Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1449 libmwaw security update 12 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libmwaw Publisher: Debian Operating System: Debian GNU/Linux 8 Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-9433 Original Bulletin: http://www.debian.org/security/2017/dsa-3875 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libmwaw check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3875-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libmwaw CVE ID : CVE-2017-9433 It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened. For the stable distribution (jessie), this problem has been fixed in version 0.3.1-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 0.3.9-2. We recommend that you upgrade your libmwaw packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlk662AACgkQEMKTtsN8 TjbTcA/+Plg/eunsgV1vsyoFDKemipDYPJkK2crI1sVwtWtdKZq23SSBgPC4s6im RNowPvaE1RIfgBF0KMRbD+tLWUhpCukeCNGZWXQ9CwY6a41CK/2dtCf/uBR0TUbk lq6w8yo54SSl5odNkAnEGe2zAcAs18tnaljR5Kp4jiJ3dDd76tHRMDf+aOhD1Qh1 mUU6sF9ZbChbUYvCXUdalUqeK/POvQHiXNFwbNyWqMS3+Xej+GsUztg25N+m7ogi kv9dIOrNyDgV3AmJq2h3t3ywJiOfHbBzDsXbzzdRJQuH05dIlC/9oPyv3C4/68iS 7YLIjMG1x9soQu24HcqJc/bc8HgagK5kDR7LbXpecYtmDlJOZr7C1egbqUwV11sJ B7TuEnYC99bv5uDkfh5n4CcPPqJsippIzgmcWEZhHKKScpLs0WlyUtOToXrAm0JD YZq/+ahxKE+F9npPEL9YPcpEpOe/8Ierf1Vqa98T0AhcikexN+453EkrnOGG//e9 X07/P0V3SAGnvz5NWzWyijaRdZD0iEgMLtf5Fc1jP1z3r4Dj7TURaIItYzD0MjGY cE8iAfhas0QycG6hFZ2peBfbS4Eb+qgZtZrBcOxomAtAVXCyt2GvKVBScQ1hlBsL mncU8rSs9h+re6FmrtT2FxyJidGVjHyUlv5WLRuixfVQh52qQjo= =LJeN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWT3kDYx+lLeg9Ub1AQil3w//Q8y0D0wpyFcF6b25M35bWgHxEh7z+ClI XDplxe5wQTRm6ny8QBqZw9ooaRL97iS4wvNHcsdcHHhhJJxDvtC72z9q9EzVX8v8 VskHUQFf7zvHU/Gewsvx0mJE6p6Qsz1blaIzAJANH47uDJgg5+3KfKD/tyqLHkOG m9ruYPIelJxAI17Z9UG2Lax5zLGuevQlVQ9ycRBia1TraiBns3Ise7d11XcOb06v FXNy8cIccA3HtEP9pRBjpwYmD/VsLVmTr2eFsMrleFupsspp5HgUjtnFbUglFdyU u/cP5B9DdEYKHnHiRP+lizDIcr0WY9n+CRxgzi/rgUCmHQIAnTdkeaaUJIUuWmEk rCISKzqC6L4ytD6oTeuaP16coVaJte8m3bzu5VqBBC73WhG23GSQ3HO3p3WWu348 QPd6hRu6Z7a1GmEXVBiEZoYi26bapMwMHc6MDrt69CyfKJJXKyM6L7bCMTAnIVp4 ArgY+LtYXnIj2e/rb2K5lI9Ybl4tR56Asv1QDqFYR6RPrd84DoKUuzAOcW1OPBNw hgB5rRoyDVSqDmbWaJ54USzBwvFdo5J4UVjByQrehy3WbepoQaaTD0a+qpzAGjf6 ae4ObHfIwATdH4fN3pTAcnHI/Hg7lmflMY5fGq8CF1pg6CpyXfUE5gY2JTshC5Dg yWzIg9d8Zdk= =nOh5 -----END PGP SIGNATURE-----