ESB-2018.1541 - [Debian] libmad: Denial of service - Remote with user interaction 2018-05-21

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1541
                      LibMAD patch comes to Debian 7
                                21 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libmad
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-8374 CVE-2017-8373 CVE-2017-8372

Reference:         ESB-2018.1392

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libmad
Version        : 0.15.1b-7+deb7u1
CVE ID         : CVE-2017-8372 CVE-2017-8373 CVE-2017-8374

Several vulnerabilities were discovered in MAD, an MPEG audio decoder
library, which could result in denial of service if a malformed audio
file is processed.

For Debian 7 "Wheezy", these problems have been fixed in version
0.15.1b-7+deb7u1.

We recommend that you upgrade your libmad packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlr+gdsACgkQnUbEiOQ2
gwLtMg//eAAdI43Slwo3moBibNTwY5hUAycBYV+fdUfreLDoCcrHd1i9s5kVS29R
7JXZzB/eE9FNuQBkXLJ5G/Y1otsjDsTNqRCZUU5pe9vOsHIv5SZ7nAtshAOlKeSS
k1OTMrKcTnzCkNY9DNZiijw4ADAmV07XiQYxE0RyD7H5qfYPlQijBODG2ek13kbm
Eg5pwz5lSOrO+WN+4+vNFz16PKLzLAxYDpIxeMZyRYFQwoDFVJHPO/UcOfDao7+E
5Xxt0cfMv06tH2K9yoJJLHW6EghpMO3cKQp/mO1Gtp/FHbfKZ4tsTi3+XqSuPgKb
heB8XthRthn+EFfuHdRtxb7IncLGyQk79hSFtaWLXQ0XXFi6dYxR1AoVJuyJOtAP
AEm2cSxIyF3lZA287x8dxsTdtgxweAi2CqCZlZZy2QSE4t8mb9UNgVJu/Aq52nho
k7VOgC1WBsTONAk8FApcS89ui0pbyRU7KXsFhhzwcfsY7z/9q65yehxLh+ESP4VE
qbsYpi5BwKL5lp8+QxdmDcvj86k69aAe7AspO3FWYuVCtkzsbbZN40j5abweTlTd
GcVVh5r3GmeKC5rXb4qZQLMnvA5CDawEduHZImX+ItJ3fL6RZqQgeLo7+SoB/9nE
sUwJGdX6/JKCoOEzhdaZHI+1QpXSmCSuoodCLxf3sPHchfevE20=
=V0l6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWwIbzox+lLeg9Ub1AQhU5BAAgKi+zgA6JConeop1TepKwd5ANMz1ecoy
1/ss/CqTNE26quMPOcQDIK0AYAMxJoPGRihwrLTHHdbKPem1YQBcLrOn8nJhTPpd
7sFAsl9kgpqeiBnWPaaQs/wz1DL5I8ld3Aaopst/FhDwoc9q5MSqDtWxd79Plooh
AqMw0/r4gaShHQ4h9LXjRIkF0DGZwUvpfp8Yn372IpkIuCQrVu0yqN/Zt5eXcQr5
fj4LNFhs78//tQ5wk0/+9354Vux/MDkAVCB7g2+yyp+kUNRoIDmnDL9CDvUyHdvk
ONAShTbfzdObxyqLROWSfRTVsl0RKnD4nf1qfftrYXDk9OwvwbkkE6soWY/pOYxw
m4/j3cOuksZYj5VgL3kc9OZYyNXcPcQ18PnRT5Fkr55/OP+HOx+S7lVw6S9eydlh
qRvos2kxF+DH9eNpyKlHDrcN8mYNuUKOy2FLoKz0YJnNi6ei0zIglSoIOKiot1L8
TqGBvJyrfH8dP1YMJnpbpaMqYmVHUXn5pYyuvtXeR0dJDkPas7C3GI3UnJgfxWw4
B4t2urL7E08yfeqyNHd6gioSu4ezpQCtwClCzvOrCZ1QVBRAmFATo1ED+NvNoh2C
JVXlFEGOmvMxw48+qpiafMz36+O8M5cUH4WquD4AOtBsS6B44Th0taygbRxwrhAo
qgaZp8pvj7g=
=sc1c
-----END PGP SIGNATURE-----

« Back to bulletins