[SECURITY] [DLA 243-1] libraw security update

2015-06-1020:19:19

lists.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.048

Percentile

92.7%

JSON

Package : libraw
Version : 0.9.1-1+deb6u1
CVE ID : CVE-2015-3885
Debian Bug : 786788

[This DLA supersedes my wrong announcement using DLA 241-1]

CVE-2015-3885:
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted image, which triggers a buffer overflow, related to the len
variable.

We recommend that you upgrade your libraw packages.

–
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian8s390xlibraw-dev< 0.16.0-9+deb8u1libraw-dev_0.16.0-9+deb8u1_s390x.deb
Debian7sparcrawtherapee< 4.0.9-4+deb7u1rawtherapee_4.0.9-4+deb7u1_sparc.deb
Debian8mipsellibraw-bin< 0.16.0-9+deb8u1libraw-bin_0.16.0-9+deb8u1_mipsel.deb
Debian8mipsrawtherapee< 4.2-1+deb8u1rawtherapee_4.2-1+deb8u1_mips.deb
Debian8mipsellibexactimage-perl< 0.8.9-7+deb8u1libexactimage-perl_0.8.9-7+deb8u1_mipsel.deb
Debian7armhfphp5-exactimage< 0.8.5-5+deb7u4php5-exactimage_0.8.5-5+deb7u4_armhf.deb
Debian8powerpclibfreeimage-dev< 3.15.4-4.2+deb8u1libfreeimage-dev_3.15.4-4.2+deb8u1_powerpc.deb
Debian8powerpclibraw-bin< 0.16.0-9+deb8u1libraw-bin_0.16.0-9+deb8u1_powerpc.deb
Debian6allexactimage-perl< 0.8.1-3+deb6u4exactimage-perl_0.8.1-3+deb6u4_all.deb
Debian8armellibraw10< 0.16.0-9+deb8u1libraw10_0.16.0-9+deb8u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	libraw-dev	< 0.16.0-9+deb8u1	libraw-dev_0.16.0-9+deb8u1_s390x.deb
Debian	7	sparc	rawtherapee	< 4.0.9-4+deb7u1	rawtherapee_4.0.9-4+deb7u1_sparc.deb
Debian	8	mipsel	libraw-bin	< 0.16.0-9+deb8u1	libraw-bin_0.16.0-9+deb8u1_mipsel.deb
Debian	8	mips	rawtherapee	< 4.2-1+deb8u1	rawtherapee_4.2-1+deb8u1_mips.deb
Debian	8	mipsel	libexactimage-perl	< 0.8.9-7+deb8u1	libexactimage-perl_0.8.9-7+deb8u1_mipsel.deb
Debian	7	armhf	php5-exactimage	< 0.8.5-5+deb7u4	php5-exactimage_0.8.5-5+deb7u4_armhf.deb
Debian	8	powerpc	libfreeimage-dev	< 3.15.4-4.2+deb8u1	libfreeimage-dev_3.15.4-4.2+deb8u1_powerpc.deb
Debian	8	powerpc	libraw-bin	< 0.16.0-9+deb8u1	libraw-bin_0.16.0-9+deb8u1_powerpc.deb
Debian	6	all	exactimage-perl	< 0.8.1-3+deb6u4	exactimage-perl_0.8.1-3+deb6u4_all.deb
Debian	8	armel	libraw10	< 0.16.0-9+deb8u1	libraw10_0.16.0-9+deb8u1_armel.deb