[SECURITY] [DLA 1198-1] libextractor security update

2017-12-0421:04:57

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Package : libextractor
Version : 1:0.6.3-5+deb7u1
CVE ID : CVE-2017-15266 CVE-2017-15267 CVE-2017-15600
CVE-2017-15601 CVE-2017-15602 CVE-2017-15922
Debian Bug : 878314 880016

Leon Zhao discovered several security vulnerabilities in libextractor,
a universal library and command-line tool to obtain meta-data about
files. NULL Pointer Dereferences, heap-based buffer overflows, integer
signedness errors and out-of-bounds read may lead to a denial-of-service
(application crash) or have other unspecified impact.

For Debian 7 "Wheezy", these problems have been fixed in version
1:0.6.3-5+deb7u1.

We recommend that you upgrade your libextractor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386libextractor-dbg< 1:1.3-2+deb8u1libextractor-dbg_1:1.3-2+deb8u1_i386.deb
Debian9i386libextractor-dbg< 1:1.3-4+deb9u1libextractor-dbg_1:1.3-4+deb9u1_i386.deb
Debian7armhfextract< 1:0.6.3-5+deb7u1extract_1:0.6.3-5+deb7u1_armhf.deb
Debian8arm64libextractor-dbg< 1:1.3-2+deb8u1libextractor-dbg_1:1.3-2+deb8u1_arm64.deb
Debian8s390xlibextractor-dev< 1:1.3-2+deb8u1libextractor-dev_1:1.3-2+deb8u1_s390x.deb
Debian9armhflibextractor3< 1:1.3-4+deb9u1libextractor3_1:1.3-4+deb9u1_armhf.deb
Debian8i386libextractor3< 1:1.3-2+deb8u1libextractor3_1:1.3-2+deb8u1_i386.deb
Debian9mipslibextractor3< 1:1.3-4+deb9u1libextractor3_1:1.3-4+deb9u1_mips.deb
Debian9armelextract< 1:1.3-4+deb9u1extract_1:1.3-4+deb9u1_armel.deb
Debian8mipsellibextractor3< 1:1.3-2+deb8u1libextractor3_1:1.3-2+deb8u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libextractor-dbg	< 1:1.3-2+deb8u1	libextractor-dbg_1:1.3-2+deb8u1_i386.deb
Debian	9	i386	libextractor-dbg	< 1:1.3-4+deb9u1	libextractor-dbg_1:1.3-4+deb9u1_i386.deb
Debian	7	armhf	extract	< 1:0.6.3-5+deb7u1	extract_1:0.6.3-5+deb7u1_armhf.deb
Debian	8	arm64	libextractor-dbg	< 1:1.3-2+deb8u1	libextractor-dbg_1:1.3-2+deb8u1_arm64.deb
Debian	8	s390x	libextractor-dev	< 1:1.3-2+deb8u1	libextractor-dev_1:1.3-2+deb8u1_s390x.deb
Debian	9	armhf	libextractor3	< 1:1.3-4+deb9u1	libextractor3_1:1.3-4+deb9u1_armhf.deb
Debian	8	i386	libextractor3	< 1:1.3-2+deb8u1	libextractor3_1:1.3-2+deb8u1_i386.deb
Debian	9	mips	libextractor3	< 1:1.3-4+deb9u1	libextractor3_1:1.3-4+deb9u1_mips.deb
Debian	9	armel	extract	< 1:1.3-4+deb9u1	extract_1:1.3-4+deb9u1_armel.deb
Debian	8	mipsel	libextractor3	< 1:1.3-2+deb8u1	libextractor3_1:1.3-2+deb8u1_mipsel.deb