[SECURITY] [DLA 1192-1] libofx security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1192-1] libofx security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 26 Nov 2017 16:58:53 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1711261657580.30566@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libofx
Version        : 1:0.9.4-2.1+deb7u1
CVE ID         : CVE-2017-2816 CVE-2017-14731


CVE-2017-2816
     An exploitable buffer overflow vulnerability exists in the tag
     parsing functionality of LibOFX 0.9.11. A specially crafted OFX
     file can cause a write out of bounds resulting in a buffer
     overflow on the stack. An attacker can construct a malicious
     OFX file to trigger this vulnerability.

CVE-2017-14731
     ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause
     a denial of service (heap-based buffer over-read and application
     crash) via a crafted file


For Debian 7 "Wheezy", these problems have been fixed in version
1:0.9.4-2.1+deb7u1.

We recommend that you upgrade your libofx packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJaGuS9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHECsQAJNPPpAriX7lf7IJMgmzpldA
sLL785ZLv2soC7UTfxhWM7+zoC/3+qXIrDkcBMlJak+cgaLBgtk47H9XhIc2iuRQ
ZlCljZJ6a0kpolDjX9pWcZXyb7n/VefUTuFGVBagK/ixRZOTUXJ5Y4xnuTTXHyEJ
Yvr6BrkvJIlcXThFAuYgtitHhZm2ilTLWhzjbbz7qBVEj91ebxYJHzXiDhuvgRDx
JWM8rPFoK+Vi7+U3MciQgD9tpmpxcVVNZ16cTJ00IrJzG3hQ+IsTQ5rB2NwtOpLq
IUhMdvQbAe5Fokqw7mvAOOks+mutAI67EF/dlampXohMglBqt1CWPmgkxliwI9am
KLYOs6r2aJUdlBj5+XDBEcJnLe/Q/sxPSvU7/8yuvIRufs57NaTo9OhXvCcwWeKl
qaOzH1+i8OxgXUwXtGggiH6YkkWEu1oLGd1StoeApC317VwTWP8ugovmC9jJE3hV
qiTvOvDFhnGgUOqLdPxpln3V2d+6WMuS7lvMs+MFL/GCeQCiY4NBcrTuFai2FaMH
okH3OvQd5oADa22EK+8UgCHhYozpftknoIJ4g3tpSCzQ0q/DLttAr1YpKRGRIfx2
kGElvcVrfyDagXjEv32JnJ93f3syrUjzMjgNvCMumc/8+cYHOSds8ySPb/ZIoDDI
NKvzLaTTD6YkxpFv1EyC
=iWcX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1191-1] python-werkzeug security update
Next by Date: [SECURITY] [DLA 1193-1] roundcube security update
Previous by thread: [SECURITY] [DLA 1191-1] python-werkzeug security update
Next by thread: [SECURITY] [DLA 1193-1] roundcube security update
Index(es):
- Date
- Thread