Debian 10225 Published by

The following three updates are available for Debian 6 LTS:

[DLA 100-1] mutt security update
[DLA 101-1] jasper security update
[DLA 99-1] flac security update



[DLA 100-1] mutt security update

Package : mutt
Version : 1.5.20-9+squeeze4
CVE ID : CVE-2014-0467
Debian Bug : 771125

A flaw was discovered in mutt, a text-based mailreader. A specially
crafted mail header could cause mutt to crash, leading to a denial of
service condition.

[DLA 101-1] jasper security update

Package : jasper
Version : 1.900.1-7+squeeze2
CVE ID : CVE-2014-9029

Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.

[DLA 99-1] flac security update

Package : flac
Version : 1.2.1-2+deb6u1
CVE ID : CVE-2014-8962 CVE-2014-9028

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.

CVE-2014-8962

heap-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.


CVE-2014-9028

stack-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.