Debian Security Advisory 5232-1

Debian Security Advisory 5232-1: Posted Sep 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5232-1 - It was discovered that the wordexp() function of tinygltf, a library to load/save glTF (GL Transmission Format) files was susceptible to command execution when processing untrusted files.; tags | advisory; systems | linux, debian; advisories | CVE-2022-3008; SHA-256 | 6d3bf5420ed67b1fc16a49e517a64ee582d74c3582eaa12ad4ef5cb2c1800fce; Download | Favorite | View

Debian Security Advisory 5232-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5232-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 21, 2022                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tinygltf
CVE ID         : CVE-2022-3008
Debian Bug     : 1019357

It was discovered that the wordexp() function of tinygltf, a library to
load/save glTF (GL Transmission Format) files was susceptible to command
execution when processing untrusted files.

For the stable distribution (bullseye), this problem has been fixed in
version 2.5.0+dfsg-3+deb11u1.

We recommend that you upgrade your tinygltf packages.

For the detailed security status of tinygltf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tinygltf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMrGCZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QbKw/+N1Ob+bsrlbwl9YDEO4gasz8BkPNCvtev1vLQnsHI1EzU0OPv8dZsngMK
u9kQGOjbhV2ZMIkCP08Eyq5U7EmCBMspEdzEURoIkmEOMs+tyTrlT9OItTrgl47E
ETGPpgCwXMcmiFLPggZNcyI53qjHDcYkSTlNepPDuPNUnDtpghKAbtIldEWfQApk
1wu+f/dxeIiYiFZlbRMATNAN01fCfAao1rLAtvtpp4PkTQgy61V33T/pg/Ho7Utj
8Z/TNjuKrPsl18ibczilM5fTaMtToT0+4kqKzyG38cGbW5jZUk9S/dziGTQPlRE9
qKrVbt3L5faFkTv5lVnV+DKuPToZ16sZnO8DEe5/VCkI4P5r5ZN24XGkmMXc807w
bwgC4WPnvBAQ17RoDnf6EKit6kw1lvjybhflIY3XtIs3vC2zcAmQuC02gOrwE++A
psELpQ8CocBRZyz8Tpo48igfkexoEgAf5LkYMkY2D9wkmuetASjFNh9Q4FZpxT+r
X2Cl8TNPmDvkK4DgK5QxLS6Fp6MJor9cV3iMdVDQxTNoOR5jsIDdayFDkWAhbDxe
fi64ESk7UWwdcKETTp81PcpYk5E83YZQS73XqesTJHaqtf5de3JhxUcUq07IjxCq
86SlvIRZUBtsWqSUeGgYIrEqZuvQaBYY0gs1V9Uq///e8RIbnNg=
=+KJ7
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Debian Security Advisory 5232-1

Debian Security Advisory 5232-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5232-1

Share This

Debian Security Advisory 5232-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems