[SECURITY] [DLA 1067-1] augeas security update

2017-08-2618:36:03

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

Package : augeas
Version : 0.10.0-1+deb7u1
CVE ID : CVE-2017-7555
Debian Bug : 872400

Augeas is vulnerable to heap-based buffer overflow due to improper handling of
escaped strings. Attacker could send crafted strings that would cause the
application using augeas to copy past the end of a buffer, leading to a crash
or possible code execution.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.0-1+deb7u1.

We recommend that you upgrade your augeas packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9ppc64ellibaugeas-dev< 1.8.0-1+deb9u1libaugeas-dev_1.8.0-1+deb9u1_ppc64el.deb
Debian8i386libaugeas-dev< 1.2.0-0.2+deb8u2libaugeas-dev_1.2.0-0.2+deb8u2_i386.deb
Debian8powerpclibaugeas-dev< 1.2.0-0.2+deb8u2libaugeas-dev_1.2.0-0.2+deb8u2_powerpc.deb
Debian9mipsaugeas-dbg< 1.8.0-1+deb9u1augeas-dbg_1.8.0-1+deb9u1_mips.deb
Debian9s390xaugeas-dbg< 1.8.0-1+deb9u1augeas-dbg_1.8.0-1+deb9u1_s390x.deb
Debian9mips64elaugeas-tools< 1.8.0-1+deb9u1augeas-tools_1.8.0-1+deb9u1_mips64el.deb
Debian9amd64libaugeas0< 1.8.0-1+deb9u1libaugeas0_1.8.0-1+deb9u1_amd64.deb
Debian9mips64ellibaugeas-dev< 1.8.0-1+deb9u1libaugeas-dev_1.8.0-1+deb9u1_mips64el.deb
Debian8i386augeas-dbg< 1.2.0-0.2+deb8u2augeas-dbg_1.2.0-0.2+deb8u2_i386.deb
Debian8mipsaugeas-dbg< 1.2.0-0.2+deb8u2augeas-dbg_1.2.0-0.2+deb8u2_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	libaugeas-dev	< 1.8.0-1+deb9u1	libaugeas-dev_1.8.0-1+deb9u1_ppc64el.deb
Debian	8	i386	libaugeas-dev	< 1.2.0-0.2+deb8u2	libaugeas-dev_1.2.0-0.2+deb8u2_i386.deb
Debian	8	powerpc	libaugeas-dev	< 1.2.0-0.2+deb8u2	libaugeas-dev_1.2.0-0.2+deb8u2_powerpc.deb
Debian	9	mips	augeas-dbg	< 1.8.0-1+deb9u1	augeas-dbg_1.8.0-1+deb9u1_mips.deb
Debian	9	s390x	augeas-dbg	< 1.8.0-1+deb9u1	augeas-dbg_1.8.0-1+deb9u1_s390x.deb
Debian	9	mips64el	augeas-tools	< 1.8.0-1+deb9u1	augeas-tools_1.8.0-1+deb9u1_mips64el.deb
Debian	9	amd64	libaugeas0	< 1.8.0-1+deb9u1	libaugeas0_1.8.0-1+deb9u1_amd64.deb
Debian	9	mips64el	libaugeas-dev	< 1.8.0-1+deb9u1	libaugeas-dev_1.8.0-1+deb9u1_mips64el.deb
Debian	8	i386	augeas-dbg	< 1.2.0-0.2+deb8u2	augeas-dbg_1.2.0-0.2+deb8u2_i386.deb
Debian	8	mips	augeas-dbg	< 1.2.0-0.2+deb8u2	augeas-dbg_1.2.0-0.2+deb8u2_mips.deb