Lucene search

DebianDEBIAN:DLA-909-1:5FF3A

HistoryApr 23, 2017 - 11:46 a.m.

[SECURITY] [DLA 909-1] libcroco security update

2017-04-2311:46:19

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Package : libcroco
Version : 0.6.6-2+deb7u1
CVE ID : CVE-2017-7960 CVE-2017-7961
Debian Bug : 860961

CVE-2017-7960

A heap-based buffer over-read vulnerability could be triggered
remotely via a crafted CSS file to cause a denial of service.

CVE-2017-7961

An &quot;outside the range of representable values of type long&quot;
undefined behavior issue was found in libcroco, which might
allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted
CSS file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.6.6-2+deb7u1.

We recommend that you upgrade your libcroco packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7armellibcroco3< 0.6.6-2+deb7u1libcroco3_0.6.6-2+deb7u1_armel.deb
Debian7alllibcroco< 0.6.6-2+deb7u1libcroco_0.6.6-2+deb7u1_all.deb
Debian7amd64libcroco3-dev< 0.6.6-2+deb7u1libcroco3-dev_0.6.6-2+deb7u1_amd64.deb
Debian7armellibcroco-tools< 0.6.6-2+deb7u1libcroco-tools_0.6.6-2+deb7u1_armel.deb
Debian7i386libcroco3-dev< 0.6.6-2+deb7u1libcroco3-dev_0.6.6-2+deb7u1_i386.deb
Debian7i386libcroco3< 0.6.6-2+deb7u1libcroco3_0.6.6-2+deb7u1_i386.deb
Debian7armhflibcroco3-dev< 0.6.6-2+deb7u1libcroco3-dev_0.6.6-2+deb7u1_armhf.deb
Debian7armellibcroco3-dev< 0.6.6-2+deb7u1libcroco3-dev_0.6.6-2+deb7u1_armel.deb
Debian7amd64libcroco3< 0.6.6-2+deb7u1libcroco3_0.6.6-2+deb7u1_amd64.deb
Debian7armhflibcroco3< 0.6.6-2+deb7u1libcroco3_0.6.6-2+deb7u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	libcroco3	< 0.6.6-2+deb7u1	libcroco3_0.6.6-2+deb7u1_armel.deb
Debian	7	all	libcroco	< 0.6.6-2+deb7u1	libcroco_0.6.6-2+deb7u1_all.deb
Debian	7	amd64	libcroco3-dev	< 0.6.6-2+deb7u1	libcroco3-dev_0.6.6-2+deb7u1_amd64.deb
Debian	7	armel	libcroco-tools	< 0.6.6-2+deb7u1	libcroco-tools_0.6.6-2+deb7u1_armel.deb
Debian	7	i386	libcroco3-dev	< 0.6.6-2+deb7u1	libcroco3-dev_0.6.6-2+deb7u1_i386.deb
Debian	7	i386	libcroco3	< 0.6.6-2+deb7u1	libcroco3_0.6.6-2+deb7u1_i386.deb
Debian	7	armhf	libcroco3-dev	< 0.6.6-2+deb7u1	libcroco3-dev_0.6.6-2+deb7u1_armhf.deb
Debian	7	armel	libcroco3-dev	< 0.6.6-2+deb7u1	libcroco3-dev_0.6.6-2+deb7u1_armel.deb
Debian	7	amd64	libcroco3	< 0.6.6-2+deb7u1	libcroco3_0.6.6-2+deb7u1_amd64.deb
Debian	7	armhf	libcroco3	< 0.6.6-2+deb7u1	libcroco3_0.6.6-2+deb7u1_armhf.deb