Malware Devil

Loading...

Monday, April 19, 2021

ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1310
                          libebml security update
                               19 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libebml
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3405  

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2629

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2629-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 18, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : libebml
Version        : 1.3.4-1+deb9u2
CVE ID         : CVE-2021-3405


A heap overflow issue was detected in libebml, a library to read and 
write files in the EBML format, a binary pendant to XML.
These issues appeared in several ReadData functions of various data type 
classes. This update also fixes the issue in EbmlString::ReadData and 
EbmlUnicodeString::ReadData, which were mentioned in CVE-2021-3405.


For Debian 9 stretch, this problem has been fixed in version
1.3.4-1+deb9u2.

We recommend that you upgrade your libebml packages.

For the detailed security status of libebml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libebml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmB8Z8lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcDChAAhi/7Ov4xys75/7HTdSWdtjavtAhxKH0ERJvR0mAheGkpKwI8YzPho4Ue
7oUug2bRLpgUZWZmDVv6irMp7W4MBf9VTzZyz01hhKC1Yxc2CFRvNkq3d37Gxe0q
tFv04IEoqbF0ehlXM7X5tXgGow+SBwc+fKxgRuVJPDqOf7QVtbhJxCw/zRSbTnDz
bbnMTJJcJtWdIlHmloSzy6sMalZ85gUBSTHT7ykfUI6M8xmFOXxqsi0e2Kyf8+77
K8G4Q2nspDp4L1IpxEVJFR0OyCqaTEHtjz4Q61a6C5T2j029qPG5PQ4AuEMhPovD
o4oKR2sCBf3iVe9HfludDPE76WD6MF0W2cDH0B6Du4kQWK2nmyIbvE2LLq8gN294
CL3pG8/T7QI3PGF2I2W4EyhaeMgpni4/3CkIskBdJ1TiJnvA5AxxHxkPAj7qxUtz
NTvUOv/AR5eZWuYfU0d+Rr2T12en09Gq7OJZ94qmJdyEwNsCYGzk1hdwZ5RNFqij
1DV/xOiqPRveiTEXjzmQGx0GUUw/+etJ104cGYOvJ35YenhZb94zEm2zYRI5RsfM
zpcMR8pF+w3zA9Au4/eqG603IELn+J+gF50p+EptVTggEnmDqydzP0Ebz1UTBv3Y
rzqqjLLTlNMFr6b4CpntRkvUnQnhBixM71OMly789ChQSX97DYo=
=C5n+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHzn+ONLKJtyKPYoAQhVXRAAiaX2hSiFOeNK4xaKWCv7WYRlU0RGvH7H
KltwTdSs3vx87l/HIE9lnSxjwRn3n5coZR0ivcEX8/cYIfbu7rIuDrTDjYUZX5Ck
aZx7Hzmg12IyZMxHAjq2gihr033g6PprWLIVM5WlKEGSCWaXKcWLR1arBawnGmwW
aIWplPFCQ/YTHEZXaBFplIxrmsCGoWUeDpDlXpiXrWQTFuqCE7JZwMvMKe0fGYT2
th+8RP+WiLgxrba88lcTXTCHwWSUZu945lhpqzIUytRjL9sQgIidkFkMZd34i/Lr
ZBFbRj+9b9EGje7Vz2AWzDQdxCpqU4Mv0CC5wnUmEoMdkOhk/9QFRwNAdJVBchLJ
WK1azyJ7mmH2ioxHspMe/93OKCgkbYu8Ygf5FgOot1gUveWbmhBolmlpjnPKxYfq
JIG7lXFqHtT4qcoLFB/1Kp3X6gw/y5iXe4B1NiiG5079vs0qT4oL2trV5IpFHYTl
7e6k17OXUX7Px6CmA9YZBMxt0FBlALHhVenD2SG9lJrhrICeemdFQpV8AVTDTc2J
hngtv6j5b+fQBVAHQepPWdlpjYzkrgx9fOAvS7X9tC9UhIKez0Gai2JIdu7xxfiZ
oJqaKbLGIZnQQ6VWjRv4TBVK2KQh2Mm4KbuOvgQKtpM3vaWS2+g9yHp6LhCTj4q/
hFn15EIHSQ4=
=ascE
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account appeared first on Malware Devil.



https://malwaredevil.com/2021/04/19/esb-2021-1310-debian-libebml-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1310-debian-libebml-denial-of-service-existing-account
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...