Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0769.2 freexl security update 16 November 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: freexl Publisher: Debian Operating System: Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-2776 CVE-2015-2754 CVE-2015-2753 Original Bulletin: http://www.debian.org/security/2015/dsa-3208 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running freexl check for an updated version of the software for their operating system. Revision History: November 16 2015: The update for freexl issued as DSA-3208-1 introduced a regression when handling certain Microsoft Excel spreadsheets files. March 30 2015: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3208-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : freexl The update for freexl issued as DSA-3208-1 introduced a regression when handling certain Microsoft Excel spreadsheets files. Updated packages are now available to address this regression. For reference the original advisory text follows. Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened. For the oldstable distribution (wheezy), this problem has been fixed in version 1.0.0b-1+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 1.0.0g-1+deb8u3. We recommend that you upgrade your freexl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWR0exAAoJEAVMuPMTQ89E3OMP/3t0dIqxOodj8kL/WrMFbRBz bIAPBU50Jbv3SpgZNa3CkT4gjvWgEA79RsF0obepqYf/5h05FC8Kpvic7hUYsVj3 4FYk1KNCvYP67+UIpu5pe0hV2w9OGMJmVZWI4qUVjxIHenhHbv4WAEoa2vGk7wlk QQAQfmRepiy6i6pEZX7VGbsQsLkBKzWQl8T7NJrxbrT35fM2hmQin93gJzLMGWFQ YyLzvtPxs4FBkKbGTESSbtLkhtHq2Tnax+GqZsPkT2NVtOm8qXEqaw+Tnx/Hopjp eVqB0uvdkFFSZx8wFlqUCVFHLun/03KRKz3foGDCB1eAL4jODfFZV37vaJ182Exp EqJuDdYoUyGWM2ikr8cEP4+OsHEXeDeUiZPkU9Hr+1FSF2AUHWvIqB+RqNTJZF+E 5aGBO/HJBFxf4Z1fZVmTqpgdjl1Wqi77pPmqfvNA27YpBGjVCzqtfEB6c8HHdRDS viIEmE//E2pquOyrqU3noFBTcAlddvreKjkWo3y+DOHGSS7JLL8FUVM9amnPOmpn vbID6vVKJvTk8NyeZoHsGxRh3GgVHauI+9wV7yUSWItxQM2Jubd1eYKfgmqi0u9i a4L+ADDaQW4Gvd9NqLZ/si5YOvEEysQjqXdHpIE58wxivU9x/XJ6Zu/OraCKGf1a DXiRuF3RQlIV6agMYiuQ =RGyz - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVkk7EH6ZAP0PgtI9AQJM3A/+O0ldqdNfJctH/nWYu/Nkx6cruSPeo7J9 Ag7n6to95xn1tt0L6h8ylFnmqnBpHWYqqi5XcSuk9kVN7tth9wqF+QYOmI1PnDi5 KpJadWT1vQhvwvuxHWpr1bq+3HEO5cIfZ8dE4Hq8eU93BCsRMwSTb95aM/qgRlbP +cHSuxse+p88AkxQJMgUeuPmirOTNK2GYBkcDWAKajgNVn4NtDSaA8jIgYqmy6BF dzxgasJUv7NNaunfa0MskH7NOGUkqP5UjsKPwFR2ylC2jP5g8ZB8pKc28HpQrO63 9GbOnhHb4o4dw+F+pHeGZ2LxM09gjZXcfqm/96QQ36A5jPhEx4Smu7cUPTybp6EN oHiv5T56UrF5GBVjVAMKf9p/6sXnZD5kW+LCdkiAFYsjB5QCjiYODKAjsMmTrd/u 8q0g4XyPIkQVEx24tySJQe4eMzQkfKLWYzilzDh1FCixBVBnCGU1X8f/EzmLwqj8 R4gdj4IPF2eI+5obYRJjrHTdhakQdWbzzNNwqzwNRppg283LdlaQTF3eQE+FrGrD 12k6n/uL1NLl2OMczWebM03dGqgSc9JfHbSg94udYOLN7YurniKVPyMOoT2kC2Vx tItkTUmEhhCvBlRDmQ3y6UUUbt1uweLSsceTBPXG/6NbawDn9gd8PccSg+4tXnSY pbUGrufI3aE= =HQh+ -----END PGP SIGNATURE-----