ESB-2018.0984 - [Linux][Debian] beep: Increased privileges - Existing account 2018-04-04

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0984
                           beep security update
                               4 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           beep
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Linux variants
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-0492  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/04/msg00002.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running beep check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : beep
Version        : 1.3-3+deb7u1
CVE ID         : CVE-2018-0492
Debian Bug     : #894667

It was discovered that there was a local privilege escalation
vulnerability in beep, an "advanced PC speaker beeper".

For Debian 7 "Wheezy", this issue has been fixed in beep version
1.3-3+deb7u1.

We recommend that you upgrade your beep packages.


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrDIyIACgkQHpU+J9Qx
HljMqA//TBgn5i3tWEtJ/yCfWUQLiKfRm+2WW2+q6qikIvjveLOvsEVaBXqt/wEi
XKU2Nrwqn+QAeWYd4y9mKqg8QOlWllk414PKEYdDYqKZa4KxSQEimFy7X7nuPoZs
1NrWTM4vlQ2I3L7Zgcbxtst9OgvNO/ivoFQIwxGdTJIzR6smcRahTS0erspDPHDj
0oz/xdN/8m0mp7fL3pMBc2JkFvmflya94lO1K2dsav7ySlLloceUEVtCqmAQkBo/
6RV0oKqDTVvCyi7VfnWfLqTgMqKlVxMNlqBdS6EKJRjiRZ+Z+gm/lQnczrzxZ+zU
de+rSVnREsCmIpKfktTasLkE6JUs/IdAAKh1rEcDXvHxeq7idm04+RJWyUBfYHMe
6SeVxJByGZqyVBjBNJZspbJgPcgZGIYLW7xuJQGT3JPjsb6MoSznrOaNYsR23f6X
3cOdMT32q4R2dKP1uEcKqB8RC2YnHZb8Vp4H3D6sAeWoX2B3k9VJXkXcYEYnnSDe
zKyzDbsdYWBLPPavtUz/S1NB2NX2C3WK7NhxciKtaAKAGtIIlxSyTHIt5AmX7Dnd
LhdS84ZLrHE/v/lWRLoaUx9Ii02lTPYbwUWvb1w40r1A4YfOsb529ImIM/h5Y6Xy
zrt6PoGi7bd5LvWvGdjn4/5iUredsIldw2u3TzR3jG+prxM2caM=
=FU7j
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsQWu4x+lLeg9Ub1AQhBTxAAmXC7naA8mHu0pWDCwBNOxvBO9bCHDapD
yCBBrmO/ARt9+tGp9Oqjcq9ddGtqpf+ICDJO9ma6RuCi7r081RsvZvhq6kDc8z3u
eSKdHm0mgqZUC9wAGY/owosGxWcQSLZFkKJewGzigOZueLlinOQPzePtic720PFd
6YPRFYTd5rC1eIZLgfKdR6xBt7Je0gyCIgOpMSUvporbvBpdpfFiFr5sPHNjgg3M
vrZ+7AwRklf47ySVCtz0nWDrBt5ov3fSPa0wyAoyrVb2mJub5/SnaADcMcr2+ZKj
dsBr6OcrSBHfq7EWfDdPegRXEayYFfZOUmA1m0UTQUp2ge1cOEAsvj6VmrRoXxWN
8FuPleNCHbl7NY+WFPsAXkt0dGO8Lalvm9nqTJTtpM4V9se2vT8Su/YSHEYfHBq1
h6w54Mw/FP52CIpz3ULRB0pzxt6OuPyqK7ZyHOYqqulDPCofGQ5yxDFPP8G+j4GQ
St+8yyLZwLJHHn+yBr7RBEGWbSLMk3qPiaRvGtySw2CYA4q+F2p23JlmSMc23SGp
98fYV/KLQfDSvjZXsjfxp4ESC9Oo2z+7kMngzpBfkhgSXRRHjQa2E6ciF6rP/qP+
IaAuONR/fl5LtMkNFSpcBGLwDWmd4cH2Jfpc6s6ERc8YDaix9zKCx40bPY4IQFgE
dC68qUcH8Bo=
=GHjB
-----END PGP SIGNATURE-----

« Back to bulletins