Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2340 scilab security update 9 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: scilab Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-31598 CVE-2021-31348 CVE-2021-31347 CVE-2021-31229 CVE-2021-30485 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running scilab check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2705-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky July 07, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : scilab Version : 5.5.2-4+deb9u1 CVE ID : CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 Multiple issues have been discovered in scilab, particularly in ezXML embedded library: CVE-2021-30485 Descriptionincorrect memory handling, leading to a NULL pointer dereference in ezxml_internal_dtd() CVE-2021-31229 Out-of-bounds write in ezxml_internal_dtd() leading to out-of-bounds write of a one byte constant CVE-2021-31347, CVE-2021-31348 incorrect memory handling in ezxml_parse_str() leading to out-of-bounds read CVE-2021-31598 Out-of-bounds write in ezxml_decode() leading to heap corruption For Debian 9 stretch, these problems have been fixed in version 5.5.2-4+deb9u1. We recommend that you upgrade your scilab packages. For the detailed security status of scilab please refer to its security tracker page at: https://security-tracker.debian.org/tracker/scilab Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDnLjIACgkQ0+Fzg8+n /wZCVA//QGHjMXqEDMGgBlKA06HsTifv+EkXWcowJ3AwP1MG8HiasWYovdxqUqvd hFOmsVdYoVDmE9Mb0UvaniRoNavdvKou7I6ZMf4PGnwp+YZulaj5KmdJ4+MVLeVe EPeQB9lz2mVut0wCWMEm665fYGMwGj5beJKdyj6ley8BKs22r8VEotTrP3wvCyh5 sykKPursI3+JLzraTgilk8cn55tl6VY8u/bIVPrT0KHu+Nm+KlKLNLyfjnfJHbl3 LXiNegYWrSzo1Ant3BgdF3jf3RO8n8j7o5ULkIzgQg+sLaC3dOdomJAE2M2kV9ak lYnqeQsjp8ceKdi/kVOIBq5xV4okhztRun5bcu7mhXhzlwGiDmjwvdn6mCbBFzOj 2ov88xwAe+G1GCOhvRaclAaWA3o6fz5oqLTfpsn+DAOSrkR06LAeKYS3Zs8puuD0 ZLQGmH1P+VGZDmwMg9tXNtvajCaHXxMwunSTtN/QhmZM7cGpaAWXfOLIpOzAJ9Rt n6fE9TGWAi8/1MSFKVFeY87SQbkV7nNT9Fb9RXJs8LAhrtgpxEpWRd5wHDTLEPCk IlXhA41iE6sWt+7v11h0fxYajYR61AFygOXlid1PoX6kNcLidSReJLtasdQryHOB 3DzYstcG09q9Lt/EifFQdKsOzncXh/bZL/gphRcVZt/AJ8h3FpA= =Mvga - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYOeSUuNLKJtyKPYoAQhRDBAArwEYDkFcB1ocU/DnXo5hM8V5XLDYr9BV 3AbYdcV4RU/zfau0i3dJQ7Vl2fXTXD4Y4si9vO2fqJ3YLud3K4c51vDCLcxkKSxi 9+jspQmQ4tvR+fi/1e78ak71+G+Oawr5A2Z4mg1mXPUySYRNMg+AAXB4oMzKYXDO 3SXaFonsDhObb+lVs0L9CLv1qq1vxQAqK8x7U20c9XzatJ/E9uKQr988P5bAhRzj 2G/n1lK8FgZhuEegbKw9dbM2rOETcYeMM/KwtVmz0Hl7OC7+D5B92c42dCe0+lCm Nfce9S1RGC5kGCjYMqmJF/w6Ow2pG8sfD37lmEMJQifNI1B9d6fIzZcYdyD8NISv 2gDTp+D011WzddGAulmFAb8u1jqVuvbCHWRMmICNs5w61pi9HKsdOU41LM5ziDjN fJSjbXmTHoKBmUetlcpBpcYXjzXyIRiTGCIAPUvPBuk/YqF+5tE7KXJUhq/yXE2l jOzpgGZ2wZDhlZG+3F93PeXCo1uZLNgUcAaF/O5VNRhRIurzQF2Pm2mvW3QcK2ag 5pSGpH9SZMFF1F175zFBf4R67bwCaZi7g1GE2yxfgVyXsoY3pd4MAmwPkdFfClM+ hnfYpjrY0gl4ArIdOAcoeS+J1HcLlycbLaToIeycTDCPCW5lmcIoQo9EwrTBWkcC W7dG9a8GHU0= =MXWo -----END PGP SIGNATURE-----