Lucene search

DebianDEBIAN:DLA-740-1:FD536

HistoryDec 11, 2016 - 6:53 p.m.

[SECURITY] [DLA 740-1] libgsf security update

2016-12-1118:53:23

lists.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Package : libgsf
Version : 1.14.21-2.1+deb7u1
CVE ID : CVE-2016-9888

It was discovered that there was a null pointer deference exploit in libgsf, a
I/O abstraction library for GNOME.

An error within the "tar_directory_for_file()" function could be exploited to
trigger a null pointer dereference and subsequently cause a crash via a crafted
TAR file.

For Debian 7 "Wheezy", this issue has been fixed in libgsf version
1.14.21-2.1+deb7u1.

We recommend that you upgrade your libgsf packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian7alllibgsf-1-common< 1.14.21-2.1+deb7u1libgsf-1-common_1.14.21-2.1+deb7u1_all.deb
Debian8i386libgsf-1-dev< 1.14.30-2+deb8u1libgsf-1-dev_1.14.30-2+deb8u1_i386.deb
Debian7i386libgsf-gnome-1-114-dbg< 1.14.21-2.1+deb7u1libgsf-gnome-1-114-dbg_1.14.21-2.1+deb7u1_i386.deb
Debian8i386libgsf-bin< 1.14.30-2+deb8u1libgsf-bin_1.14.30-2+deb8u1_i386.deb
Debian8alllibgsf< 1.14.30-2+deb8u1libgsf_1.14.30-2+deb8u1_all.deb
Debian7armellibgsf-gnome-1-114< 1.14.21-2.1+deb7u1libgsf-gnome-1-114_1.14.21-2.1+deb7u1_armel.deb
Debian8armhflibgsf-1-114< 1.14.30-2+deb8u1libgsf-1-114_1.14.30-2+deb8u1_armhf.deb
Debian7i386libgsf-gnome-1-dev< 1.14.21-2.1+deb7u1libgsf-gnome-1-dev_1.14.21-2.1+deb7u1_i386.deb
Debian7i386libgsf-1-114-dbg< 1.14.21-2.1+deb7u1libgsf-1-114-dbg_1.14.21-2.1+deb7u1_i386.deb
Debian8amd64gir1.2-gsf-1< 1.14.30-2+deb8u1gir1.2-gsf-1_1.14.30-2+deb8u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	libgsf-1-common	< 1.14.21-2.1+deb7u1	libgsf-1-common_1.14.21-2.1+deb7u1_all.deb
Debian	8	i386	libgsf-1-dev	< 1.14.30-2+deb8u1	libgsf-1-dev_1.14.30-2+deb8u1_i386.deb
Debian	7	i386	libgsf-gnome-1-114-dbg	< 1.14.21-2.1+deb7u1	libgsf-gnome-1-114-dbg_1.14.21-2.1+deb7u1_i386.deb
Debian	8	i386	libgsf-bin	< 1.14.30-2+deb8u1	libgsf-bin_1.14.30-2+deb8u1_i386.deb
Debian	8	all	libgsf	< 1.14.30-2+deb8u1	libgsf_1.14.30-2+deb8u1_all.deb
Debian	7	armel	libgsf-gnome-1-114	< 1.14.21-2.1+deb7u1	libgsf-gnome-1-114_1.14.21-2.1+deb7u1_armel.deb
Debian	8	armhf	libgsf-1-114	< 1.14.30-2+deb8u1	libgsf-1-114_1.14.30-2+deb8u1_armhf.deb
Debian	7	i386	libgsf-gnome-1-dev	< 1.14.21-2.1+deb7u1	libgsf-gnome-1-dev_1.14.21-2.1+deb7u1_i386.deb
Debian	7	i386	libgsf-1-114-dbg	< 1.14.21-2.1+deb7u1	libgsf-1-114-dbg_1.14.21-2.1+deb7u1_i386.deb
Debian	8	amd64	gir1.2-gsf-1	< 1.14.30-2+deb8u1	gir1.2-gsf-1_1.14.30-2+deb8u1_amd64.deb