-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0905
mupdf regression update
15 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mupdf
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-26519
Reference: ESB-2021.0884
ESB-2020.4140
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2589-2
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2589-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
March 14, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : mupdf
Version : 1.9a+ds1-4+deb9u7
DLA 2589-1 incorrectly fixed CVE-2020-26519 and also induced
regression where opening a PDF document resulted in a
SIGFPE crash, a floating point exception.
For Debian 9 stretch, this problem has been fixed in version
1.9a+ds1-4+deb9u7.
We recommend that you upgrade your mupdf packages.
For the detailed security status of mupdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mupdf
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBOOgkACgkQgj6WdgbD
S5ZZiRAAnmEtwrckSzAqcBy6IBAIQ6aLZYTvBTD2+OelMwD9kVFdJkJN6B91ftlS
v1DJTp+sF2PVUO4y2Mpst/cNP6VgCFFpx3XyepJwYOQR6PQ2ULirZ87BjL5aVdaM
Hkvwryfv0ZliQ9ts8iDV+6lXmMm42RFJXa1GkzcDxH7dgXHxntqX/wJP0ec3AIjd
C0zW+ImgNa6lypgvSAwidM36EnxaRXMkVK7HtN9Riz0qW4g8rSriEWfjluPiRdQ+
pb4CbaUZ0ErhjI+bA8EahyhUd/NnGRCB59nzZlhLY8HeByNvaIJUEZ8VPCM2Vduj
xvVzgsErZ9YyHKuO8jVSD55BgoN3eL3hn8RYmRMmKcyLTEQNNUerUDLIhuvQ7kvE
SJ65a1ijthXRMsDqTVVKvRvhnehttTVosq738aXiC+Q0G8WEO9OrKrCbCwsfji2+
TH5IZnUgsQ+N3bG1u1A4RTxvL5j63AnIeJOau+vwP956hvCc57A0LPTOqD/D2SyQ
36gVz9tV7yQ6ndkgjHjZO6umJMR+IoIFi1F1OUAGHWRlHNfdSn1plAtky72zC7Kj
e6ZFOqcsaMrVlqrOzRvHZow22DkjFIJl0MKWwoCFg6anM0Oh50OzUQkvz08UUj1O
XlrRvRHKmKVSED2A6+sJeQzeal/ub+e2NC/NvK/uK7+kKc//t1c=
=YqcF
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYE7ujeNLKJtyKPYoAQgrew/6AqE7HIFdZFyvWlwMwwYdp1IsW3EMGpM0
HLCdZs9Oiana5Z//j7pZHxk1YpPsey+rHs/iB4w+ggDp/ivbCnapu6H7SsBo+6NA
LOkTK8/MtUcqc1KwlSBNVRH9+hc6BxI52zGbjibhHsdkQFlMrn9Np9CwMwv29lg2
pR7yJGddrIA1HOunn2yq54TMWAJzkYGiUG2ptUP/Num/OF7knsks9It6h3FS2/I2
cvWju7/duI9Q4QGJeljS/bynOD5dMoevc1aybvR5DLwvEZ0v2kcfm8YQNsJCVZzf
A7eNhalExb/HQn7zav+c/wOjLo0qVyi5S98bdlfz0JbYYhC+bybZ2q8LYEorSU01
kxd53yXGg1JRjmmpouh2zwmI6aQ9KEKmMjHYb73aGuE8hhPB/VeRE6PBNHfs0fgn
e3gVi8CEnCz0s1T0qYQ6OouJ8yP/BJ719EMeRs/QwDc4fe8wpTZqlWWiCS6XbjuC
v7c0QbcPVUPwGgBgMKimGwDTOGrunvhHxHWNUcw2kp17g7NGD0yFaVvKwMCzhgxw
f1ia6UyHn0WHvLMD/78jqsyErGdJGhrthlemvPn+7dFXD8IT2VuctIDIqo5bZPsy
WUtMUaJ304v1G+cKKTFg5Yo86lokjKo+ueDw1MAGmaHL2FRaUceX/USb9qm2+efW
Aa3qXgRW9e8=
=Br3Z
-----END PGP SIGNATURE-----
The post ESB-2021.0905 – [Debian] mupdf: Denial of service – Existing account appeared first on Malware Devil.
https://malwaredevil.com/2021/03/15/esb-2021-0905-debian-mupdf-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0905-debian-mupdf-denial-of-service-existing-account
No comments:
Post a Comment