Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2351 freexl security update 18 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: freexl Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-2924 CVE-2017-2923 Original Bulletin: http://www.debian.org/security/2017/dsa-3976 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running freexl check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3976-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 17, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : freexl CVE ID : CVE-2017-2923 CVE-2017-2924 Debian Bug : 875690 875691 Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened. For the oldstable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.4-1. We recommend that you upgrade your freexl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm+rNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RHlQ//cCqNi4ELc3pTRL22wBbR6uauaT01uU2Z1Dw0Qyu+RO/tSZXuIPRGqVDg qS9zFLYfUXnmukzt3TUzxPgsXx5WsC/fCBxtY8gn32jFPvO2z653DeQVwlTP/RRn CanHOp++Z0IsxIwVifsJPX5n++2B+vT6U4YlIBZoOaH759XghdRnbZBudczI8rYo 4OluQoZoUVQ/bIGqlWZG2XsDz/PpouXJ04WMSfW0WzmfmrrcOBQV+I+hXgiIu7Wf 2JRirpzxgogQWUwZrkMQFONO2/B67RK3adrYaA5DvqhFy7aCQ9e7ArZtEt4swJCk Dg791qpG9djkdnWFTYucE76DyQWxbbbeNNoNJ1Q/rL2GyIUGckSkuZpBF3Y0uEz9 x77rHn3v1GqIF9wgF5Hndabkk3rrdKplaSs2dNN++VfEBLznnUy63Re0CV2/+DH3 kr03lbGgxA3vEbc3JT2kSAN6oGw8Hf8t/PtSsQU3sgxTAEnEb71F67k6AkhB5ks2 KxdUIJKCeBWa7jzfmdbn3oxQA97aVyfF6q5AQwGDyHpL0qji6G29HKwZoVOUpz03 PKWR52fjyf5FS/Q19+j5i0puWigDBPWckLYrge5xyFPPGmxpS0MP8LyglnHcV42Z HFc5gNdBFK5Ug5Bj2cSGLKjp55vTKXZehoG2T1r+ehY7KtoUrtw= =6rTh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWb8PjIx+lLeg9Ub1AQh4ig//W5VEtEY1o75ZcIjkk1RYy2RXQomdsX7B VcV9IUAScjFAGZSJG07V4lR2+PmK9uDWOtOx0yesq61jyzo4YYTTZF5VNXMOgQEp bkYYzxXZLKtiX3mvm3JgINwlPvEUXgdzvMErO8x+4VIHF4GB9hUNiryfolzvL9LM QFhzgQudWMq8CGilZOx+Smf3EowsSul04HEPaGquZLj4D2KRzSzdz6CZ0SX/4meG 9UJuxckQCGN4NSZ78gGwa8WKi2GSHHHnlmIXjU7TEvMrfg7qdYxCrfPfZPIv9yD8 zxYZZRK5iUqLDWiRnw3r8k2koXPpdMP2mXLntjPscX/717uyeRZizY7eo7yjC/zt kj41nhJd3iELFm2iXyvkl3BkRMIWnwAglYIIZG3t1LF+ZKIuM/lnyqQHneEx5XWs bPrfpLtwcOoaauXlEPw0ql0P1zL239BlyEUcFpA5zvF3pF0C26519KYkypkyUkyq deX/mKiVppj1B8JkLmxfmrPugyVQD1Yy1BPjmlfKdJFEW4e9mhmHkvVs6CGgr/n4 3MWbE77UrELPeCPSX9h5eY1KjUTK6u5k2+Q3FE2TVCLoBIFKBZSI+VeFV/wqhGSI Ha7Q9xUaKy0M2PAyJCUDqMKbWgRDUIe0N/XdGlgt0F1QKPKYT1HlcHs3wXIsGPqP /PB7/mMs8gE= =msyJ -----END PGP SIGNATURE-----