DSA-4026-1 bchunk -- security update

Related Vulnerabilities: CVE-2017-15953   CVE-2017-15954   CVE-2017-15955  

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1. We recommend that you upgrade your bchunk packages.

Debian Security Advisory

DSA-4026-1 bchunk -- security update

Date Reported:
09 Nov 2017
Affected Packages:
bchunk
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 880116.
In Mitre's CVE dictionary: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955.
More information:

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1.

We recommend that you upgrade your bchunk packages.