Debian LTS: DLA-2169-1: libmtp security update

    Date 05 Apr 2020
    424
    Posted By LinuxSecurity Advisories
    libmtp is a library for communicating with MTP aware devices. The Media Transfer Protocol (commonly referred to as MTP) is a devised set of custom extensions to support the transfer of music files on USB digital audio players
    
    Package        : libmtp
    Version        : 1.1.8-1+deb8u1
    CVE ID         : CVE-2017-9831 CVE-2017-9832
    
    
    libmtp is a library for communicating with MTP aware devices. The Media
    Transfer Protocol (commonly referred to as MTP) is a devised set of custom
    extensions to support the transfer of music files on USB digital audio players
    and movie files on USB portable media players.
    
    CVE-2017-9831
    
        An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
        function of the ptp-pack.c file allows attackers to cause a denial of
        service (out-of-bounds memory access) or maybe remote code execution by
        inserting a mobile device into a personal computer through a USB cable.
    
    CVE-2017-9832
    
        An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function)
        allows attackers to cause a denial of service (out-of-bounds memory
        access) or maybe remote code execution by inserting a mobile device into
        a personal computer through a USB cable.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.1.8-1+deb8u1.
    
    We recommend that you upgrade your libmtp packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"97","type":"x","order":"1","pct":80.17,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":14.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":4.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.