[SECURITY] [DSA 3538-1] libebml security update

2016-03-3110:55:43

lists.debian.org

0.008 Low

EPSS

Percentile

82.1%

JSON

Debian Security Advisory DSA-3538-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016 https://www.debian.org/security/faq

Package : libebml
CVE ID : CVE-2015-8789 CVE-2015-8790 CVE-2015-8791

Several vulnerabilities were discovered in libebml, a library for
manipulating Extensible Binary Meta Language files.

CVE-2015-8789

Context-dependent attackers could trigger a use-after-free
vulnerability by providing a maliciously crafted EBML document.

CVE-2015-8790

Context-dependent attackers could obtain sensitive information
from the process&#x27; heap memory by using a maliciously crafted UTF-8
string.

CVE-2015-8791

Context-dependent attackers could obtain sensitive information
from the process&#x27; heap memory by using a maliciously crafted
length value in an EBML id.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.2.2-2+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 1.3.0-2+deb8u1.

For the testing (stretch) and unstable (sid) distributions, these
problems have been fixed in version 1.3.3-1.

We recommend that you upgrade your libebml packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7mipsellibebml-dev< 1.2.2-2+deb7u1libebml-dev_1.2.2-2+deb7u1_mipsel.deb
Debian7s390libebml3< 1.2.2-2+deb7u1libebml3_1.2.2-2+deb7u1_s390.deb
Debian8ppc64ellibebml4< 1.3.0-2+deb8u1libebml4_1.3.0-2+deb8u1_ppc64el.deb
Debian7kfreebsd-amd64libebml-dev< 1.2.2-2+deb7u1libebml-dev_1.2.2-2+deb7u1_kfreebsd-amd64.deb
Debian7armellibebml-dev< 1.2.2-2+deb7u1libebml-dev_1.2.2-2+deb7u1_armel.deb
Debian8powerpclibebml4< 1.3.0-2+deb8u1libebml4_1.3.0-2+deb8u1_powerpc.deb
Debian7amd64libebml-dev< 1.2.2-2+deb7u1libebml-dev_1.2.2-2+deb7u1_amd64.deb
Debian8mipsellibebml4< 1.3.0-2+deb8u1libebml4_1.3.0-2+deb8u1_mipsel.deb
Debian7sparclibebml3< 1.2.2-2+deb7u1libebml3_1.2.2-2+deb7u1_sparc.deb
Debian7i386libebml3< 1.2.2-2+deb7u1libebml3_1.2.2-2+deb7u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	mipsel	libebml-dev	< 1.2.2-2+deb7u1	libebml-dev_1.2.2-2+deb7u1_mipsel.deb
Debian	7	s390	libebml3	< 1.2.2-2+deb7u1	libebml3_1.2.2-2+deb7u1_s390.deb
Debian	8	ppc64el	libebml4	< 1.3.0-2+deb8u1	libebml4_1.3.0-2+deb8u1_ppc64el.deb
Debian	7	kfreebsd-amd64	libebml-dev	< 1.2.2-2+deb7u1	libebml-dev_1.2.2-2+deb7u1_kfreebsd-amd64.deb
Debian	7	armel	libebml-dev	< 1.2.2-2+deb7u1	libebml-dev_1.2.2-2+deb7u1_armel.deb
Debian	8	powerpc	libebml4	< 1.3.0-2+deb8u1	libebml4_1.3.0-2+deb8u1_powerpc.deb
Debian	7	amd64	libebml-dev	< 1.2.2-2+deb7u1	libebml-dev_1.2.2-2+deb7u1_amd64.deb
Debian	8	mipsel	libebml4	< 1.3.0-2+deb8u1	libebml4_1.3.0-2+deb8u1_mipsel.deb
Debian	7	sparc	libebml3	< 1.2.2-2+deb7u1	libebml3_1.2.2-2+deb7u1_sparc.deb
Debian	7	i386	libebml3	< 1.2.2-2+deb7u1	libebml3_1.2.2-2+deb7u1_i386.deb