-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3663
                           fastd security update
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           fastd
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-27638  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/10/msg00025.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running fastd check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2414-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Sven Eckelmann
October 25, 2020                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : fastd
Version        : 18-2+deb9u1
CVE ID         : CVE-2020-27638
Debian Bug     : 972521

In fastd, a fast and secure tunnelling daemon, a receive buffer 
handling problem was discovered which allows a denial of service 
(memory exhaustion) when receiving packets with an invalid type code.

For Debian 9 stretch, this problem has been fixed in version
18-2+deb9u1.

We recommend that you upgrade your fastd packages.

For the detailed security status of fastd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fastd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEF10rh2Elc9zjMuACXYcKB8Eme0YFAl+V0mYACgkQXYcKB8Em
e0bp5w/+OgtFwuTQVHxiUC6tqiJLQFlR3AOTlI0+KHQ1GATtzcev54lwWy48Uudq
zKFonF90sDezjmYeEDDT5avxjzZKfm7KRU+ZJZrvwASTCo2K1ITNx1ne/jK+pZA3
CY4d/2q+79W1b3gkpoWLr7UiDEAJHHUMgkoqSmxRfVODjq+rVkxdf5OlGMtdPm8e
klF61r85ngBzwSK2KFHyO70zcD+573l876lQvZsruRAL6q7gAvNbRfTfMOc1NX4U
IImvRVn1u5WEPJNqkneuKlzcAT5tMUqOJrk9FCTsr3MBz4xvmvDAaYNk8srrKIOi
slRasdpMZjF+MKX2LKegp07lfeAAsDGCkFFjcI6Q4anEXnFpRhTvEyBGUOTzjP3l
4DW5xvqkbaqEBRNsNKkBU0HrRH/Y40es1F9kUYqPJMDGGEQlBJMW0U5Cabsr6Gvb
i2Bsy/K948Bt4j9DsGjQOoFd3fKAu+Jf8iw/9/HG5gspSCoLnGQoDvhreVTpiyEt
NhxH0kWZcXe0PkOq/g2bNWAyNzNFgMAlFv5LD4Gw5WXHva8YzyzcDG5uw31UYONO
CPJ6aF+y7ti+brTBjwN8Ol0fyjgqcD+NitGvG3stEUI2aDDNo6cYED74Uwk+Dz2H
sXA97K9RJdxnptyex8GKALKyK0tQCPtR/lWgoIrUnOQYPBcMS0w=
=i+4h
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5YOmeNLKJtyKPYoAQgCNg//dlNo5eDXhtf9cHEzgSAXvp+nK7/uxFqH
por6bEl0RR/4WXkudO7thk0B1qcGxixvdPabiy5DXHkIchvsza+b0pwvCQSVZCJx
3+hz/m056kEIhYiPWDziFUtl8F+BmEA6sf4wtFX9zZhLPWXKxdk4oFeXgFOa1Xg2
ZDau8m2Mv/JWc93426n2Owye2cgyn7bdnrmm6j867dCuFTo1TZPA6CaOS0iiMKrU
oRirIw/R/7xm2MOTX9oeT0knDmThhRax0kCgLvnHY9B+2So+Yl8+2NRUNPDd5Syl
kAJTvRUJipVtq7Fb2OY08ld/AEh+ZFzCspQDQEZE4uttjRxRZ+wxGmf6Xstjvtez
1DbyZjvrlX92yiVC1R21KpVwF6cN4t6qywDocC81kyiYVQO9D8pC/hrvCOEjdCk6
oVvgUGxfQuX7R/9FMg79CQd1gkNVJZPF3rsbr80/znQpPANYmZ3G6KS7eVhm4Vlw
btzZq40kSZJvNqR2N5Vcc7yDyNbXPxgdqx7DUgu2SuUFpsKfXReDAn+X/j4B0rQp
57otwvqEOQAR7Qa7iW/VaUMyMd9dTEY/zHvFOtDsLKJZ7zlMGQHPfuC9DPdlQzVE
MF1xuufxFcgh5bddp/yf9xzJRuYnrefOur3Zrt7RI7iBufmdknw+J50quj6yOSMu
Q0bLS5InIV0=
=w7gd
-----END PGP SIGNATURE-----