Package: cfitsio
Version: 3.420-3
Severity: grave
Tags: security

Hi,

a new version of cfitsio just came out, accompanied with the following
notice from upstream:

The NASA security team requires the following warning to all users of
CFITSIO:

   =====
   The CFITSIO open source software project contains vulnerabilities
   that could allow a remote, unauthenticated attacker to take control
   of a server running the CFITSIO software.  These vulnerabilities
   affect all servers and products running the CFITSIO software.

   The CFITSIO team has released software updates to address these
   vulnerabilities.  There are no workarounds to address these
   vulnerabilities.  In all cases, the CFITSIO team is recommending an
   immediate update to resolve the issues.
   =====


I didn't check the specific problem, but it may be important to upgrade.

Best regards

Ole

Reply via email to