Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0567
libquicktime security update
3 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libquicktime
Publisher: Debian
Operating System: Debian GNU/Linux
Linux variants
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-2399
Original Bulletin:
http://www.debian.org/security/2017/dsa-3800
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libquicktime check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3800-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 02, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libquicktime
CVE ID : CVE-2016-2399
Debian Bug : 855099
Marco Romano discovered that libquicktime, a library for reading and
writing QuickTime files, was vulnerable to an integer overflow
attack. When opened, a specially crafted MP4 file would cause a denial
of service by crashing the application.
For the stable distribution (jessie), this problem has been fixed in
version 2:1.2.4-7+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 2:1.2.4-10.
We recommend that you upgrade your libquicktime packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAli3yA4ACgkQEL6Jg/PV
nWQCZQf7BHcwCzHyQChbZepTJHk+ENGTd/D5oz9hIY8CAp5f3p5MG+50ALf9KVJv
WGMOTzU3NgpKDWSJTDNvZgHqyJJLKmtZqKeL0Vm8jFU97F0Op4XkfwUHXRe2fnMM
KH6CwRyaog0vHAa7SlXbawlP4/DZPVemDyvvW8XY3vOjdkq0iIKehXs6TTncH7eH
vGdVccJIO6S43ywNAkZPcRhVIz7Kfj2yiGx7kqbfiRs+dqgeaW9gUkLwrtMKnwr8
BbA8ff2Q5u0g+QQIMYBR2282+abrYR0tvlEV/Acl5IfKgsJOsQnhtPYZFxceBa8U
Q2LB2iUEMU3NSvX09AxHY6V45zXtrA==
=w488
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWLjSLox+lLeg9Ub1AQig5Q/8CHttEZ7QLpnCFq5NF2uajGBhfy8pZVb3
TUjRzcPPxhkFgyRL39I8FFf66v52HC5dxmKfQhfsOqEqU4JDU6bUAuEuNQwHrVAC
9BI+FN4Owlya5XrAp55cKSKBxL2GLqxMCCVJSZn//WU/XFHUep6hfaYTwAICm0DQ
MYVarjRydFleRGwI8lEp4m4v+oqviF+6R7G5h+liqccn46wwCe0CKeGfVKlNOSDH
xTwcqbfvPtzT3zYvbeo0OPTq1/ClCIn1B/RqRLUJq1i8+cS1MC7/DpfwE4rCdUMb
rrvL4ejnljdst7BLkc1aeJigHI7EBDS4naDnaJ8dve6k2AuSvM2SeO/HgF7ml3Yb
p2Ii6Ge5aREat9iLVrJhRN3Qz/KrXfiFxKN8mVENmxriuVVMfBcclUn6UcjUphdi
kivGm7tUedGD8U7AwdBUzUJ8ycg6vuQXlzBIjf0erDrHHUUTBDVg83wsIhCVgXfr
GDNuY0IhzgB8oHUldz/gX7q9vQA4bjAw5T66+BzaKrvjqRMft5m48lhjFQsZWrXq
k3avrgvEmM3ztgokKDfiZXuhzwrgrt3NseHe/V0ndvE1nAi+/Qs+CFCZY9n/3W9B
5IkZgn78/AjQ0UyGHpTI6WoHyb+xObCtZ0qbs1Ao8zlKPfZZz26erzUZr0vdQoRd
qu2+CszrmQI=
=Gal+
-----END PGP SIGNATURE-----