Source: libcsp Version: 1.4+fdd49b7+dfsg-3 Severity: grave Tags: security upstream patch
Hi, the following vulnerabilities were published for libcsp. CVE-2016-8596[0]: | Buffer overflow in the csp_can_process_frame in csp_if_can.c in the | libcsp library v1.4 and earlier allows hostile components connected to | the canbus to execute arbitrary code via a long csp packet. CVE-2016-8597[1]: | Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp | library v1.4 and earlier allows hostile components with network access | to the SFP underlying network layers to execute arbitrary code via | specially crafted SFP packets. CVE-2016-8598[2]: | Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp | library v1.4 and earlier allows hostile computers connected via a zmq | interface to execute arbitrary code via a long packet. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8596 [1] https://security-tracker.debian.org/tracker/CVE-2016-8597 [2] https://security-tracker.debian.org/tracker/CVE-2016-8598 Regards, Salvatore