ESB-2018.0455 - [Win][UNIX/Linux][Debian] advancecomp: Denial of service - Existing account 2018-02-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0455
                        advancecomp security update
                             15 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           advancecomp
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1056  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running advancecomp check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : advancecomp
Version        : 1.15-1+deb7u1
CVE ID         : CVE-2018-1056
Debian Bug     : 889270

Joonun Jang discovered that the advzip tool in advancecomp, a
collection of recompression utilities, was prone to a heap-based
buffer overflow. This might allow an attacker to cause a
denial-of-service (application crash) or other unspecified impact via
a crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
1.15-1+deb7u1.

We recommend that you upgrade your advancecomp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqDEx9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSDfg/8C5HUZH8Ak4ZDdpmhKGs28FCLtiVAXHxSaoa14b9FKS79vVxWaVIQnyJU
KhwAJeP+N7/mc5y6sqnm0AUommwxP1cJtJ5bwPZHz0+ZEFRilIFct2N6q83F7zB2
gAe0a9y+ZBJzfvckp8O5bi15y0extwdKijOuOKy81BZmqZOnYHtMItxVihpsKfBu
hxQjosliPrkE4kgxm/En2HYsuyrjeiYvC+At0j2vv8hdEk+NjuwjxpOb/hNDvGqE
bdmFfGQYVQRvw6hSrikOexM2QpyA1U3LOTavPrjlKXWO11KUBjUkjCLq686vuBmV
AEegSSIQih618yMA49g8yoxP2rUBAVdcnBAkQlSdhUuKwy4ZPnaWH4MQg5iUtPYu
jZnlTakDm/kPXxRyrY6/V2h3/BUJWqJ/RedqIjN5ciOrOgEb5/wTxlQh/oTCPxD1
WV/JfZAWURS+vQUHi/irjhvdohEGTXPc7A/vMbVZWyzZDqdnj+VUd/DoIBVamH9n
oZo9Np57seBEr7xzZai4/wvf1XgdF3kxxpYMczJ+mM9SO8hT88POoZ9mrxwOGgSp
wOo484zKbHEYpBDSeWDpbysfa5UR1g7TLFQGX4nemTKwFtytk2lGJQ+GrcDjPv0A
3nJiMBt1eXyoedhhDqBxa3iRcGr28F3s+hCOXxiG7yivPRR1zaY=
=D4vU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWoTjmYx+lLeg9Ub1AQj97A//YT5/5GvneOSXrj+vjJ+DYjPaxwnXrldI
vMHOSUHH24l/Zo9AGqaZUrlNrqU1l6TMiGxdGc5uNZXMUWxzgRY/pLNZYbLtJiIG
rcBUpPQ2pfOURm07fdF/RlEPF4DuXKfieKvmYLZRsooMoPPEwApERdcnkdFE4GkV
4pI+dKHDBCB2HS6J1gMWJ16MwjHJgtGavHzK5UT/nKNDlOTivdXMZSCZwjvSezCN
4olawbTXKaeaNFJdqm7n3VhlalCqPJCVOsSeHr/ksmgTKxcdVxG9xqObw1ZZDAM1
aG33eLE7vieT9J3HOFTv8w8YUZ3+EsymvsT2hZaivGGu6oJ4NHThOpCiTEmny88T
dpNHHupCAjp/oF/qam+w9hY9Y6qZpER5MW+RAjA957appQcWb0hL5PqrNz+BlnZC
c8GGsK3J79PH5LL8rBmWIuHlkELtL8ueZvZOGU+5N5enerB/uYw5JvSNsCmBZRYK
Hf5EKut7JqFSxWZwpTkxnonT5nEo6VJeCX5+ENOpcUpAl0n4XT5LdmiQzfy8B8tS
KMmkKbL6Xrae9aACMPLKe3/RLVpsLWIVu07vAuAQyCjVoDCfuUNNa+B2qw21SAJy
e3Zrs1F1hCL3kjs/WdeCPznDpw2u0+xLFMOOFFyy747mKb5kwJ1O5e6kvEVZMIQM
fU52L1OCzfY=
=3q/t
-----END PGP SIGNATURE-----

« Back to bulletins