Headline
Debian Security Advisory 5786-1
Debian Linux Security Advisory 5786-1 - Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5786-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoOctober 05, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libgsfCVE ID : CVE-2024-36474 CVE-2024-42415Debian Bug : 1084056Integer overflows flaws were discovered in the Compound Document BinaryFile format parser of libgsf, the GNOME Project G Structured FileLibrary, which could result in the execution of arbitrary code if aspecially crafted file is processed.For the stable distribution (bookworm), these problems have been fixed inversion 1.14.50-1+deb12u1.We recommend that you upgrade your libgsf packages.For the detailed security status of libgsf please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/libgsfFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcBlPdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0S1cBAAga89kJH98e3ECM9RQaRFdnSpo9qWrxfJF+hGzsaXnZzzfD8yRNUj1YT6ZXspu8wwMdc593UlZkZ4jg51LXUwqLoFRpLXObZ0wEoDQh17zLnQ4+lyY3ME1cTwOlGqVdrFR2/Pg16jDGCreA4T5HkTRArthvdg03iiR/9LtQ3564Z5c+VJnx31tH1uf7tgNcdSy4QEdFnpyMqSz0Exc8aIjWQSLxQju40jpfc3im++KYBk8kDr2gX/gilcxQIKBURNyzq1UfwF/dYqmv0ZYRnrEmLhlD346HnD4gGv8t41nRnQsgolCRV7lI8HkjJNChPSSM6K33bTv9KL0Cu31rN4CDzTyEsbLCoKo40jrdHVaTXlszM2GC6Wgu17n5NlFibqU35Y3NitBm6L1EEkyakDB0rWONXMJ/BOdCpqVIzgtY/Vq98RJb8tP112a0cyG9ffBBgnRZMUrKo0mKrU4A3+RUStQQahx1ECqAbYpqL+lU7ZXKHm9B7jgU+Dy/VESuQRYIOmA0I6jIvuRmGXGWJ+nVBkubshFmnpEO2JEPMzGxXLAieNcXApvdcseXRbUNLthPxsuEmHyC7XaUt9ADc56+tq7jopoIyB7Tui3lw3H/6fL9GPMhsjZAeL1GZN+jq99G7ZdyHHiRUn/Lu/hRdy9rC4WPHJ65a49iRjhi/c69g==pubk-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 7062-2 - USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 7062-1 - It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.