Debian-LTS alert DLA-420-1 (libmatroska)
| From: | Chris Lamb <lamby@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 420-1] libmatroska security update | |
| Date: | Thu, 18 Feb 2016 16:59:20 +0100 | |
| Message-ID: | <1455811160.3065094.525041842.69CDABFB@webmail.messagingengine.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libmatroska Version : 0.8.1-1.1+deb6u1 CVE ID : CVE-2014-9765 It was discovered that there was a invalid memory address issue in libmatroska, an extensible open standard audio/video container format. When reading a block group or a simple block that uses EBML lacing the frame sizes indicated in the lacing weren't checked against the available number of bytes. If the indicated frame size was bigger than the whole block's size the parser would read beyond the end of the buffer resulting in a heap information leak. For Debian 6 Squeeze, this issue has been fixed in libmatroska version 0.8.1-1.1+deb6u1. Regards, - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWxeonAAoJEB6VPifUMR5YEDUQAKHfSXrtCAsOaeXvsL4SB2nn JHcjq64Raclr6JPn3PKGxgMKcuQJYrBnww8T+lKbLKoMQBstGNTwtGEDVwt/jsqJ 4fJLcsua1/KtaAIx2iNL225HLGCpYUhG2He96UQIOENs2zBg6HcA9V2xtp/AXQCy rXmc80lQknBuPd363DSOtBaT9HsBHlfN/EryoX9Pkoni8PytT1Aj5Ci5N3JLPnwX fuSi7Iq/uVfjT3/jxN00bUWs4We0BvL4jr/L0UWXyGQSv1HMU6iwzx5eJCSh6Lgv 7z2Ej2fkvtUwz1HYaDdirZ/DhDJDWsSeBmBY+YOgGu4//I7UbDM0ram7It1JIIgi yyKHTOywi9b25X9Fs/V4c+sWd1RKUiGLWqMw6LdEL5C+65MvH7yMiEAuaGg2XqJ0 CRLcWSVBzFG4Ki5K9NwKmW006HyF21ZGQcEZ4KbRdnL5qJtzfU86MTw5RqRHeOJK DmwO1BMxnSFvQQvtrS0wp4iYOiWzVfNxIG6aNAViyW9kASnhVFv8C+U9AJwdij6U OvxFMw0YCGMNUjdGoQ6C9P9llUtBGagQX6JHQt1Eqe8MvE06m85begm0rWjN0fXk WSKFRk5XMBVpVXONiwz0KQIRC71qyjxeZ7Hw02Q7k5fPH0+Iof6tMJEZnr9icrN9 kQ8iosZ0dVlJyhPU7zIz =nTq0 -----END PGP SIGNATURE-----