Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1055 tryton-proteus security update 14 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tryton-proteus Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-26662 CVE-2022-26661 Original Bulletin: http://www.debian.org/lts/security/2022/dla-2946 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2946-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 11, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : tryton-proteus Version : 4.2.0-1+deb9u1 CVE ID : CVE-2022-26661 CVE-2022-26662 Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service. For Debian 9 stretch, these problems have been fixed in version 4.2.0-1+deb9u1. We recommend that you upgrade your tryton-proteus packages. For the detailed security status of tryton-proteus please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tryton-proteus Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIq9YgACgkQnUbEiOQ2 gwJ9jhAAxwp8zXRvjccqO2AkQdOLVroCWjSv2hhCkD53z/jP8cYOGGA3Bpyer2c1 BoPM3xHANbjqSnz3yuuqNqWy9uWyideVwS7uRuvA9lmnzYIy/05s/GrhAQiEsVxZ 42dxUND3OPMr1/8jZWlFn+v6EMjMGjftdcu3APNqYKGDvgg3gA0cfYbCRi5rsmFN k5fkmMAw3ksnUJRT0lqROU1rVBHR3wWQBcrWzzubfXrjWAQlsoqo08bpz3IyszEy 9CkV4EgfBff7Y5tz8/ESlx7gWXooCSRI4Ed+AbFX8wRs4IAubvC1eioXzjnwzyFV fRlC11WdHidWFVSSpJj0+RLsIKDJT2Ob2RtCJYrSGrFKF7NQWwKhyhgJdWm2Sc62 SIccJpFMQF5OCEZktvfKmSF3YbhAhBKTaEG8sFI7UKJX/c4gKyzMQaPw7J3TbTL0 5TZrt2ob7eT52X4c/vxrABzHMmPRK4R+yse5/bHIJaMk9Q1EKizChERm77tGQUAk 6qllD9FmMNc51GTZ6DLPqT2OAb4XpMwbSCHxs7su7c/eMQoqkOsDAxN+vygC1jsp hxliedSGIuB5bVQPl5AQ0PnoZtC8+YcV5mAR+gJ29kGS7Jf/5T0xPn8CMR+VwDt6 Hdl4d7SlWt3fpQl1DGfY2SX3hi6GKb9n2MpVoYxw2lR++pLlFb4= =HnIr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYi56beNLKJtyKPYoAQjPeg/+LZIkOghRNO+BYJmB9+gLbKgAwkA88Mtw WU5NADIPqe2/9b2Lu7zaWQPK4hb8dB8v3xwmctXEVOIqFYRyZCf8mwb/Gxi6TCBo 0vBMyusJBCPy2VvFzGzYzMr2YnqcLhsRRg9wOMb42dWusU2doyrx16muFwCaI5iR efh4epr2CQ8NWY8I0pEPQ5Ha447eD7qxf/T3O3929X23D/TO4JooaT02mJ/VfAU6 0NSIWvn31K5P7boaoFdHUKEt0+Daj3nN1eh1lGontXywhIM/2kK2mIweKKjbGxQe 5f+muWPPgHbY9M4iqjSECrAQXkoXT0cLdDOXpS1ovkYlTylOX3Ou6zeBNAAnTpL1 kU1W39LrT3UXg1tu+hMf3Qp9g76TWndhcpzao8k56CLW35ER63k5OrLvtBLi1sLp N6A9SUqe7lG78AAJS7uQ8aI5DfREvLtJLUdJxcKcXUlL8gc6Nu1xjcMc/UI0KZ9Z XOARQyUWot30qBHo+tr2aKcPfs4UGirv3omU+ArBGBVXo77fRQ+FC9kgA58jsA1B ToEXkzpLQqxdCCrYtODkVFmuzxX0MaKvUXN0nmnUrGJyZWSsKZ2js0hrEiM+3wvd +UQP0Vy8j7FCvHTzqlHUHgUnYhCmjMUNNUf2+jB4o9ebHoBLLSReKagVTRLIMTU1 ir2t4PF4u+k= =Qin9 -----END PGP SIGNATURE-----