Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2340
scilab security update
9 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: scilab
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31598 CVE-2021-31348 CVE-2021-31347
CVE-2021-31229 CVE-2021-30485
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running scilab check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2705-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
July 07, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : scilab
Version : 5.5.2-4+deb9u1
CVE ID : CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348
CVE-2021-31598
Multiple issues have been discovered in scilab, particularly in ezXML embedded library:
CVE-2021-30485
Descriptionincorrect memory handling, leading to a NULL pointer dereference
in ezxml_internal_dtd()
CVE-2021-31229
Out-of-bounds write in ezxml_internal_dtd() leading to out-of-bounds write
of a one byte constant
CVE-2021-31347, CVE-2021-31348
incorrect memory handling in ezxml_parse_str() leading to out-of-bounds read
CVE-2021-31598
Out-of-bounds write in ezxml_decode() leading to heap corruption
For Debian 9 stretch, these problems have been fixed in version
5.5.2-4+deb9u1.
We recommend that you upgrade your scilab packages.
For the detailed security status of scilab please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/scilab
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDnLjIACgkQ0+Fzg8+n
/wZCVA//QGHjMXqEDMGgBlKA06HsTifv+EkXWcowJ3AwP1MG8HiasWYovdxqUqvd
hFOmsVdYoVDmE9Mb0UvaniRoNavdvKou7I6ZMf4PGnwp+YZulaj5KmdJ4+MVLeVe
EPeQB9lz2mVut0wCWMEm665fYGMwGj5beJKdyj6ley8BKs22r8VEotTrP3wvCyh5
sykKPursI3+JLzraTgilk8cn55tl6VY8u/bIVPrT0KHu+Nm+KlKLNLyfjnfJHbl3
LXiNegYWrSzo1Ant3BgdF3jf3RO8n8j7o5ULkIzgQg+sLaC3dOdomJAE2M2kV9ak
lYnqeQsjp8ceKdi/kVOIBq5xV4okhztRun5bcu7mhXhzlwGiDmjwvdn6mCbBFzOj
2ov88xwAe+G1GCOhvRaclAaWA3o6fz5oqLTfpsn+DAOSrkR06LAeKYS3Zs8puuD0
ZLQGmH1P+VGZDmwMg9tXNtvajCaHXxMwunSTtN/QhmZM7cGpaAWXfOLIpOzAJ9Rt
n6fE9TGWAi8/1MSFKVFeY87SQbkV7nNT9Fb9RXJs8LAhrtgpxEpWRd5wHDTLEPCk
IlXhA41iE6sWt+7v11h0fxYajYR61AFygOXlid1PoX6kNcLidSReJLtasdQryHOB
3DzYstcG09q9Lt/EifFQdKsOzncXh/bZL/gphRcVZt/AJ8h3FpA=
=Mvga
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYOeSUuNLKJtyKPYoAQhRDBAArwEYDkFcB1ocU/DnXo5hM8V5XLDYr9BV
3AbYdcV4RU/zfau0i3dJQ7Vl2fXTXD4Y4si9vO2fqJ3YLud3K4c51vDCLcxkKSxi
9+jspQmQ4tvR+fi/1e78ak71+G+Oawr5A2Z4mg1mXPUySYRNMg+AAXB4oMzKYXDO
3SXaFonsDhObb+lVs0L9CLv1qq1vxQAqK8x7U20c9XzatJ/E9uKQr988P5bAhRzj
2G/n1lK8FgZhuEegbKw9dbM2rOETcYeMM/KwtVmz0Hl7OC7+D5B92c42dCe0+lCm
Nfce9S1RGC5kGCjYMqmJF/w6Ow2pG8sfD37lmEMJQifNI1B9d6fIzZcYdyD8NISv
2gDTp+D011WzddGAulmFAb8u1jqVuvbCHWRMmICNs5w61pi9HKsdOU41LM5ziDjN
fJSjbXmTHoKBmUetlcpBpcYXjzXyIRiTGCIAPUvPBuk/YqF+5tE7KXJUhq/yXE2l
jOzpgGZ2wZDhlZG+3F93PeXCo1uZLNgUcAaF/O5VNRhRIurzQF2Pm2mvW3QcK2ag
5pSGpH9SZMFF1F175zFBf4R67bwCaZi7g1GE2yxfgVyXsoY3pd4MAmwPkdFfClM+
hnfYpjrY0gl4ArIdOAcoeS+J1HcLlycbLaToIeycTDCPCW5lmcIoQo9EwrTBWkcC
W7dG9a8GHU0=
=MXWo
-----END PGP SIGNATURE-----