Lucene search

DebianDEBIAN:DLA-768-1:76D18

HistoryDec 30, 2016 - 9:33 p.m.

[SECURITY] [DLA 768-1] pgpdump security update

2016-12-3021:33:55

lists.debian.org

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Package : pgpdump
Version : 0.27-1+deb7u1
CVE ID : CVE-2016-4021
Debian Bug : 773747

The read_binary function in buffer.c in pgpdump, a PGP packet
visualizer, allows context-dependent attackers to cause a denial of
service (infinite loop and CPU consumption) via crafted input. This was
assigned CVE-2016-4021.

Also, the read_radix64 function the might read data from beyond the
end of a buffer from crafted input.

For Debian 7 "Wheezy", these problems have been fixed in version
0.27-1+deb7u1.

For Debian 8 "Jessie", these problems will be fixed in version
0.28-1+deb8u1, part of the upcoming point release

For Debian 9 "Stretch" and "Sid", these problems have been fixed in
version 0.31-0.1

We recommend that you upgrade your pgpdump packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7amd64pgpdump< 0.27-1+deb7u1pgpdump_0.27-1+deb7u1_amd64.deb
Debian8armhfpgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_armhf.deb
Debian8i386pgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_i386.deb
Debian8powerpcpgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_powerpc.deb
Debian8s390xpgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_s390x.deb
Debian8mipselpgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_mipsel.deb
Debian7armelpgpdump< 0.27-1+deb7u1pgpdump_0.27-1+deb7u1_armel.deb
Debian7armhfpgpdump< 0.27-1+deb7u1pgpdump_0.27-1+deb7u1_armhf.deb
Debian7i386pgpdump< 0.27-1+deb7u1pgpdump_0.27-1+deb7u1_i386.deb
Debian8ppc64elpgpdump< 0.28-1+deb8u1pgpdump_0.28-1+deb8u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	pgpdump	< 0.27-1+deb7u1	pgpdump_0.27-1+deb7u1_amd64.deb
Debian	8	armhf	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_armhf.deb
Debian	8	i386	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_i386.deb
Debian	8	powerpc	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_powerpc.deb
Debian	8	s390x	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_s390x.deb
Debian	8	mipsel	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_mipsel.deb
Debian	7	armel	pgpdump	< 0.27-1+deb7u1	pgpdump_0.27-1+deb7u1_armel.deb
Debian	7	armhf	pgpdump	< 0.27-1+deb7u1	pgpdump_0.27-1+deb7u1_armhf.deb
Debian	7	i386	pgpdump	< 0.27-1+deb7u1	pgpdump_0.27-1+deb7u1_i386.deb
Debian	8	ppc64el	pgpdump	< 0.28-1+deb8u1	pgpdump_0.28-1+deb8u1_ppc64el.deb