Debian DSA-4129-1 : freexl - security update

high Nessus Plugin ID 107121

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.

Solution

Upgrade the freexl packages.

For the oldstable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u5.

For the stable distribution (stretch), these problems have been fixed in version 1.0.2-2+deb9u2.

See Also

https://security-tracker.debian.org/tracker/source-package/freexl

https://packages.debian.org/source/jessie/freexl

https://packages.debian.org/source/stretch/freexl

https://www.debian.org/security/2018/dsa-4129

Plugin Details

Severity: High

ID: 107121

File Name: debian_DSA-4129.nasl

Version: 3.4

Type: local

Agent: unix

Published: 3/5/2018

Updated: 3/5/2019

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:freexl, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/2/2018

Vulnerability Publication Date: 2/23/2018

Reference Information

CVE: CVE-2018-7435, CVE-2018-7436, CVE-2018-7437, CVE-2018-7438, CVE-2018-7439

DSA: 4129