logo
DATABASE RESOURCES PRICING ABOUT US

[SECURITY] [DLA 2983-1] abcm2ps security update

Description

From: Anton Gladky <gladk@debian.org> To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 2983-1] abcm2ps security update - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2983-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky April 16, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : abcm2ps Version : 7.8.9-1+deb9u1 CVE ID : CVE-2018-10753 CVE-2018-10771 CVE-2019-1010069 CVE-2021-32434 CVE-2021-32435 CVE-2021-32436: Multiple vulnerabilities have been discovered in abcm2ps: program which translates ABC music description files to PostScript. CVE-2018-10753 Stack-based buffer overflow in the delayed_output function in music.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-10771 Stack-based buffer overflow in the get_key function in parse.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2019-1010069 Incorrect access control allows attackers to cause a denial of service via a crafted file. CVE-2021-32434 Array overflow when wrong duration in voice overlay. CVE-2021-32435 Stack-based buffer overflow in the function get_key in parse.c allows remote attackers to cause a senial of service (DoS) via unspecified vectors. CVE-2021-32436 Out-of-bounds read in the function write_title() in subs.c allows remote attackers to cause a denial of service via unspecified vectors. For Debian 9 stretch, these problems have been fixed in version 7.8.9-1+deb9u1. We recommend that you upgrade your abcm2ps packages. For the detailed security status of abcm2ps please refer to its security tracker page at: https://security-tracker.debian.org/tracker/abcm2ps Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS


Affected Package


OS OS Version Package Name Package Version
Debian 9 abcm2ps 7.8.9-1+deb9u1
Debian 9 abcm2ps 7.8.9-1+deb9u1
Debian 9 abcm2ps 7.8.9-1+deb9u1
Debian 9 abcm2ps 7.8.9-1+deb9u1
Debian 9 abcm2ps 7.8.9-1+deb9u1
Debian 9 abcm2ps 7.8.9-1+deb9u1

Related