[SECURITY] [DLA 789-1] icoutils security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : icoutils
Version : 0.29.1-5deb7u1
CVE ID : CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333
Debian Bug : 850017
Brief introduction
CVE-2017-5208
Choongwoo Han reported[0] an exploitable crash in wrestool from
icoutils. The command line tools is e.g. used in KDE's
metadataparsing.
CVE-2017-5331
It turned out that the correction for CVE-2017-5208 was not enough
so an additional correction was needed.
CVE-2017-5332
But as I see it there are still combinations of the arguments which
make the test succeed even though the the memory block identified by
offset size is not fully inside memory total_size.
CVE-2017-5333
The memory check was not stringent enough on 64 bit systems.
For Debian 7 "Wheezy", these problems have been fixed in version
0.29.1-5deb7u1.
We recommend that you upgrade your icoutils packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
-------------- Ola Lundqvist --------------------
/ opal@debian.org GPG fingerprint \
| ola@inguza.com 22F2 32C6 B1E0 F4BF 2B26 |
| http://inguza.com/ 0A6A 5E90 DCFA 9426 876F /
-------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJYfosfAAoJEF6Q3PqUJodvDXoP/2zEnTaABMB9aPkCf65KuN2b
uPH9C96U2Fs04qYeR7D4unxHCII/KtnaFQ6TJ0w09Yw2ElAAGnwJngrIrAOJt7HJ
ZAzSm5FS9UfS2/GpoH9sMF2s0wYThaT3w/nLNbC9+K8zYr0zRnTD/ZMboS5BpaWs
1IwaJamvyy4tLz8RBgfzzqovZXDJvzoIRp2Imub3eP2Nge71eH0ygACFXzKLdH4d
nMkKFeeyaGWIdRmL48XfXcRBnq8zL68t5QKpO0TjdFC66QN/0032OYGmt8P4WbDT
3K56GsjdY1PipJnBOjsu4lMCE99jp7bU6ZQTR2m/C4MaYpWZqqgGTT4fOlUk1BaB
0Fj8+w3aCSnQz1g7JsRincEBP5Sju85nTPFb9ZqKKkzti3kb6NYD+OSlOQysq8QO
Y7gWDdwoUb5qh5aRyR+CTXczEAmmQsxH40ZV2V+A7CTp9qZCmxo1hZECcfUaSkZA
ml7ZT6H3NuF7QPXHWOXuaJpF3F5Tco/3lQ9gCwDZg2TCqCnwg3aApxbKQvoqR6Eo
1xPY9yuMRPhqWGEKpyVLwatU/HnyOECx665EiumVFCzzkcWlVpg8BpGuQgO4uh28
PXowlxHmrWvCta5z+Z64ir5efOyonD1XZX4Sl3LycJL1LfvylfV9jc9ZJPkCVJ4k
t0q9Ao7MxbyvvwpyVFZI
=I8ic
-----END PGP SIGNATURE-----
Reply to: