[BSA-112] Security Update for iucode-tool

Type debian
Reporter Debian
Modified 2017-01-27T10:20:36


Henrique de Moraes Holschuh uploaded new packages for iucode-tool which fixed the following security problems:

CVE-2017-0357 iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in the -tr (recovery) loader. Using specially-crafted data files and a specially crafted command line, it might be possible to leverage this heap buffer overflow to cause heap corruption, which might allow an attacker to run arbitrary code.

For the jessie-backports distribution the problem has been fixed in version 2.1.1-1~bpo8+1.

For the wheezy-backports distribution, no fix is necessary.

For users building directly from the git repository, all debian/release/* branches have been updated with fixed versions where necessary.

Henrique Holschuh