You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gcab

Sigurnosni nedostatak programskog paketa gcab

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4095-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 24, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : gcab
CVE ID : CVE-2018-5345
Debian Bug : 887776

It was discovered that gcab, a Microsoft Cabinet file manipulation tool,
is prone to a stack-based buffer overflow vulnerability when extracting
.cab files. An attacker can take advantage of this flaw to cause a
denial-of-service or, potentially the execution of arbitrary code with
the privileges of the user running gcab, if a specially crafted .cab
file is processed.

For the stable distribution (stretch), this problem has been fixed in
version 0.7-2+deb9u1.

We recommend that you upgrade your gcab packages.

For the detailed security status of gcab please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/gcab

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpo6kRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TLGQ//SlIEWkG2FFPQN+Qnl5kUX1wJLfs/u7P/kzwlqjFjSgQAPqre+llu27I/
Hxt8y2xBS8BiFTKXsxDAKJ5AH22lSfx7GP5zxNH60vyTPuKETj6EVIpw99VtRI1k
p8S7qteakBKCRbBrsFWpNUYgnxx6iI9dxD6SZZX5p+vsgL33nSrJvNkEvyQzAEjf
dmw2R7ozXZNerChPL3tVObsNfq2FSoHI0hm5TdM4C+aAj0Bg9kY/DQoApl7lt4m1
gbN8JSMu5QJkTbCKWDhrGM4O5uH7/ASKDQFP27VHCsGhfhsKq36i6fWUXAOMIdxN
+YQQgcAVXKVFA4esi1oCf+b0NFvQ0kcDUJRo0xgcfFtug7e0ZJX7SzIIwD0smMTu
tILCQMWPd0y93gsdOflJqW5H7uYHWzLBQVAC8XvJ7i+WX+itBU88k6Kis4oCK4it
FBbfd8ma6yDYwHSOc3Ceq3+XYdDBu3wXRjAh4ZyjgTqjyXxW0iXalm3WMWxh11j2
YomV8N6CTel8MBXZcLlNz+G/M1qt3UHzTTpufgQEo8ud5+NDeUh+CgMpKyvUBDaP
xD65XPhB71jzI1/yeSCc84exSCdLuj1o4+uyhsA/GRaR1WMueZhnZjJyFll/4oJh
fuFJGDaTfpk3r1+6Rpdk+3ln6f8bYN8lbxjYQVNho7ykbgayId8=
=RwBy
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-01-0176-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa iCloud

Otkriveni su sigurnosni nedostaci u programskom paketu iCloud za operativni sustav Windows. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close