DebianDEBIAN:DLA-438-1:1F8A8[SECURITY] [DLA 438-1] libebml security update
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.9 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.7%
Package : libebml
Version : 0.7.7-3.1
CVE ID : CVE-2015-8790 CVE-2015-8791
Two security-related issues were fixed in libebml, a library for accessing the
EBML format:
CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3
allows context-dependent attackers to obtain sensitive information from
process heap memory via a crafted UTF-8 string, which triggers an invalid
memory access.
CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows
context-dependent attackers to obtain sensitive information from process
heap memory via a crafted length value in an EBML id, which triggers an
invalid memory access.
For Debian 6 "squeeze", these issues have been fixed in libebml version
0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages.
Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | mipsel | libebml3 | < 1.2.2-2+deb7u1 | libebml3_1.2.2-2+deb7u1_mipsel.deb |
| Debian | 7 | mipsel | libebml-dev | < 1.2.2-2+deb7u1 | libebml-dev_1.2.2-2+deb7u1_mipsel.deb |
| Debian | 7 | armhf | libebml-dev | < 1.2.2-2+deb7u1 | libebml-dev_1.2.2-2+deb7u1_armhf.deb |
| Debian | 7 | armhf | libebml3 | < 1.2.2-2+deb7u1 | libebml3_1.2.2-2+deb7u1_armhf.deb |
| Debian | 7 | kfreebsd-i386 | libebml-dev | < 1.2.2-2+deb7u1 | libebml-dev_1.2.2-2+deb7u1_kfreebsd-i386.deb |
| Debian | 7 | s390x | libebml-dev | < 1.2.2-2+deb7u1 | libebml-dev_1.2.2-2+deb7u1_s390x.deb |
| Debian | 8 | mipsel | libebml-dev | < 1.3.0-2+deb8u1 | libebml-dev_1.3.0-2+deb8u1_mipsel.deb |
| Debian | 8 | mipsel | libebml4 | < 1.3.0-2+deb8u1 | libebml4_1.3.0-2+deb8u1_mipsel.deb |
| Debian | 8 | armel | libebml-dev | < 1.3.0-2+deb8u1 | libebml-dev_1.3.0-2+deb8u1_armel.deb |
| Debian | 6 | all | libebml | < 0.7.7-3.1+deb6u1 | libebml_0.7.7-3.1+deb6u1_all.deb |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.9 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.7%