Lucene search

DebianDEBIAN:DLA-2612-1:F0098

HistoryMar 31, 2021 - 10:09 a.m.

[SECURITY] [DLA 2612-1] leptonlib security update

2021-03-3110:09:50

lists.debian.org

leptonlib

security update

debian 9 stretch

heap-based buffer over-read

application crash

cve-2020-36277

cve-2020-36278

cve-2020-36279

cve-2020-36281

clusterfuzz

security tracker

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Debian LTS Advisory DLA-2612-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
March 31, 2021 https://wiki.debian.org/LTS

Package : leptonlib
Version : 1.74.1-1+deb9u1
CVE ID : CVE-2020-36277 CVE-2020-36278 CVE-2020-36279
CVE-2020-36281

Several issues have been found by ClusterFuzz in leptonlib, an image
processing library.

All issues are related to heap-based buffer over-read in several functions
or a denial of service (application crash) with crafted data.

For Debian 9 stretch, these problems have been fixed in version
1.74.1-1+deb9u1.

We recommend that you upgrade your leptonlib packages.

For the detailed security status of leptonlib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/leptonlib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhfliblept5< 1.76.0-1+deb10u1liblept5_1.76.0-1+deb10u1_armhf.deb
Debian10mipsleptonica-progs< 1.76.0-1+deb10u1leptonica-progs_1.76.0-1+deb10u1_mips.deb
Debian10i386liblept5< 1.76.0-1+deb10u1liblept5_1.76.0-1+deb10u1_i386.deb
Debian10mips64elleptonica-progs< 1.76.0-1+deb10u1leptonica-progs_1.76.0-1+deb10u1_mips64el.deb
Debian9amd64libleptonica-dev< 1.74.1-1+deb9u1libleptonica-dev_1.74.1-1+deb9u1_amd64.deb
Debian10arm64leptonica-progs-dbgsym< 1.76.0-1+deb10u1leptonica-progs-dbgsym_1.76.0-1+deb10u1_arm64.deb
Debian10ppc64elleptonica-progs-dbgsym< 1.76.0-1+deb10u1leptonica-progs-dbgsym_1.76.0-1+deb10u1_ppc64el.deb
Debian10mipselleptonica-progs< 1.76.0-1+deb10u1leptonica-progs_1.76.0-1+deb10u1_mipsel.deb
Debian9allleptonlib< 1.74.1-1+deb9u1leptonlib_1.74.1-1+deb9u1_all.deb
Debian10armelleptonica-progs-dbgsym< 1.76.0-1+deb10u1leptonica-progs-dbgsym_1.76.0-1+deb10u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	liblept5	< 1.76.0-1+deb10u1	liblept5_1.76.0-1+deb10u1_armhf.deb
Debian	10	mips	leptonica-progs	< 1.76.0-1+deb10u1	leptonica-progs_1.76.0-1+deb10u1_mips.deb
Debian	10	i386	liblept5	< 1.76.0-1+deb10u1	liblept5_1.76.0-1+deb10u1_i386.deb
Debian	10	mips64el	leptonica-progs	< 1.76.0-1+deb10u1	leptonica-progs_1.76.0-1+deb10u1_mips64el.deb
Debian	9	amd64	libleptonica-dev	< 1.74.1-1+deb9u1	libleptonica-dev_1.74.1-1+deb9u1_amd64.deb
Debian	10	arm64	leptonica-progs-dbgsym	< 1.76.0-1+deb10u1	leptonica-progs-dbgsym_1.76.0-1+deb10u1_arm64.deb
Debian	10	ppc64el	leptonica-progs-dbgsym	< 1.76.0-1+deb10u1	leptonica-progs-dbgsym_1.76.0-1+deb10u1_ppc64el.deb
Debian	10	mipsel	leptonica-progs	< 1.76.0-1+deb10u1	leptonica-progs_1.76.0-1+deb10u1_mipsel.deb
Debian	9	all	leptonlib	< 1.74.1-1+deb9u1	leptonlib_1.74.1-1+deb9u1_all.deb
Debian	10	armel	leptonica-progs-dbgsym	< 1.76.0-1+deb10u1	leptonica-progs-dbgsym_1.76.0-1+deb10u1_armel.deb