Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0026 libextractor security update 2 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libextractor Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-20431 CVE-2018-20430 Reference: ESB-2019.0008 Original Bulletin: http://www.debian.org/security/2018/dsa-4361 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4361-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 28, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libextractor CVE ID : CVE-2018-20430 CVE-2018-20431 Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed. For the stable distribution (stretch), these problems have been fixed in version 1:1.3-4+deb9u3. We recommend that you upgrade your libextractor packages. For the detailed security status of libextractor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libextractor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwmnq8ACgkQEMKTtsN8 TjZtGg//WkvzGjybJw4CGuWjgYojFCM/J/btzucjUesF7kN/oJW7Y4pOSQ1lNBXh QuSz0RMmoWBolW2nHzzxlJonoB2DtrUrIF7iIROj5hYik665iIIvSUzXwMZ0vsUo r0D5/3jo2vPFMWLAVbKGl6oMtlwM5SvOL2NGvz8E32DmUp4yVzIo15G/aA50UP6x USCnGGAmIK9l0NN5Rnbwtn2vCyBTzkmz21NilTP9yOmfSDRZEjVJSLtaTxDALleI znlxEuopgMUMx4GAkyAzxaLN5rZeTG+4bQvAFCDoLNygkCE1TyYy1+3JaEd9wYsL HfN4M2x+HtRCPhsBrO4y1GUz/Yf0s2hLZE7g1dHASPXd16iA+y6uEjMMY1Zakg8/ 3Apnx5UNpYE2NV13Ejk7K2xg3Oamj0O01waHt7ZScLLzZ51OFnFusHjzg18EWym1 /yVv7OTx2G4+apM8ClEE2HVaoavS+PZ4aU6tgPqPkVH5RqsbfGWKirQQhKUd0U9D CUNHgQoLbEaUCzUQ+n9d33RV4L+HRzxjpqwGwq7jbdkDCmEus7xMWUBRkbuVjQbc aat4N7Sly7qqrIFl/r6DkQ8Fd6if0txFQyiH5jsEJnU25Nn2booT6SXG56LMlz8T JeqPTB5htzDT24d5jcfHtVoNHrZTcGToPoChIAvzB+M2HvOOg3U= =VrwA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXCw0qGaOgq3Tt24GAQgX5xAAsiCaSpCtpm87LBmMcFSlAtNeVD9r+p9u zp9zZ50Hsiny2LWntw0bgMD95J3b4vsr+iaYWMQj9rlAx3kOAQWhnvLaOghDCukZ wiBaqWUyQeALZ4q5psbubgyyOeEiXqJIZbbzAGyEACrsFCsPWbZXME1Nf85cQuwR 1uxP+mNa2CEDYXqAR4TMv2yIN3KEhORPDY6V6G4mmSFioBFVJok4daNJ0ShYQ7We Jfa+hp/8Vsloh6humGfX0yUXhAGP7IUEPB8cFdabaXNAEIJ/12ToNYoUyg3oRE8d HEXm6yARraGiw1vCT3xGF1rXjHfXDM92+31s1WXJp5BK7cml7hsJjc87uE7bB5YN j416x7FMtoQ5kJRcLRzpNvpbUTixm9TM07egY0l5mfrYdbaY9EQRTx3NMDXyjKcJ g013fKObO1UVy5hXPr39MTRFdTOvFRDlGCS5IRaewF58QFtMLXL+yhMaBfZo4goR 1niZBsjQeiM5ddd+3J4NMm0OCT98VBA1b6Mz6384I0o18TuulLwvQyb32wUsEqVE fazy3JAR+LjubyfI5lyzbqyVfGzoXOu24ABN1nZfkdrFmdn0Mq9uSm4rocTbl4LZ 287OHyREUgReWSR1+p8BgJYRvb6UEp8s0cR75pbcM6cNF2gv1nZbVqlLUJ/ImM6+ wAeflPj+zfU= =tRlA -----END PGP SIGNATURE-----