Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2193 prosody regression update 21 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: prosody Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-32921 Reference: ESB-2021.2143 ESB-2021.1668 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2687-2 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky June 19, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : prosody Version : 0.9.12-2+deb9u4 CVE ID : CVE-2021-32921 It was discovered that the previous upload of the package prosody versioned 0.9.12-2+deb9u3 introduced a regression in the mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the reporting an issue and for testing the update. For Debian 9 stretch, this problem has been fixed in version 0.9.12-2+deb9u4. We recommend that you upgrade your prosody packages. For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDNjcAACgkQ0+Fzg8+n /wbPJA/9ExAHfQ83wnMEqtvfdNxEkfFdG2/tbLHeGM3gQy6wEFnfLEVfqINfqshO 4qFIA0/DkZrk7jjD2HrO6XkXdvkC9HezpM98p9sXAMjZagNqXRDPrxpo+yGOOgTp oT74yQ/RFquFyDPs+p98/UUIl27220ktyTXhTRPiVg9PoTL4TTe2aauhV2FPigm5 HQVCH2bKf8A54l6s9t9fUDXokSyeq33JoPxdhVZTRbPLmw860XSfsc5dnE5L4zAC eqjd1Rj+xQ74vBzKJApvILmCkjJrB4CkPWYW92HamZxPVV6Seairle0DBc2VpizV rUiP2BIh4DabfS4R9RwuCCpw70GybqCzbeLhAOnXKMa0j5Ma4XdCWvVwFdpdS5px q1zx9Vk/m0iXsRzTg7Ggjzy8zvu5qF7a7DZi2JrOdlHiIbirPOUz7bCPd1MnA00H 4wlVtfDHFeDgS+wlEnGgoII+SlnUnGw/D+G3QGqnkMkQ6qQSJiOvlWOpGEzdnB9Z hPQhyomDTJSLjOYPlOfRd4rFF/MMiJEKWQDVhyiVjH/dMFZCwmK29ylPkVPrRMDD r6Ahj87qottoh3p93nymLK8q1TKeM3a+rAP4nUKQQtKrMjKi/QhgqHLaQORTV8pV 38hG1xvWHoJjQhu1rL+zBIwKYN0Juxt6ybYnC7te8iwBOneu0IU= =Exn8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYM/uW+NLKJtyKPYoAQgtZRAAqq7ph8E3ZjKmmWhaRNiBVulKt6PeaGzg gpIRIxgGcZynWfeWGW6SwwoXnD7/97MqIapd26sow5ghQeKF1IkBCohkJwcRW6yC 7L7uzIDExNlOAa9z3FTjQ5EEGmCSQHvADjkMjAXM6HLwGS8O2WC1evBh2pFzZMzo qjo9Omt9Ifr5jiuEDClu5+tPCXIwL7aPwBb1zDzEWgx7Kv5MzcJaf/XaF7mG00p2 bJdex7ANIaE46ZQvghvv3xgVfjzxczyGlvRW2zXowkZc9TVZ6xfw6RKmm5DLVDAV QUlP/b9m1aYb1ffcgtDyu0mu3BAp8NhyNRYrYE47hom7xtsiQNKNEDp0D4a5SJ7Z ayXjlvvyzyTmxt/tAcZaLOclN+gcQR25r0O4vUbQbgw4VxxGlpVsZF2jnrZimN6t qK8yVoRaTWVjD6vWIZdV9Jv/Lce8mwN0NYOsVa/rGQ9rT+G27n1U6q5IXZhmoWbW qs82FHNSlZy55rvoC8Cjmz52oF9OIcx4Gzp13+4zK3JPrmZ03h4KdCWUEZ/5vx7R 7zV9GSOVFm+cf25/7bHTCxMO8wLbgl3isuUCyui92H9ZrSVmdg8QLgyaYhZXJtTP ax8kKpqHqTyk8RW6GZAlMVyUvBHPAhj2Cvw16l+i/nOtAniohTiHavv+hqvgeWh0 qGhGfxzShf0= =adDt -----END PGP SIGNATURE-----