[SECURITY] [DLA 959-1] libical security update

2017-05-28T18:02:58
ID DEBIAN:DLA-959-1:A5651
Type debian
Reporter Debian
Modified 2017-05-28T18:02:58

Description

Package : libical Version : 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : #860451, #852034

It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file.

For Debian 7 "Wheezy", this issue has been fixed in libical version 0.48-2+deb7u1.

We recommend that you upgrade your libical packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-