[Secure-testing-team] Bug#843012: libcsp: CVE-2016-8596 CVE-2016-8597 CVE-2016-8598
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 3 06:04:14 UTC 2016
Source: libcsp
Version: 1.4+fdd49b7+dfsg-3
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libcsp.
CVE-2016-8596[0]:
| Buffer overflow in the csp_can_process_frame in csp_if_can.c in the
| libcsp library v1.4 and earlier allows hostile components connected to
| the canbus to execute arbitrary code via a long csp packet.
CVE-2016-8597[1]:
| Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp
| library v1.4 and earlier allows hostile components with network access
| to the SFP underlying network layers to execute arbitrary code via
| specially crafted SFP packets.
CVE-2016-8598[2]:
| Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp
| library v1.4 and earlier allows hostile computers connected via a zmq
| interface to execute arbitrary code via a long packet.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8596
[1] https://security-tracker.debian.org/tracker/CVE-2016-8597
[2] https://security-tracker.debian.org/tracker/CVE-2016-8598
Regards,
Salvatore
More information about the Secure-testing-team
mailing list