[BSA-112] Security Update for iucode-tool
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Henrique de Moraes Holschuh uploaded new packages for iucode-tool which
fixed the following security problems:
CVE-2017-0357
iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in
the -tr (recovery) loader. Using specially-crafted data files and a
specially crafted command line, it might be possible to leverage this
heap buffer overflow to cause heap corruption, which might allow an
attacker to run arbitrary code.
For the jessie-backports distribution the problem has been fixed in
version 2.1.1-1~bpo8+1.
For the wheezy-backports distribution, no fix is necessary.
For users building directly from the git repository, all
debian/release/* branches have been updated with fixed versions where
necessary.
- --
Henrique Holschuh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYh3giAAoJEP4Rv6aLFY6YcrIP+wRDxWJjKRxpNTc1ZKC+kNx7
csuJsF2cQJQC5wvg+5lDFF9zHdn7GyCaW1Hgduz/xstBHetbbt275SWAI9lFiwCg
hby8GrNkj5pXxd8484fc7jXnYYTKPxxMnIrBwf2qlyNb/C508HyK/WiYT97gziSr
w+unTF/pxuQctAcKQgEpxRoRQA17T13J/I/MMjonKSkoNh157VAuLnUTN9qHUl4m
LnRpvDGKUCDjBJML59sn7yatkZbhtdTF6CutN5OEORt4KpEet59pEj/rewb0UNjh
kQd4/vczo1HhQME+gxz1dyEcKaqVxo+gO8q6oMi9QxgkqZEgPYdC2gHE5cDxIir7
lG55bRHm1AMzwKuCs1GpeFoGB7hxWlCuXm24g2KMyzUf6jIpCg2SEMCh1q1yYWva
Aso62D92p+TRDCdn4pyrqTlR6c8AUAxN8acYbWxrRws46D0EIiM6ePS29/h0tpDW
qxruP+7cWJ9dgW0xbMnnnsAInFkr+7NcYb/iU92DBMoefq1U0x0jvWv8srGU+cJx
p3S++c4KWx+4q0ieBLpD6qyJ8MK/9xgXUgUpwJaer09gvFCNuGQeUHtHfQfPGWxV
FrSZSIciI/s5Oc6Ri3o67LRp120mlqDNt+gO3uefEg6GtabCxbVNmRqb+NQFn5MB
UGhxfXIxkztuYrmPx7Do
=uTHl
-----END PGP SIGNATURE-----
Reply to: