Debian alert DLA-1951-1 (libtomcrypt)
| From: | "Chris Lamb" <lamby@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1951-1] libtomcrypt security update | |
| Date: | Wed, 09 Oct 2019 14:16:39 -0700 | |
| Message-ID: | <75cfef1e-02af-4cd4-9eca-3ce6fa9b5dff@www.fastmail.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libtomcrypt Version : 1.17-6+deb8u1 CVE ID : CVE-2019-17362 It was discovered that there was a denial of service vulnerability in the libtomcrypt cryptographic library. An out-of-bounds read and crash could occur via carefully-crafted "DER" encoded data (eg. by importing an X.509 certificate). For Debian 8 "Jessie", this issue has been fixed in libtomcrypt version 1.17-6+deb8u1. We recommend that you upgrade your libtomcrypt packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2eTgUACgkQHpU+J9Qx Hljq7hAAvPVyKHaD1S3flhSjdc/AEFyTyjTgiXG5EqsVttXIfH3xjthQzRcrARJt QQaZjkCuiQMnxToet/ufO9+z0ltMNur/8gYL8OapDRBcs5Y+R/gJcbPC2J2vzi27 HN58v7TYD+n9aZ1I/wzRkucgC59zh0bpQrgyKHOsnR5SqJws/l79B2g0Gzd+sY8r 2HiMltYcU4aS2399G3ZY1bwrTLWAGhPaYGqv1qdnHmwOg6ioGobGP9PZq/oGqIzA vobvxDFpnnw9BojP2W4jmaw7PeturxpP1/FRgkt5/fpdEr3iY6CPuGG2vwSpfdaq xA9DOyqHttrwthUMadDcVhsikg+tIX09oVPIZD/701ftQJufW/pVGCffJugKjk0g uHN/oYhTK3E6PrpxrLCoqYSFz4ZQgiuG6h+LwMieJHIXRhQotsTJiEGfnfUTkC3c c3H2dI2ygy/c5qSUMk3jZFohrJfpYoFz74phKaerG71V6JhVOqdWdI5GRorBhm4H Hfl1ZqtCgWGqy6f4PBDZtU7YwX7qhRiTYQ1KHpNgrBqE/joiJidYO+xofGJs7719 GBtE7ukPRcSJmLUo5a4vt52uL22vqGmC/4U9zIu2pnT80PMQmJBaZ8cNhetsK9og M8O7fMQNdwS1VwEIHj6gBOpjcCoh269J93+DD4fr+EwNb+/Pqt0= =FiOf -----END PGP SIGNATURE-----