Lucene search

DebianDEBIAN:DSA-3692-1:09CE8

HistoryOct 13, 2016 - 7:00 p.m.

[SECURITY] [DSA 3692-1] freeimage security update

2016-10-1319:00:19

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.048

Percentile

92.7%

JSON

Debian Security Advisory DSA-3692-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 13, 2016 https://www.debian.org/security/faq

Package : freeimage
CVE ID : CVE-2015-3885 CVE-2016-5684

Multiple vulnerabilities were discovered in the FreeImage multimedia
library, which might result in denial of service or the execution of
arbitrary code if a malformed XMP or RAW image is processed.

For the stable distribution (jessie), these problems have been fixed in
version 3.15.4-4.2+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 3.17.0+ds1-3.

For the unstable distribution (sid), these problems have been fixed in
version 3.17.0+ds1-3.

We recommend that you upgrade your freeimage packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armellibfreeimage3-dbg< 3.15.4-4.2+deb8u1libfreeimage3-dbg_3.15.4-4.2+deb8u1_armel.deb
Debian7armellibfreeimage-dev< 3.15.1-1.1+deb7u1libfreeimage-dev_3.15.1-1.1+deb7u1_armel.deb
Debian8arm64libfreeimage-dev< 3.15.4-4.2+deb8u1libfreeimage-dev_3.15.4-4.2+deb8u1_arm64.deb
Debian7powerpclibraw5< 0.14.6-2+deb7u1libraw5_0.14.6-2+deb7u1_powerpc.deb
Debian6i386libraw-dev< 0.9.1-1+deb6u1libraw-dev_0.9.1-1+deb6u1_i386.deb
Debian7kfreebsd-i386python-exactimage< 0.8.5-5+deb7u4python-exactimage_0.8.5-5+deb7u4_kfreebsd-i386.deb
Debian8mipslibfreeimage3< 3.15.4-4.2+deb8u1libfreeimage3_3.15.4-4.2+deb8u1_mips.deb
Debian7armhfpython-exactimage< 0.8.5-5+deb7u4python-exactimage_0.8.5-5+deb7u4_armhf.deb
Debian7ia64exactimage-dbg< 0.8.5-5+deb7u4exactimage-dbg_0.8.5-5+deb7u4_ia64.deb
Debian7mipsellibexactimage-perl< 0.8.5-5+deb7u4libexactimage-perl_0.8.5-5+deb7u4_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	libfreeimage3-dbg	< 3.15.4-4.2+deb8u1	libfreeimage3-dbg_3.15.4-4.2+deb8u1_armel.deb
Debian	7	armel	libfreeimage-dev	< 3.15.1-1.1+deb7u1	libfreeimage-dev_3.15.1-1.1+deb7u1_armel.deb
Debian	8	arm64	libfreeimage-dev	< 3.15.4-4.2+deb8u1	libfreeimage-dev_3.15.4-4.2+deb8u1_arm64.deb
Debian	7	powerpc	libraw5	< 0.14.6-2+deb7u1	libraw5_0.14.6-2+deb7u1_powerpc.deb
Debian	6	i386	libraw-dev	< 0.9.1-1+deb6u1	libraw-dev_0.9.1-1+deb6u1_i386.deb
Debian	7	kfreebsd-i386	python-exactimage	< 0.8.5-5+deb7u4	python-exactimage_0.8.5-5+deb7u4_kfreebsd-i386.deb
Debian	8	mips	libfreeimage3	< 3.15.4-4.2+deb8u1	libfreeimage3_3.15.4-4.2+deb8u1_mips.deb
Debian	7	armhf	python-exactimage	< 0.8.5-5+deb7u4	python-exactimage_0.8.5-5+deb7u4_armhf.deb
Debian	7	ia64	exactimage-dbg	< 0.8.5-5+deb7u4	exactimage-dbg_0.8.5-5+deb7u4_ia64.deb
Debian	7	mipsel	libexactimage-perl	< 0.8.5-5+deb7u4	libexactimage-perl_0.8.5-5+deb7u4_mipsel.deb