Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2521
admesh security update
24 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: admesh
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2018-25033
Original Bulletin:
http://www.debian.org/lts/security/2022/dla-3019
Comment: CVSS (Max): 8.1 CVE-2018-25033 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3019-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
May 22, 2022 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : admesh
Version : 0.98.2-3+deb9u1
CVE ID : CVE-2018-25033
Debian Bug : 1010770
One security issue has been found in a tool for processing triangulated solid
meshes admesh.
A heap-based buffer over-read in stl_update_connects_remove_1 (called from
stl_remove_degenerate) in connect.c was detected which might lead to memory
corruption and other potential consequences.
For Debian 9 stretch, this problem has been fixed in version
0.98.2-3+deb9u1.
We recommend that you upgrade your admesh packages.
For the detailed security status of admesh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/admesh
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmKLAnQACgkQ0+Fzg8+n
/wYpLw/+KtBi5ChsLMU1jLZjls+VLfnHQqHPignYNTSW7uFLnI/VDRo81PVYE19f
LqzNbfo8xYsEBrUyiYpd9P0D5luaYBwxPrsQr7stfTlIUrVEVpgHFBPHYmXOA4Vj
EI9K0wYLY7FVJyiC/Ry+qlSx2PMd48QdIt2ILD1EoTHKccUWUR0QJotvly5s1bvA
9B2Yxm32jGRmKpS78FZoT+FGI4XGEzOdufdCVGaMeTCeSpUd8EPla9vycQZ1tz9c
M283aFNWYSDCZUutlfbfbnx9CmgvH/W59jzyOjdch03+kvN/qz48t1ApYpynSBtj
373R0D3SkRHzLo4i0NYKW5Mtnxw9sQYNvPSMQjdSlMjKE5Z7nL0sUckEqGJS+9nW
J4vSCya37H9JFv68G3E6XR8hr0RAS+dg+65NshrYJgLRwNE0VcGLQP2ZVHZYubyE
rUfk6V19DV/pjtUKSdazDOC5pUBp/XlsQ6FWuIYc4qyvPzYs0gj14zn1S5/D9V/i
agh2o4qxqTHrRGMw3QYbArL7Z7XuxvGSKUnJW79OCHgtO+ikIA+l0tjbn9wJLAjb
RJ/IGAIRHWewoxMTbAB5gHMEFPIaTVIKT71+j9k18yHveNxg6mtLI/vCEbjI1H7t
9+WVEL8T4J/3MCNaNCWWZFdbYJFt9TGb68KI1XciWM5ssmnPE3c=
=2Q17
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYowV0skNZI30y1K9AQgZdA/8CPRyEdNuB3LkACYmIeC/jt/Ac5qInRC1
OIJZ2/jigrXPUtm/Sy9JXtG24sSWQ701lGqquJ6WNtQYuM1jfwlXbn/4zxs/QjCw
gpqSoXY3nRY1tBZnH4qlQAxoqX5hXyuka7rkRWE8zsTWjrG5WIClAhMVSgI8z6ji
BS/gLmuZHo/xCgtk/tzoywACAABITYDZoP1MpHWAZbx48daLKwytA6khOZ1JqBwF
/tlAF10ScoSOfPTL1i1GKV5MGnB/ZIDmczZRmQTrQU8BUwPbTiMrNL8htvP6kWeC
UWB0CgTgZmRKcEiXFcnYD/aTB6nCOrbXNc0bsEHgxOg6YVqf6mnBajM5+13FfK1O
QgWrRuvLtXraAo1LKiOZbhGVxPF4cHJIHDfAHHg8qqGpdQ5awieV6T+rtHq4X8ix
Ri+CCRYIMvb2q5ZQIK+fCz0u87Fq/SRUEoHa8/dOe2WK1xrn/t4/Bcu7IMHC1fds
YGb3o0WZ64sgiDCTmwQ0q9ew6O9ZCXLxGbOYBG8HZBV+UB/DquqN3QXGCT6ymgdC
uZWGjuQ6earGv6QqtENv5euvb+MfYHm1JtroopN7ha6jDFjmFaUL5YmtHeniEi2r
TkEwS1Yzbofvk+AEhXDu5MKsVB655HB535eiut4EMe9diSWU3qJ3w6XEBGgz6NTU
NsrQrf0ia2A=
=91nW
-----END PGP SIGNATURE-----