[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 438-1] libebml security update



Package        : libebml
Version        : 0.7.7-3.1
CVE ID         : CVE-2015-8790 CVE-2015-8791

Two security-related issues were fixed in libebml, a library for accessing the
EBML format:

CVE-2015-8790

    The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3
    allows context-dependent attackers to obtain sensitive information from
    process heap memory via a crafted UTF-8 string, which triggers an invalid
    memory access.

CVE-2015-8791

    The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows
    context-dependent attackers to obtain sensitive information from process
    heap memory via a crafted length value in an EBML id, which triggers an
    invalid memory access.

For Debian 6 "squeeze", these issues have been fixed in libebml version
0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: PGP signature


Reply to: