[SECURITY] [DLA 2837-1] gmp security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2837-1] gmp security update
From: Anton Gladky <gladk@debian.org>
Date: Thu, 2 Dec 2021 20:53:16 +0100
Message-id: <[🔎] 20211202195316.B0CE24A0128@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2837-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
December 02, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gmp
Version        : 2:6.1.2+dfsg-1+deb9u1
CVE ID         : CVE-2021-43618
Debian Bug     : 994405

One security issue has been discovered in gmp: GNU Multiple Precision Arithmetic Library.
It was discovered that integer overflow is possible in mpz/inp_raw.c and
resultant buffer overflow via crafted input, leading to a segmentation fault
on 32-bit platforms.

For Debian 9 stretch, this problem has been fixed in version
2:6.1.2+dfsg-1+deb9u1.

We recommend that you upgrade your gmp packages.

For the detailed security status of gmp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGpJCkACgkQ0+Fzg8+n
/wZlUBAAnuM5xs5sZQ1w5Wc2HXt2lPdIb/8ri2pUVEL8udLpvSiqrJlOqyBnY6R1
HKgcFOEVsajlMYJYFCSEjbN6qR9mZMxNFcI0XwC5kn0wFdLKD3FPS+jiOKDHBGF/
z1OhTJqFSCadQUGCrGQb/63M6dl8CKXy2MZNEdvkZiPsbIkYKfBAsq9gbxqcoWK6
jnOSgzbYmnU1aj6oH7QIrL2amPMx/ZcOx8v9tt6C1m2fCMEZM/yOT3mVSxaYwiAF
odPSHGNVdgl2uWQwpW5uoP2csJ+RD6rXB86sct/cCjtRGLCRZYzJuy7sIeKzCbu4
bnc6NnOG8qbdVE4mNfUzh18UrOfoU12seeEY9O56w2n7OV+HVpqHnWFygizYoKjL
d9L5cs9WRFlBxdQx9Ps5IBgP4fdwhU7QHSKeOIb3wnEVrahO3QCvGHKz8LK/rZep
a4dN9Q6gpqvqzgAQh6zNShidIUTtSlfgSVdVPrSMVkMNKxS8B6WLNYculwBkqZdh
QW4lc+NH3R9OJf1ecXGMc5GCFvIPHJxK+NXsoxbMcVCdiNsoYgVnPRUDlV4WrvZh
C9GFJbXkS45GKBda17TaTKM+EBEFDoE5opmWl/xwNkJu8Wjv/aZBO3kflLn2Bl4x
Uf4rQmMZWBqn4pjftlQz/jh44cxs66T5Fqahsp4WIp2cRw4Hlxw=
=/0KZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2836-1] nss security update
Next by Date: [SECURITY] [DLA 2838-1] librecad security update
Previous by thread: [SECURITY] [DLA 2836-1] nss security update
Next by thread: [SECURITY] [DLA 2838-1] librecad security update
Index(es):
- Date
- Thread