[SECURITY] [DSA 3540-1] lhasa security update

2016-04-0311:36:41

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.7%

JSON

Debian Security Advisory DSA-3540-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 03, 2016 https://www.debian.org/security/faq

Package : lhasa
CVE ID : CVE-2016-2347

Marcin Noga discovered an integer underflow in Lhasa, a lzh archive
decompressor, which might result in the execution of arbitrary code if
a malformed archive is processed.

For the oldstable distribution (wheezy), this problem has been fixed
in version 0.0.7-2+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 0.2.0+git3fe46-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.3.1-1.

For the unstable distribution (sid), this problem has been fixed in
version 0.3.1-1.

We recommend that you upgrade your lhasa packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8s390xliblhasa0< 0.2.0+git3fe46-1+deb8u1liblhasa0_0.2.0+git3fe46-1+deb8u1_s390x.deb
Debian7mipslhasa< 0.0.7-2+deb7u1lhasa_0.0.7-2+deb7u1_mips.deb
Debian7s390lhasa< 0.0.7-2+deb7u1lhasa_0.0.7-2+deb7u1_s390.deb
Debian7powerpclhasa< 0.0.7-2+deb7u1lhasa_0.0.7-2+deb7u1_powerpc.deb
Debian8kfreebsd-i386liblhasa0< 0.2.0+git3fe46-1+deb8u1liblhasa0_0.2.0+git3fe46-1+deb8u1_kfreebsd-i386.deb
Debian7i386liblhasa-dev< 0.0.7-2+deb7u1liblhasa-dev_0.0.7-2+deb7u1_i386.deb
Debian8mipselliblhasa0< 0.2.0+git3fe46-1+deb8u1liblhasa0_0.2.0+git3fe46-1+deb8u1_mipsel.deb
Debian8i386lhasa< 0.2.0+git3fe46-1+deb8u1lhasa_0.2.0+git3fe46-1+deb8u1_i386.deb
Debian8arm64liblhasa0< 0.2.0+git3fe46-1+deb8u1liblhasa0_0.2.0+git3fe46-1+deb8u1_arm64.deb
Debian8kfreebsd-amd64lhasa< 0.2.0+git3fe46-1+deb8u1lhasa_0.2.0+git3fe46-1+deb8u1_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	liblhasa0	< 0.2.0+git3fe46-1+deb8u1	liblhasa0_0.2.0+git3fe46-1+deb8u1_s390x.deb
Debian	7	mips	lhasa	< 0.0.7-2+deb7u1	lhasa_0.0.7-2+deb7u1_mips.deb
Debian	7	s390	lhasa	< 0.0.7-2+deb7u1	lhasa_0.0.7-2+deb7u1_s390.deb
Debian	7	powerpc	lhasa	< 0.0.7-2+deb7u1	lhasa_0.0.7-2+deb7u1_powerpc.deb
Debian	8	kfreebsd-i386	liblhasa0	< 0.2.0+git3fe46-1+deb8u1	liblhasa0_0.2.0+git3fe46-1+deb8u1_kfreebsd-i386.deb
Debian	7	i386	liblhasa-dev	< 0.0.7-2+deb7u1	liblhasa-dev_0.0.7-2+deb7u1_i386.deb
Debian	8	mipsel	liblhasa0	< 0.2.0+git3fe46-1+deb8u1	liblhasa0_0.2.0+git3fe46-1+deb8u1_mipsel.deb
Debian	8	i386	lhasa	< 0.2.0+git3fe46-1+deb8u1	lhasa_0.2.0+git3fe46-1+deb8u1_i386.deb
Debian	8	arm64	liblhasa0	< 0.2.0+git3fe46-1+deb8u1	liblhasa0_0.2.0+git3fe46-1+deb8u1_arm64.deb
Debian	8	kfreebsd-amd64	lhasa	< 0.2.0+git3fe46-1+deb8u1	lhasa_0.2.0+git3fe46-1+deb8u1_kfreebsd-amd64.deb