Lucene search

DebianDEBIAN:DSA-3976-1:99EF0

HistorySep 17, 2017 - 5:12 p.m.

[SECURITY] [DSA 3976-1] freexl security update

2017-09-1717:12:29

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Debian Security Advisory DSA-3976-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 17, 2017 https://www.debian.org/security/faq

Package : freexl
CVE ID : CVE-2017-2923 CVE-2017-2924
Debian Bug : 875690 875691

Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in
freexl, a library to read Microsoft Excel spreadsheets, which might
result in denial of service or the execution of arbitrary code if a
malformed Excel file is opened.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.0.0g-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-2+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.4-1.

We recommend that you upgrade your freexl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8arm64libfreexl1< 1.0.0g-1+deb8u4libfreexl1_1.0.0g-1+deb8u4_arm64.deb
Debian9mipsellibfreexl1-dbg< 1.0.2-2+deb9u1libfreexl1-dbg_1.0.2-2+deb9u1_mipsel.deb
Debian7i386libfreexl-dev< 1.0.0b-1+deb7u4libfreexl-dev_1.0.0b-1+deb7u4_i386.deb
Debian8armellibfreexl-dev< 1.0.0g-1+deb8u4libfreexl-dev_1.0.0g-1+deb8u4_armel.deb
Debian7armellibfreexl1-dbg< 1.0.0b-1+deb7u4libfreexl1-dbg_1.0.0b-1+deb7u4_armel.deb
Debian7i386libfreexl1< 1.0.0b-1+deb7u4libfreexl1_1.0.0b-1+deb7u4_i386.deb
Debian7amd64libfreexl1-dbg< 1.0.0b-1+deb7u4libfreexl1-dbg_1.0.0b-1+deb7u4_amd64.deb
Debian9armhflibfreexl1-dbg< 1.0.2-2+deb9u1libfreexl1-dbg_1.0.2-2+deb9u1_armhf.deb
Debian8powerpclibfreexl1< 1.0.0g-1+deb8u4libfreexl1_1.0.0g-1+deb8u4_powerpc.deb
Debian9ppc64ellibfreexl-dev< 1.0.2-2+deb9u1libfreexl-dev_1.0.2-2+deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libfreexl1	< 1.0.0g-1+deb8u4	libfreexl1_1.0.0g-1+deb8u4_arm64.deb
Debian	9	mipsel	libfreexl1-dbg	< 1.0.2-2+deb9u1	libfreexl1-dbg_1.0.2-2+deb9u1_mipsel.deb
Debian	7	i386	libfreexl-dev	< 1.0.0b-1+deb7u4	libfreexl-dev_1.0.0b-1+deb7u4_i386.deb
Debian	8	armel	libfreexl-dev	< 1.0.0g-1+deb8u4	libfreexl-dev_1.0.0g-1+deb8u4_armel.deb
Debian	7	armel	libfreexl1-dbg	< 1.0.0b-1+deb7u4	libfreexl1-dbg_1.0.0b-1+deb7u4_armel.deb
Debian	7	i386	libfreexl1	< 1.0.0b-1+deb7u4	libfreexl1_1.0.0b-1+deb7u4_i386.deb
Debian	7	amd64	libfreexl1-dbg	< 1.0.0b-1+deb7u4	libfreexl1-dbg_1.0.0b-1+deb7u4_amd64.deb
Debian	9	armhf	libfreexl1-dbg	< 1.0.2-2+deb9u1	libfreexl1-dbg_1.0.2-2+deb9u1_armhf.deb
Debian	8	powerpc	libfreexl1	< 1.0.0g-1+deb8u4	libfreexl1_1.0.0g-1+deb8u4_powerpc.deb
Debian	9	ppc64el	libfreexl-dev	< 1.0.2-2+deb9u1	libfreexl-dev_1.0.2-2+deb9u1_ppc64el.deb