Debian alert DLA-2629-1 (libebml)

From:
             
 
Thorsten Alteholz <debian@alteholz.de>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 2629-1] libebml security update
Date:
             
 
Sun, 18 Apr 2021 17:09:28 +0000
Message-ID:
             
 
<alpine.DEB.2.21.2104181702420.28605@postfach.intern.alteholz.me>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2629-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 18, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libebml
Version        : 1.3.4-1+deb9u2
CVE ID         : CVE-2021-3405


A heap overflow issue was detected in libebml, a library to read and 
write files in the EBML format, a binary pendant to XML.
These issues appeared in several ReadData functions of various data type 
classes. This update also fixes the issue in EbmlString::ReadData and 
EbmlUnicodeString::ReadData, which were mentioned in CVE-2021-3405.


For Debian 9 stretch, this problem has been fixed in version
1.3.4-1+deb9u2.

We recommend that you upgrade your libebml packages.

For the detailed security status of libebml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libebml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmB8Z8lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcDChAAhi/7Ov4xys75/7HTdSWdtjavtAhxKH0ERJvR0mAheGkpKwI8YzPho4Ue
7oUug2bRLpgUZWZmDVv6irMp7W4MBf9VTzZyz01hhKC1Yxc2CFRvNkq3d37Gxe0q
tFv04IEoqbF0ehlXM7X5tXgGow+SBwc+fKxgRuVJPDqOf7QVtbhJxCw/zRSbTnDz
bbnMTJJcJtWdIlHmloSzy6sMalZ85gUBSTHT7ykfUI6M8xmFOXxqsi0e2Kyf8+77
K8G4Q2nspDp4L1IpxEVJFR0OyCqaTEHtjz4Q61a6C5T2j029qPG5PQ4AuEMhPovD
o4oKR2sCBf3iVe9HfludDPE76WD6MF0W2cDH0B6Du4kQWK2nmyIbvE2LLq8gN294
CL3pG8/T7QI3PGF2I2W4EyhaeMgpni4/3CkIskBdJ1TiJnvA5AxxHxkPAj7qxUtz
NTvUOv/AR5eZWuYfU0d+Rr2T12en09Gq7OJZ94qmJdyEwNsCYGzk1hdwZ5RNFqij
1DV/xOiqPRveiTEXjzmQGx0GUUw/+etJ104cGYOvJ35YenhZb94zEm2zYRI5RsfM
zpcMR8pF+w3zA9Au4/eqG603IELn+J+gF50p+EptVTggEnmDqydzP0Ebz1UTBv3Y
rzqqjLLTlNMFr6b4CpntRkvUnQnhBixM71OMly789ChQSX97DYo=
=C5n+
-----END PGP SIGNATURE-----