Control: retitle -1 cfitsio: vulnerabilities
Control: found -1 3.370-2
On Fri, Mar 09, 2018 at 09:56:39AM +0100, Ole Streicher wrote:
> Package: cfitsio
> Version: 3.420-3
> Severity: grave
> Tags: security
>
> Hi,
>
> a new version of cfitsio just came out, accompanied with the following
> notice from upstream:
>
> The NASA security team requires the following warning to all users of
> CFITSIO:
>
> =====
> The CFITSIO open source software project contains vulnerabilities
> that could allow a remote, unauthenticated attacker to take control
> of a server running the CFITSIO software. These vulnerabilities
> affect all servers and products running the CFITSIO software.
>
> The CFITSIO team has released software updates to address these
> vulnerabilities. There are no workarounds to address these
> vulnerabilities. In all cases, the CFITSIO team is recommending an
> immediate update to resolve the issues.
> =====
>
>
> I didn't check the specific problem, but it may be important to upgrade.
Even more important are DSAs backporting all required fixes (if any) to
stable and oldstable.
> Best regards
>
> Ole
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
