Nacionalni CERT

Sigurnosni nedostaci programskog paketa jbig2dec

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />- -------------------------------------------------------------------------<br />Debian Security Advisory DSA-3855-1 security@debian.org<br />https://www.debian.org/security/ Salvatore Bonaccorso<br />May 18, 2017 https://www.debian.org/security/faq<br />- -------------------------------------------------------------------------<br /><br />Package : jbig2dec<br />CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976<br />Debian Bug : 860460 860787 860788<br /><br />Multiple security issues have been found in the JBIG2 decoder library,<br />which may lead to denial of service, disclosure of sensitive information<br />from process memory or the execution of arbitrary code if a malformed<br />image file (usually embedded in a PDF document) is opened.<br /><br />For the stable distribution (jessie), these problems have been fixed in<br />version 0.13-4~deb8u2.<br /><br />For the unstable distribution (sid), these problems have been fixed in<br />version 0.13-4.1.<br /><br />We recommend that you upgrade your jbig2dec packages.<br /><br />Further information about Debian Security Advisories, how to apply<br />these updates to your system and frequently asked questions can be<br />found at: https://www.debian.org/security/<br /><br />Mailing list: debian-security-announce@lists.debian.org<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkd8/1fFIAAAAAALgAo<br />aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2<br />NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND<br />z0Q6mA//QKmVvHleTPsAd8J4/RZN3FceRddsYgahBCjoA/sAc6T0led6C3T9xwrY<br />3R6tNEXh+1alqrYkPFRtnQsmu515UcxNYTed8zRtQXDpUqgqayvrQMlJRlS3VOGH<br />9xIM46rhirJnV7C96rk3pG2rGAxN7Uo8Z9+dH6PehFezF/GWt3EqHv2xcfU5Czwn<br />pPsSIndjOO+aBPiZql6iS4C7eEbs9lKSdRJ1YTbkyxF/TftjxByQ17HNsQR9PUWG<br />BtnJpbUpeFwAUr9XkV1w+jKtpbSbDETwC7m//+mxeRf8eUQh3BpnwXGjn+UmSH4B<br />0TlFBI4Tbh/+wGEjLJvs6b6BqBZ25q5InUFLXzQtN8/OYPHM+1QIPlJNRl8Ce7QD<br />J1FUhiCoWmwQDL2VBGkGPHcu0Yp+sqoLEgzeBSHRIgqiQklHrluhoUqtIMeeONQU<br />CF7Ox/XuvWW6qDWnfagD9J+TJoGmHummVKRZVcVaZQk2wO3zyj/ShhzbNr9BNLNf<br />yI1ZP2IIu4lvH6bjKIGvpbuLBv61vF12WToePlk3yQrxKK10Ibpwj43fitr23PnX<br />EAFKBPU3y8fPdqmEBzXKL6pK/E5Bb0mVnJ2RZZlOHLkI2evs2h+Co5R37INUSxsN<br />nWiHHAPSm53yCjbp9HxwdO6WiBrbWUhpmcyhv/+ayFtGn9Yvc5E=<br />=FSsa<br />-----END PGP SIGNATURE-----</p>
Otkriveni su sigurnosni nedostaci u programskom paketu jbig2dec za Debian. Otkriveni nedostaci posljedica su prekoračenja spremnika i cjelobrojnog prepisivanja, a potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija, izazivanje DoS stanja ili izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.