Debian 9899 Published by

The following updates has been released for Debian 7 LTS:

[DLA 1036-1] gsoap security update
[DLA 1037-1] catdoc security update
[DLA 1038-1] libtasn1-3 security update



[DLA 1036-1] gsoap security update

Package : gsoap
Version : 2.8.7-2+deb7u1
CVE ID : CVE-2017-9765

A vulnerability was discovered in gsoap, a library for the development
of SOAP web services and clients, that may be exposed with a large and
specific XML message over 2 GB in size. After receiving this 2 GB
message, a buffer overflow can cause an open unsecured server to crash.
Clients communicating with HTTPS with trusted servers are not affected.

For Debian 7 "Wheezy", these problems have been fixed in version
2.8.7-2+deb7u1.

We recommend that you upgrade your gsoap packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 1037-1] catdoc security update

Package : catdoc
Version : 0.94.4-1.1+deb7u1
CVE ID : CVE-2017-11110
Debian Bug : 867717

A heap-based buffer underflow flaw was discovered in catdoc, a text
extractor for MS-Office files, which may lead to denial of service
(application crash) or have unspecified other impact, if a specially
crafted file is processed.

For Debian 7 "Wheezy", these problems have been fixed in version
0.94.4-1.1+deb7u1.

We recommend that you upgrade your catdoc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 1038-1] libtasn1-3 security update

Package : libtasn1-3
Version : 2.13-2+deb7u5
CVE ID : CVE-2017-10790

CVE-2017-10790
The _asn1_check_identifier function in GNU Libtasn1 through 4.12
causes a NULL pointer dereference and crash when reading crafted
input that triggers assignment of a NULL value within an asn1_node
structure. It may lead to a remote denial of service attack.


For Debian 7 "Wheezy", these problems have been fixed in version
2.13-2+deb7u5.

We recommend that you upgrade your libtasn1-3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS