[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1284-1] leptonlib security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : leptonlib
Version        : 1.69-3.1+deb7u1
CVE ID         : CVE-2018-3836
Debian Bug     : 889759


Talosintelligence discovered a command injection vulnerability in the
gplotMakeOutput function of leptonlib. A specially crafted gplot
rootname argument can cause a command injection resulting in arbitrary
code execution. An attacker can provide a malicious path as input to an
application that passes attacker data to this function to trigger this
vulnerability.

For Debian 7 "Wheezy", these problems have been fixed in version
1.69-3.1+deb7u1.

We recommend that you upgrade your leptonlib packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlqFVRYACgkQhj1N8u2c
KO+JrQ//WQAuSSEkIOetjtAR8k1Lar9sj6Qc3rQL0LF2jXFr4CvkMJdrOYLm/2UA
9yNXJ5lc2JbAvECfnWWVlQHiULEwgEmrxG5KhzlWP6UP+wkC2ua6ialtgLZswloT
NOTCosFucwGwulh8WhVy0AJvvqlD9ksB604QG6HxtaMgZoFx97GLvCmsPCRAbs4v
KXp5BmJMSaoVBj9XyfNKNTsBF5cMwHLR8pnQdGFrx3X+dfYZvi31JWuliLYILjJu
ZfpLyd1iBEKzwXsLxsEcpK1hdDp146MNJvI5JTON+cQ9tty0FeUnGCUj0/LE/LtO
+k3o74hUtRbw/Jga7VmJtyp97bXRgTggMZ18mwjRciVBDuwCF1sUNAeCHt8dBQI5
ZFHF7vL5YGqf1kqXtRytdYNrhQQVCZK8Mh/zsE0J5njyt55ilxwecPjqFXhASdW9
p+5w8/IkCNnVHc5n2ASt5aiWBJwJUeRTe3IrnzkAHy5RiYK8GaxlTbumP1XKhJzp
V7RYhr/vpWBc+pkfxYIpnbY0f4YcJB9CfI++HEsTsQOF1v5ElWmeUGp2v9nvopR6
YKlvED2V2sfOvZwdDr7CeYzaSkhFM9BXCgVQ/qOsIGhxlnf+7hlIeL8x4BtYLq2w
hsv4WzGFCTxW6zjGl2DckfRvvBZnsQuRBRivc78HIacALa0bERE=
=PSHC
-----END PGP SIGNATURE-----


Reply to: