Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2311 djvulibre security update 5 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: djvulibre Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-3630 Reference: ESB-2021.2309 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2702-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 03, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : djvulibre Version : 3.5.27.1-7+deb9u2 CVE ID : CVE-2021-3630 An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. For Debian 9 stretch, this problem has been fixed in version 3.5.27.1-7+deb9u2. We recommend that you upgrade your djvulibre packages. For the detailed security status of djvulibre please refer to its security tracker page at: https://security-tracker.debian.org/tracker/djvulibre Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDgymAACgkQgj6WdgbD S5ZZoBAA5lQ3qMy3UocDz+ViZ0/m7Z+Z4NHIJikpfzVngaa0RFkNe9u4F7CSNR57 Nz+QqdgxUJKID552l4SDU3KXjMSanlcQG/WO8cMeFPIX03fdVQgn6GNaIpMHCESA eDWxAF3+UpXJR+vATMXHQYSXC/gsUWHBFDsVvEHsqogUpLewGM5tqbibkY3VZbV4 7j72iAHE2YN4BsbTxTEtPCo0NqxpOJro4jqTCMpHq7xmmo9jjAo1GYc2NVfSNDnJ YUI6uWXraEPliwvun4ZD6N2HsbuvHJ/x9fPgqy/kSPO3BHgRutNG6XV4lCVhDNcw ohrLQp0E5eHvyUjT2DJJmA9ToKDJqTwbBkCqPlPitjvg5YJ4PD5U61B/4cVWXyBg P40FMz2t/tVyuU7Xy3UwJVoni+rmFVjuAmehKvAAoUkibwo4SLFmKGZfDDrcXiqJ YykXlEnksEL2KGxL9O3ZoQEC/tAWwdOonQnHRfZTZXpDmO6uNJZLqmfPeducHqWe 4/WeDLBiTuRgy/H7BetLY6bxBuWGUMYjE2jc3ZeySJv8QyDnekGgL+9Fyoqz6lUY qTbiUsw9FG0bZhm8+Me0xClYFocyCH13XAezvGngi+oibTa8Ee49PHAIQznHYpUa sowIEy+HjJeP68HENvjirdI226ojcBOWIHWTRsDdt4KzVmlgtes= =g+jg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYOJ+1ONLKJtyKPYoAQiYWhAAk/BWSMdr1VudpFyHy8/g7YFNGO1EjnvI ZCs7kyHh0dRSYVZVThL6WrR4Wgm79SSkd55OZs5t23R1mEOaFXZO3j/3QUzJhF2X UAzSlhuPnEYbxd9CuQRvyhyUCoYO+hYPyoLRDhKs59mGEdMCCwfRiaIsa4URiAFs +924etIJXhCHX6X7TwdMfeY5m7p3i66tI4O9Af5NxzSYJ17dzixjTu9sKnxBVDUH Bg/FJwgqTsXfbTU2HvWKg5q0zdRQ7ZugOJO2yPYMYBz3zUGoIQX5crvY70+P1Cd7 4ZFjjZ47gR6ehNvbQbERSJheyNgxcZQ0WjW+ZIlvSHyC7e9D+vkNQQw/pbOhwJhq 5Lh6BihOB7AO+k1RHtRW+xHkkeFRBI22dn9dX5iWT/gpoRCrPiVJKAXmNbmwJ9SY SYtQzeZ3edRX/TTW201q3RU3xvNhnddKankB1iBgn71bTfKIRBEV0DgC/72Fn2ZA 5XX5/BSaJhv6EFt1lF70yy/bMomP1o8GIL5gy7WbwAIXwCzqWmFUHC4cItHuxcdR n9zmfqdaaxz2wD3FVUG0RrF6ewJDespjCxJXVxLlsx06ZGmy1Y7Z4EFen++fmIpU cgmYMt6MUJsYoVyc0WJy2Kno/gdBBwnEEnp7BdrjEEnJ8e4Msp++HwhurTDFniqI TJSN1oKe4T4= =zSzl -----END PGP SIGNATURE-----