCGmtY6kcOKIYMk4o3ej/ks25VG7SBMptViksDDzwT88
olK8++0CnCoZ0rKKMpkuFMzS03AW66wBzFSEjj0hCNdP42Aecq69LbbAqyTwP0Pk
NFPtUBzQTakEO5VToHiKl0ZLUjpkkf5wWuNRz39/KvDXRC2OtNpX00KQwnfpWVlS
Eu6pBmnByAzm9MXehocrVz+ITPLLPF4PJSOJ/Qu5FaFOR1NcK/+i9ZfjNCqRYOBC
cGDxMifkiW68N+KrNHd0gu+n4vXWCmzlbA6tjuieMqY1i6gPX3rxWUnUYT9smc9N
m9JqJaKZvUDw0t9zdSdbWgHWlT2qlnq42mLDgrD4+QLHJrTIbSjc1FBvBXUuswBv
gsge7IXMjcagA+b6Hl0OnlEvcXIdAR1GptZLqvWFUeooi9FSafbyvE2iAFz7PRVT
I9mknLcHY199rztEEFatVgcsgZd2OXURmeivFFi3Q3KxOk3w3lxvZInIGT04UtuI
mDup99xNFU3hCIqYRrxsrN2cOXt/GCp3NUxunI7Yyo3poTNtb+HLOh3QV8anUFP/
oPdaZTD9gHMmLUyl+qSP06ty8gEX0Kqhq6zfCd3Y8zfbUVh1OgTb9wCPE2JjcZms
orCP6VyoN/g=
=XYjZ
-----END PGP SIGNATURE-----