Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0246 libxpm security update 27 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxpm Publisher: Debian Operating System: Linux variants Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-10164 Original Bulletin: http://www.debian.org/security/2017/dsa-3772 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libxpm check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxpm CVE ID : CVE-2016-10164 Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application. For the stable distribution (jessie), this problem has been fixed in version 1:3.5.12-0+deb8u1. This update is based on a new upstream version of libxpm including additional bug fixes. For the testing distribution (stretch) and the unstable distribution (sid), this problem has been fixed in version 1:3.5.12-1. We recommend that you upgrade your libxpm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliKSw5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ri9Q//Z3BxxTXj2xOhUA6sYvs+9ikwYDGP0AznBA0SRLk0KV/Gu+CNzQIaXDiY ZD4eU7Hb8hICGnBpQVSG3bsgC6bPWmfD1jKzj+dwQSdVjdFdYiNDfVN3NPUY0L54 Ssx/xT8PbPgD3XZI+kVCbdphKJNvmudAxrBHWAfsUgDVs9heWDfFYQ+s8h6FOspX SqNO6Bmcplkx27U2I/dKsRhuho8ZqK3SjYJEBmDzXlSC/PDFTykPxjt4Fzw10RD8 FxwEfQpHJD/U2GIQe5JsekOhlaQiXeIGzD7DdmipTFXtKkQ9eZO8EWY1p3pgwF/a tohJ64r0616iUYTN15HcYcRxVfGCzN9ULuyUEMXI263O/fFGvKeSorXZmxupy7OM HePCDp3CuzqqsR8PvbsLXsPobDpEfj441FKhZ84qnbfOsZ7p4FttdQPeL8/4wket 6y9MHvcMo4dTMfc5g++MZY+PtA3aOGl7k7jwPz08otuCtClX23f23BFuDECzmh8H 2Fe82x2FnfMdN0Xy7FzDdyMPSlp1O6QhKNWw8bNSWNUNBR7th2BT7HkerKag3Xvh mckzSAF/+IHsDYUy84X5sDeRcBylfTCPp96HQrkSrpJklNRP33QzJ85HVFNjmVOC KprZP5Tz2rTS60zJyz58DjVxbK8rKMkm46XauLFSTSJQj1yraYM= =V3wb - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWIqlQox+lLeg9Ub1AQjbtA/+O0nLSUpOyPmee2S6x4jZJ5hhatmSCCw5 0mZT5gla/5aqHli3HI1SOvaBA3nKRrNLlqIYkogNpvhCM7sTTz2IddI8wySFOlp3 3TGc/vfnqLM7EpT9hLjip/rTtJQFKUiBmsAsvu4omkWcCmITaGzmQNM75UnJjEak uhhIcxkqyXb6fvaWOwzSmV2IBrXFQvpp40xejA7FsIY3MZixESHGDrUKhIPVhZlP pH+gwrX2TfVUnVzU4YiXp8ByiJnmPc1R/okYpTV6BwSLwvlNPTh3q88nd24h0W03 22SAe9t5DTBUJE5V/98FHi5/C/UE6kLQrTAh+75T63TB5yfIt+gYRGhoR0VY48WU AM+pJ/D6R4hpcrwy7K+b3IImvfTglWedCK2HCEpcrZoc+y5I4RuE3FnQHpaFxc75 KNfTJ9BE0KnlLx85smuormXk3mt7z5vriNXizVkuDK8nDApFpmWB1oki/XcF1XNh rlZ4wffkqUML9NkA90OX1hK3iv9V0GikMgsnzS9PZ7+TPYVXSxsvxFWN8LqZfwF4 VBWKk7mC6Jk4xAFLJsOrGugEfXNU7lkGeURhf711Wwu7x3Q9Opt9oer5GT+iNbtg Cgc6WUSJu70d5p8QHAS1e5calSx9ayZiqmTVGG1/z4+1DlgyCdeTKp5k4wrJ+QdO yi3B8i2gYRg= =iDYp -----END PGP SIGNATURE-----