[SECURITY] [DLA 1109-1] libraw security update

2017-09-2417:14:43

lists.debian.org

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

Package : libraw
Version : 0.14.6-2+deb7u3
CVE ID : CVE-2017-14608

CVE-2017-14608
An out of bounds read flaw related to kodak_65000_load_raw has been
reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker
could possibly exploit this flaw to disclose potentially sensitive
memory or cause an application crash.

For Debian 7 "Wheezy", these problems have been fixed in version
0.14.6-2+deb7u3.

We recommend that you upgrade your libraw packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9i386libraw-dev< 0.17.2-6+deb9u2libraw-dev_0.17.2-6+deb9u2_i386.deb
Debian7amd64libraw-dev< 0.14.6-2+deb7u3libraw-dev_0.14.6-2+deb7u3_amd64.deb
Debian9amd64libraw15< 0.17.2-6+deb9u2libraw15_0.17.2-6+deb9u2_amd64.deb
Debian7armhflibraw-bin< 0.14.6-2+deb7u3libraw-bin_0.14.6-2+deb7u3_armhf.deb
Debian9armellibraw15< 0.17.2-6+deb9u2libraw15_0.17.2-6+deb9u2_armel.deb
Debian9alllibraw-doc< 0.17.2-6+deb9u2libraw-doc_0.17.2-6+deb9u2_all.deb
Debian9i386libraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_i386.deb
Debian9amd64libraw-bin< 0.17.2-6+deb9u2libraw-bin_0.17.2-6+deb9u2_amd64.deb
Debian7i386libraw5< 0.14.6-2+deb7u3libraw5_0.14.6-2+deb7u3_i386.deb
Debian7armellibraw-dev< 0.14.6-2+deb7u3libraw-dev_0.14.6-2+deb7u3_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	libraw-dev	< 0.17.2-6+deb9u2	libraw-dev_0.17.2-6+deb9u2_i386.deb
Debian	7	amd64	libraw-dev	< 0.14.6-2+deb7u3	libraw-dev_0.14.6-2+deb7u3_amd64.deb
Debian	9	amd64	libraw15	< 0.17.2-6+deb9u2	libraw15_0.17.2-6+deb9u2_amd64.deb
Debian	7	armhf	libraw-bin	< 0.14.6-2+deb7u3	libraw-bin_0.14.6-2+deb7u3_armhf.deb
Debian	9	armel	libraw15	< 0.17.2-6+deb9u2	libraw15_0.17.2-6+deb9u2_armel.deb
Debian	9	all	libraw-doc	< 0.17.2-6+deb9u2	libraw-doc_0.17.2-6+deb9u2_all.deb
Debian	9	i386	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_i386.deb
Debian	9	amd64	libraw-bin	< 0.17.2-6+deb9u2	libraw-bin_0.17.2-6+deb9u2_amd64.deb
Debian	7	i386	libraw5	< 0.14.6-2+deb7u3	libraw5_0.14.6-2+deb7u3_i386.deb
Debian	7	armel	libraw-dev	< 0.14.6-2+deb7u3	libraw-dev_0.14.6-2+deb7u3_armel.deb