| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 18 Jul 2015 19:11:56 +0200 From: Alessandro Ghedini <ghedo@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3309-1] tidy security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 security@...ian.org https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tidy CVE ID : CVE-2015-5522 CVE-2015-5523 Debian Bug : 792571 Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. Geoff McLane also discovered that a similar issue could trigger an integer overflow, leading to a memory allocation of 4GB. This could allow remote attackers to cause a denial of service by saturating the target's memory. For the oldstable distribution (wheezy), these problems have been fixed in version 20091223cvs-1.2+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 20091223cvs-1.4+deb8u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your tidy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVqojcAAoJEK+lG9bN5XPLn34P/3E7efokZezirY7p4eikB6ER CevFoVPDXpQNBKzr+0P21HyQva318/9sZasVmuPK+M3u/IMo+swUjRTph/FxSxiT vegTYRWxvPHgwF7AiwV6eyPzRaMQcUsXslAY/F2YjmYYfhTHW4Rv0Gk2H0B2woYx cjuMjC5uUXN32pU3Wpq24XayL2pcdT6r4L22TguXF1t1bydygiJLYMhANjCDNVf6 0s+NYTOIHBzH7Fkm6gkqBnkRmdg6yI48HrbD0TcjZR5BtwrbzcJmKk9e5wU5UNSa Ilx56N91VTq48F8mi5ZB57hqzdbWD4I5h+lZMDS7hy57isuTIvc4uDR/LF9e7E2U 6qIJ7IN0J6dsLOAQLIGpnkUTF/SLJJIgYUon4zkPEjIstGExRAn1Of+l/A5k1vaF I3ZPs5pWuvVTxkr1DzoDdELB3aRL20+j+zs1nxc8IucCt8/EHvpDI1iyb3e4w3i3 6rnTIes6h/vA6c310xJk2avMNzv3UhFtSVNPIl+yIZT/QF1tRldViALR5a5BXI5e FgucdM7/+zOT7yWW0uI2EnPCCYLnCumSS9Pjo50/Le/FYkbh0IIg2RrSADwdFq7y qLWaE8neaDxe8KaqIw6fkEHl1W2xwhwuLX3DfPEO04/nYY8whx4HPZF2xoQxU8jO On7mgKze4gCc4ozkDzDr =jhhR -----END PGP SIGNATURE-----
Powered by blists - more mailing lists