[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1201-1] libxcursor security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libxcursor
Version        : 1:1.1.13-1+deb7u2
CVE ID         : CVE-2017-16612
Debian Bug     : 883792

It was discovered that libXcursor, a X cursor management library, is
prone to several heap overflows when parsing malicious files. An
attacker can take advantage of these flaws for arbitrary code execution,
if a user is tricked into processing a specially crafted cursor file.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.1.13-1+deb7u2.

We recommend that you upgrade your libxcursor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlotHSUACgkQnUbEiOQ2
gwK2iQ/+JQorUKY328MFxhHBEGMurIB0rBzSvek4uPsJhJ3n0y9cyKHQodKf24ZN
66pO9qP4LqVsZR4mymeaQ8Mjh4M0PMwtpPMMj14jbYSY6yf7iUqzmm76a1qSFQF7
njIgB0hvQ4zK2GwuR6oaXjFAtHy7YZvseneCbD7MHQpzqXejgaLYiVn5X2RqNYbz
kHrQS5JcAt2Wa+ls+UnyqDccpSPgItjWwF70HibrAfz++F2r91ldU544aAZ5k7d0
lt6bvPaklfrZFjn3P50b7GFUY4kk8H8+4hGYRNEzvRQRGbhIbEfU0/5CAB4LNkXO
A6Di9QIAqaun+vNnmW24jZ4C0Cj4+2DN+TZ90jNinaZ3atuxNJA+B1wwmB3az3YP
oTH1V5BZWeHBPXZHgZxHbm/iczX8URaS9TxwOJN/yVoYt/ZmfL/G0uQGGIGBueoL
q9gd8Agc0ab2KcOE0UuNB225Mr5ecQnDrlZWT/2z6e3vvver81YZYc8ykPrG/PxC
PAjTJ3YKXHjBHCOtLdn2BExXJeXtytxENwZCSM5m8bnMm5E3iCXc549i0QIwxba5
MtNT3+tU/4uPPbPobtfI1X1idasFDeLTlr0+ybN6g/EHcKe5SYqUbznyfhqbFCnW
wFWV+sWdYwlwTqJIOfNBqTkyS5J9aKVsztfc43QD+XZvxepfitA=
=SDF9
-----END PGP SIGNATURE-----


Reply to: