|
|
Subscribe / Log in / New account

Debian alert DLA-2612-1 (leptonlib)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2612-1] leptonlib security update


Date:
              Wed, 31 Mar 2021 10:09:50 +0000


Message-ID:
              <alpine.DEB.2.21.2103311007560.13990@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2612-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
March 31, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : leptonlib
Version        : 1.74.1-1+deb9u1
CVE ID         : CVE-2020-36277 CVE-2020-36278 CVE-2020-36279
                  CVE-2020-36281


Several issues have been found by ClusterFuzz in leptonlib, an image 
processing library.

All issues are related to heap-based buffer over-read in several functions 
or a denial of service (application crash) with crafted data.


For Debian 9 stretch, these problems have been fixed in version
1.74.1-1+deb9u1.

We recommend that you upgrade your leptonlib packages.

For the detailed security status of leptonlib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/leptonlib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkSm5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfSQg/9FkAuELdli9UuNDYzdbuKFFmFJAw2XpkceRIVZQ+16H70jdRyG65Dr0UR
U5QliprrcoDkjQhw0+YEgaD9qEgNqoCmDQVgCw9uuKzPcLpTABYmU20sajddWbY6
AUNMigfAa5UE4u1RDCee/gohUEN3mR5P0esvf4qT47E/anUYClxOu+T5Wflx4jah
04xmQwouYOfWSPqaaYeQ3XEMsngLCwe/YQBHDebCwb2+crVxJkhbsN2FdQDbJygo
MNSDVPb8g8+vdfXpJ+F6Kiw223rLJK/52zju3gek5+H2Fw/hHHx6r01cTpkdIb5w
5LagUcuW/ntvriPaYAsNipQp9V1q2MdO9dN6grku7cakF9lPPixWaZyk2nHSGMa7
WuUMswyWY73GtKf9oM6xhs6JWuTrBpf/7P6zBFdNxgH6aPfDxwja8i8ubz9m9otn
MmUruyjtYK44YYmGN4KnmHzNQs+kfQO2IzKzk5fNOdayCeIBvxhddLCDKwyPKyBg
VCu32aE9Kff5x7kiRiEG0Wuv9569zRuh+fNws4NzMdkfKvdfLdLd/k46/Bkxng4N
wYDk5HA8XcRDxliV4nYJzeJXod3aTVWxJ5ExctmZJVThC2Z+ycYiMVznfHpzU9A8
Z/PsLzIJzO65/AEv2SVgtNV0gjotmeLHGMhyW5FnCAN8Fx3tSWI=
=MsOp
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds