Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 27: libextractor Security Advisory - Critical NULL Pointer and DoS

fedora
Calendar Grey November 11, 2017
Dist Fedora Esm H88
Several vulnerabilities resolved in Fedora 27's libextractor framework, improving overall system security and trustworthiness.
1.6, multiple security fixes.

Summary

libextractor is a simple library for keyword extraction. libextractor

does not support all formats but supports a simple plugging mechanism

such that you can quickly add extractors for additional formats, even

without recompiling libextractor. libextractor typically ships with a

dozen helper-libraries that can be used to obtain keywords from common

file-types.

libextractor is a part of the GNU project ().

1.6, multiple security fixes.

[ 1 ] Bug #1501695 - NULL Pointer Dereference vulneribility in libextractor EXTRACTOR_nsf_extract_method

https://bugzilla.redhat.com/show_bug.cgi?id=1501695

[ 2 ] Bug #1499600 - NULL Pointer Dereference vulneribility in libextract when get flac meta from libFlac

https://bugzilla.redhat.com/show_bug.cgi?id=1499600

[ 3 ] Bug #1499599 - libextract Divide-By-Zero Denial of Service Vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1499599

[ 4 ] Bug #1504389 - libextractor-1.6 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1504389

su -c 'dnf upgrade libextractor' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 1.6
Release: 1.fc27
URL:
Summary: Simple library for keyword extraction

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.