Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3663 fastd security update 26 October 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: fastd Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-27638 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/10/msg00025.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running fastd check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2414-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sven Eckelmann October 25, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : fastd Version : 18-2+deb9u1 CVE ID : CVE-2020-27638 Debian Bug : 972521 In fastd, a fast and secure tunnelling daemon, a receive buffer handling problem was discovered which allows a denial of service (memory exhaustion) when receiving packets with an invalid type code. For Debian 9 stretch, this problem has been fixed in version 18-2+deb9u1. We recommend that you upgrade your fastd packages. For the detailed security status of fastd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fastd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEF10rh2Elc9zjMuACXYcKB8Eme0YFAl+V0mYACgkQXYcKB8Em e0bp5w/+OgtFwuTQVHxiUC6tqiJLQFlR3AOTlI0+KHQ1GATtzcev54lwWy48Uudq zKFonF90sDezjmYeEDDT5avxjzZKfm7KRU+ZJZrvwASTCo2K1ITNx1ne/jK+pZA3 CY4d/2q+79W1b3gkpoWLr7UiDEAJHHUMgkoqSmxRfVODjq+rVkxdf5OlGMtdPm8e klF61r85ngBzwSK2KFHyO70zcD+573l876lQvZsruRAL6q7gAvNbRfTfMOc1NX4U IImvRVn1u5WEPJNqkneuKlzcAT5tMUqOJrk9FCTsr3MBz4xvmvDAaYNk8srrKIOi slRasdpMZjF+MKX2LKegp07lfeAAsDGCkFFjcI6Q4anEXnFpRhTvEyBGUOTzjP3l 4DW5xvqkbaqEBRNsNKkBU0HrRH/Y40es1F9kUYqPJMDGGEQlBJMW0U5Cabsr6Gvb i2Bsy/K948Bt4j9DsGjQOoFd3fKAu+Jf8iw/9/HG5gspSCoLnGQoDvhreVTpiyEt NhxH0kWZcXe0PkOq/g2bNWAyNzNFgMAlFv5LD4Gw5WXHva8YzyzcDG5uw31UYONO CPJ6aF+y7ti+brTBjwN8Ol0fyjgqcD+NitGvG3stEUI2aDDNo6cYED74Uwk+Dz2H sXA97K9RJdxnptyex8GKALKyK0tQCPtR/lWgoIrUnOQYPBcMS0w= =i+4h - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX5YOmeNLKJtyKPYoAQgCNg//dlNo5eDXhtf9cHEzgSAXvp+nK7/uxFqH por6bEl0RR/4WXkudO7thk0B1qcGxixvdPabiy5DXHkIchvsza+b0pwvCQSVZCJx 3+hz/m056kEIhYiPWDziFUtl8F+BmEA6sf4wtFX9zZhLPWXKxdk4oFeXgFOa1Xg2 ZDau8m2Mv/JWc93426n2Owye2cgyn7bdnrmm6j867dCuFTo1TZPA6CaOS0iiMKrU oRirIw/R/7xm2MOTX9oeT0knDmThhRax0kCgLvnHY9B+2So+Yl8+2NRUNPDd5Syl kAJTvRUJipVtq7Fb2OY08ld/AEh+ZFzCspQDQEZE4uttjRxRZ+wxGmf6Xstjvtez 1DbyZjvrlX92yiVC1R21KpVwF6cN4t6qywDocC81kyiYVQO9D8pC/hrvCOEjdCk6 oVvgUGxfQuX7R/9FMg79CQd1gkNVJZPF3rsbr80/znQpPANYmZ3G6KS7eVhm4Vlw btzZq40kSZJvNqR2N5Vcc7yDyNbXPxgdqx7DUgu2SuUFpsKfXReDAn+X/j4B0rQp 57otwvqEOQAR7Qa7iW/VaUMyMd9dTEY/zHvFOtDsLKJZ7zlMGQHPfuC9DPdlQzVE MF1xuufxFcgh5bddp/yf9xzJRuYnrefOur3Zrt7RI7iBufmdknw+J50quj6yOSMu Q0bLS5InIV0= =w7gd -----END PGP SIGNATURE-----