Debian-LTS alert DLA-740-1 (libgsf)

From:
    	     
 
Chris Lamb <lamby@debian.org> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 740-1] libgsf security update 
Date:
    	     
 
Sun, 11 Dec 2016 19:53:23 +0100
Message-ID:
    	     
 
<1481482403.3871011.815465529.3ED09183@webmail.messagingengine.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libgsf
Version        : 1.14.21-2.1+deb7u1
CVE ID         : CVE-2016-9888

It was discovered that there was a null pointer deference exploit in libgsf, a
I/O abstraction library for GNOME.

An error within the "tar_directory_for_file()" function could be exploited to
trigger a null pointer dereference and subsequently cause a crash via a crafted
TAR file.

For Debian 7 "Wheezy", this issue has been fixed in libgsf version
1.14.21-2.1+deb7u1.

We recommend that you upgrade your libgsf packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhNoJYACgkQHpU+J9Qx
HlijtQ//bolNntRESdaKd1VDlyo1MG4gJ+V/gSatpS7h/kMFeBItKCT9py2JlVIr
K8xH96uHYAMGsUHUph2kjFfW/VxQk97AxwOiAdLWue+M6jhCi2ghqe7zZL9VoA73
FvEeqOjs8WeLLMedzF9SP0gvFtweLqq+/nbcDmp6z+2KncSPjID9sTHNS32UUYoZ
6kRmj9e2CVXERd/UHZd4/fj6iPDNPb/0B6uiNbmDo2fYLprNay2dz0qmh6EEA4Up
dIIwI/QCoRZWzraUpswUuoZp4yS0Hc84Q7MFZ+9RjezCJNtklDAkGA/SmjPi5OwK
eVoSdl71ldgPCfd9AKm7YMc+3mGKlETNV1mBIfw5pxuGYlTBl+t4M7gvIyomeJO9
AQ2CZX7j1f5KOfS5UlTf+CPx3TW9xSaua6UfGC9ijgyU5HV57HlbY/g8kRAZYNs6
mT1YZPsumSLw5UrrSg24QlTBTkcEhandGvyNlA8XIo+qqhLF6kfkjrpeVERRGuW0
IeX6FW64Rx6/Szc0H/MkUucVjtrjkHFZAmkICqhKvXeMUJO7DdT2P3UhA0CmdVxz
8yDk1WE7ZyhVOLf/sUy68Isb1eojk5bRnF2nHn/x6aBOS+4mazqlK1HUcGxbDc8l
CpNOaTOh729q3gh1jRCJ4NDga6WsCqtiNXEziRoIwQLi1nIiIQI=
=cZk7
-----END PGP SIGNATURE-----