[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 909-1] libcroco security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libcroco
Version        : 0.6.6-2+deb7u1
CVE ID         : CVE-2017-7960 CVE-2017-7961
Debian Bug     : 860961

CVE-2017-7960

    A heap-based buffer over-read vulnerability could be triggered
    remotely via a crafted CSS file to cause a denial of service.

CVE-2017-7961

    An "outside the range of representable values of type long"
    undefined behavior issue was found in libcroco, which might
    allow remote attackers to cause a denial of service (application
    crash) or possibly have unspecified other impact via a crafted
    CSS file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.6.6-2+deb7u1.

We recommend that you upgrade your libcroco packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlj8lAcACgkQnUbEiOQ2
gwKfrA//QTmxVgaeY2VZ5wEz5LgLHX7J/0LD4p5TOt0Bmuehk6Iqa5k3dF9Wa/EJ
TFG1/Q1h6ehED3UX/qvQChQo1ZPrf/R5hEdgTvKm/UOWPj+c+0COsT2eYwmwGjGx
XlqBe19ChgfbJSyUdDogG/jIr4DXVfi8Lsmk22fJUzMNE0HTFRWoA+NaWiO96/IX
A4j3f0G9Ujfxmpz0nLV7x52oVxnYgIzC8jBSA2dJ/J0fGeOXqK1ULSpzdmP57DPe
GZiYyaVcFrz0QnD2sXygjO9Tiwzk9KzrdAxjKLkoT3LhoXHjF0keMoC1ILoEEQSX
wh8Orc4Iap6MbL1OPessn2VsoISqnxwffOidMRq2yt2k3qAz2YFWuDhb96hmI/9r
zWMLQ9XHavo2aQl+gtJrXBsqjYCkkndHLORkzNP+FT65bss3c4MXj3fe+QvcLBWu
ffzW5gByfdZVeIFH8bti4M8Y3INC2e7Hx+gSJhA6Myxz9p02iPgcKMp0EFhgM3rD
CYCm4RR6tHnl387kwp9fl00mSf0JlFftxvMNxY6ynfvNiQ9xefRUlIghCoMG8zLX
HAKpNYyBdrk/YviPdz3kFwtw6WVb6TR8o7ons2aLvDS1u1UbYVB1EOzZrv4i8dPd
vE/c9TrNHpqawvLoUUOFH/KmnYxueIK5iUJFEbSAPDi6VlQ2ehY=
=I3WB
-----END PGP SIGNATURE-----


Reply to: