Debian DLA-1297-1 : freexl security update
Medium Nessus Plugin ID 107105
SynopsisThe remote Debian host is missing a security update.
DescriptionLeon reported five heap-based buffer-overflow vulnerabilities in FreeXL.
There is a heap-based buffer over-read in the freexl::destroy_cell function.
There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
There is a heap-based buffer over-read in the parse_unicode_string function.
There is a heap-based buffer over-read in the function read_mini_biff_next_record.
For Debian 7 'Wheezy', these problems have been fixed in version 1.0.0b-1+deb7u5.
We recommend that you upgrade your freexl packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.