Debian Security Advisory 3538-1

Debian Security Advisory 3538-1: Posted Mar 31, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3538-1 - Several vulnerabilities were discovered in libebml, a library for manipulating Extensible Binary Meta Language files.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2015-8789, CVE-2015-8790, CVE-2015-8791; SHA-256 | 39c6a3fab0de7faddc8189fbbd01277c0f30a5f09240794bbd902220ab8d8687; Download | Favorite | View

Debian Security Advisory 3538-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3538-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
March 31, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libebml
CVE ID         : CVE-2015-8789 CVE-2015-8790 CVE-2015-8791

Several vulnerabilities were discovered in libebml, a library for
manipulating Extensible Binary Meta Language files.

CVE-2015-8789

    Context-dependent attackers could trigger a use-after-free
    vulnerability by providing a maliciously crafted EBML document.

CVE-2015-8790

    Context-dependent attackers could obtain sensitive information
    from the process' heap memory by using a maliciously crafted UTF-8
    string.

CVE-2015-8791

    Context-dependent attackers could obtain sensitive information
    from the process' heap memory by using a maliciously crafted
    length value in an EBML id.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.2.2-2+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 1.3.0-2+deb8u1.

For the testing (stretch) and unstable (sid) distributions, these
problems have been fixed in version 1.3.3-1.

We recommend that you upgrade your libebml packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJW/PEhAAoJEBC+iYPz1Z1kX7gH/1PibgXXgTFo/V98AGgygeYX
AQiiqvhAHKpI0nVcFpKafeqSeFIUOJUeFLQBBshD6O/FWtCFaqoOx5L5FQ3MJJhp
hSbBDLkSB13Tj4F9oo2vmUBK6GrbrqrCHCPb9y7zGKm3U6A/m/R1f4Z6i2ggJL33
dVa94Rvn8bACF7cIAdCbBibAaKnPJDvs2uG6dvJVBOAPqKq8LzetRjfsgh2NW6gE
1WszE/i+G/uD22sS1xrrhg5jvWJmbqFO5FOCX6YnfUI/GQz5Asgd7I3DV9avlr3N
UaWOlSjVfK3Jyk8v+bwaEHZvW4R0DRmGIJQDSTNyAacT+CRzd+rS1DTDO3o3hDM=
=JG1b
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3538-1

Debian Security Advisory 3538-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3538-1

Share This

Debian Security Advisory 3538-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems