Debian Security Advisory
DLA-1133-1 ming -- LTS security update
- Date Reported:
- 21 Oct 2017
- Affected Packages:
- ming
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11734.
- More information:
-
Multiple vulnerabilities have been discovered in Ming:
- CVE-2017-11704
Heap-based buffer over-read in the function decompileIF in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
- CVE-2017-11728
Heap-based buffer over-read in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
- CVE-2017-11729
Heap-based buffer over-read in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
- CVE-2017-11730
Heap-based buffer over-read in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
- CVE-2017-11731
Invalid memory read in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
- CVE-2017-11734
Heap-based buffer over-read in the function decompileCALLFUNCTION in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file.
For Debian 7
Wheezy
, these problems have been fixed in version 1:0.4.4-1.1+deb7u4.We recommend that you upgrade your ming packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2017-11704