Security Information / 2017 / Security Information -- DSA-4026-1 bchunk

Debian Security Advisory

DSA-4026-1 bchunk -- security update

Date Reported:

09 Nov 2017

Affected Packages:

bchunk

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 880116.
In Mitre's CVE dictionary: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955.

More information:

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1.

We recommend that you upgrade your bchunk packages.