Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0769.2
freexl security update
16 November 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: freexl
Publisher: Debian
Operating System: Debian GNU/Linux 7
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-2776 CVE-2015-2754 CVE-2015-2753
Original Bulletin:
http://www.debian.org/security/2015/dsa-3208
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running freexl check for an updated version of the software for
their operating system.
Revision History: November 16 2015: The update for freexl issued as DSA-3208-1
introduced a regression when handling
certain Microsoft Excel spreadsheets
files.
March 30 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3208-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 14, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : freexl
The update for freexl issued as DSA-3208-1 introduced a regression when
handling certain Microsoft Excel spreadsheets files. Updated packages
are now available to address this regression. For reference the original
advisory text follows.
Jodie Cunningham discovered multiple vulnerabilities in freexl, a
library to read Microsoft Excel spreadsheets, which might result in
denial of service or the execution of arbitrary code if a malformed
Excel file is opened.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.0.0b-1+deb7u3.
For the stable distribution (jessie), this problem has been fixed in
version 1.0.0g-1+deb8u3.
We recommend that you upgrade your freexl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWR0exAAoJEAVMuPMTQ89E3OMP/3t0dIqxOodj8kL/WrMFbRBz
bIAPBU50Jbv3SpgZNa3CkT4gjvWgEA79RsF0obepqYf/5h05FC8Kpvic7hUYsVj3
4FYk1KNCvYP67+UIpu5pe0hV2w9OGMJmVZWI4qUVjxIHenhHbv4WAEoa2vGk7wlk
QQAQfmRepiy6i6pEZX7VGbsQsLkBKzWQl8T7NJrxbrT35fM2hmQin93gJzLMGWFQ
YyLzvtPxs4FBkKbGTESSbtLkhtHq2Tnax+GqZsPkT2NVtOm8qXEqaw+Tnx/Hopjp
eVqB0uvdkFFSZx8wFlqUCVFHLun/03KRKz3foGDCB1eAL4jODfFZV37vaJ182Exp
EqJuDdYoUyGWM2ikr8cEP4+OsHEXeDeUiZPkU9Hr+1FSF2AUHWvIqB+RqNTJZF+E
5aGBO/HJBFxf4Z1fZVmTqpgdjl1Wqi77pPmqfvNA27YpBGjVCzqtfEB6c8HHdRDS
viIEmE//E2pquOyrqU3noFBTcAlddvreKjkWo3y+DOHGSS7JLL8FUVM9amnPOmpn
vbID6vVKJvTk8NyeZoHsGxRh3GgVHauI+9wV7yUSWItxQM2Jubd1eYKfgmqi0u9i
a4L+ADDaQW4Gvd9NqLZ/si5YOvEEysQjqXdHpIE58wxivU9x/XJ6Zu/OraCKGf1a
DXiRuF3RQlIV6agMYiuQ
=RGyz
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVkk7EH6ZAP0PgtI9AQJM3A/+O0ldqdNfJctH/nWYu/Nkx6cruSPeo7J9
Ag7n6to95xn1tt0L6h8ylFnmqnBpHWYqqi5XcSuk9kVN7tth9wqF+QYOmI1PnDi5
KpJadWT1vQhvwvuxHWpr1bq+3HEO5cIfZ8dE4Hq8eU93BCsRMwSTb95aM/qgRlbP
+cHSuxse+p88AkxQJMgUeuPmirOTNK2GYBkcDWAKajgNVn4NtDSaA8jIgYqmy6BF
dzxgasJUv7NNaunfa0MskH7NOGUkqP5UjsKPwFR2ylC2jP5g8ZB8pKc28HpQrO63
9GbOnhHb4o4dw+F+pHeGZ2LxM09gjZXcfqm/96QQ36A5jPhEx4Smu7cUPTybp6EN
oHiv5T56UrF5GBVjVAMKf9p/6sXnZD5kW+LCdkiAFYsjB5QCjiYODKAjsMmTrd/u
8q0g4XyPIkQVEx24tySJQe4eMzQkfKLWYzilzDh1FCixBVBnCGU1X8f/EzmLwqj8
R4gdj4IPF2eI+5obYRJjrHTdhakQdWbzzNNwqzwNRppg283LdlaQTF3eQE+FrGrD
12k6n/uL1NLl2OMczWebM03dGqgSc9JfHbSg94udYOLN7YurniKVPyMOoT2kC2Vx
tItkTUmEhhCvBlRDmQ3y6UUUbt1uweLSsceTBPXG/6NbawDn9gd8PccSg+4tXnSY
pbUGrufI3aE=
=HQh+
-----END PGP SIGNATURE-----