Debian Security Advisory 4059-1

Debian Security Advisory 4059-1: Posted Dec 12, 2017; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4059-1 - It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.; tags | advisory, overflow, arbitrary, code execution; systems | linux, debian; advisories | CVE-2017-16612; SHA-256 | d7f9c24a8f07ce16763dcc954b7a6eb8900a35b776185c65a1fe94d1cc86b6b8; Download | Favorite | View

Debian Security Advisory 4059-1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4059-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 08, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxcursor
CVE ID         : CVE-2017-16612
Debian Bug     : 883792

It was discovered that libXcursor, a X cursor management library, is
prone to several heap overflows when parsing malicious files. An
attacker can take advantage of these flaws for arbitrary code execution,
if a user is tricked into processing a specially crafted cursor file.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:1.1.14-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.1.14-1+deb9u1.

We recommend that you upgrade your libxcursor packages.

For the detailed security status of libxcursor please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libxcursor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloq6oFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QSjA/+JDR6jRLYoUQJvaOyt0B1OgCRMZl8O2pwbuJjP6I9QQkoAJ8JIn2QJNgx
CaRk/DgSlkCqAgHS8GJXMd5qWK2nct4fastz4K4GtyD9VUQt1vtq9mHcitRwvfkg
sTgrcl7cNMQ8u0B6D+JFnYNyVmROe9Kvmly+FceszeFF9Pjql9RRdzCH4OJkh0Zp
GXImCk5Gk46JonznsHot4FtrR4eaLPgC6lmIhRYZg2WZMR5D6gYikhRy3bWM8CCf
Uz8dLSFeMhqPhN/LoEOb4cKPSP2lOEiWFbTCDt1wlokdTp8bOXU7SLFUwjVurKcU
5vvIdWYPezdkAwj0dbWyvkMJo8qmHzLChkxZEb8L9w8LMUIUpYe/XG8N++WOEsvW
1fhTsbOsxCBNp4g+R8d2c8sj1bTxCXgKrWHa4hcoLCi091gtoLEMv63yG+wEUqYu
QeGCJDJNrhz1amuianzrUaRQ9byMUYrdVrg+PjKATOxIdEaaFAGDrk1AFnEb6LQ2
t4U4WYzw0ca/Eyyx8HFCU9MLrpwYOtir5iUwMtMxRAPg2KUUi7g3X4GOXwhB5uHy
E2uqSNbhl+/dOA+2g8CcUAGrVr8rGriyHOTytXt3zKku7H53itbDI6oLoyP2Ip+7
JNKY372psYmfoPlDKsvEdUoaMTPcAZoENr+k7uPVUpsmjIVhdHw=
=Od3E
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 4059-1

Debian Security Advisory 4059-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4059-1

Share This

Debian Security Advisory 4059-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems