Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0563 [DLA 1686-1] freedink-dfarc security update 25 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: freedink-dfarc Publisher: Debian Operating System: Debian GNU/Linux 8 Linux variants Impact/Access: Overwrite Arbitrary Files -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-0496 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/02/msg00033.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running freedink-dfarc check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : freedink-dfarc Version : 3.12-1+deb8u1 CVE ID : CVE-2018-0496 Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the user's system. For Debian 8 "Jessie", this problem has been fixed in version 3.12-1+deb8u1. We recommend that you upgrade your freedink-dfarc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlxyrz8ACgkQj/HLbo2J BZ+1FAf/QUOLJxtFgixRukQ2xs9v1YewkRWNvfZx0e+4x698vC8U8DxNumBsMH42 Lphzwfvaxf7iVYFVty6IT+XNTfsC72qQw8hrk02bAWsjAKWEuER41shzCSLx0rOo meC83XrCSN+ITfTc2VPnn7x/CKSk3ivAzhPPxZ9lG5q/oSjt4YP+v/pYC7P2i/fs R8owrh2kkCcP6cxGgO/mKjHdX2VS6JcskUwiOoMAPskDE+01WFmj+xNj5OnYeFF1 F39Nvqe4LyhSr02X2Wvbd1KMPzu8TVdFOVxUkEG0FUEBVGAlgM/sxDEF8c1Dq7pS y5QgIcqjKsgKR/J/Uac06jHfu9sSVw== =SW7v - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXHN5eWaOgq3Tt24GAQgVyA/+Ks9JCskwGsMnfNFMh1aXxmQ73PEmkFDi jRCxxhfpKA0Qv+/Zuz/xQbVtZFgsYxqv/f6yaXrqnPfKNv+4icI8SfETmEcex1Du 653O1qzbMdWiyTr1hF96SEghOebtmQND8f7MY5ujens4zsuBx/YZj3/Z0GOIbZCY /T8CbVTYGe/TZoLdeVs/eXwwTgpSms/Ldi2ncLfdX4epU7jI9QmR5UgOkQpe1hBC yLTCpfSWs1z+UvU61qxBYLyWgNH4D+8gK7rEocAvq+JXo4aAvqOyAtD9nv8v/cEx Xnhb6f9yylTixJPBkwJ+BgRHxiJPYsQZx0rKUAUlzx/EPEt0jkArGvd8DUMFKP1y 9i4Z9mbNaSrPDtLXHYDdSieI73J8DNeL54v0AvAR5jguQK6sHwCCuZKI1lXBnGNU dHxD41EVkIdiU4Otme3OubtsgLGv+5dl6uKkI3eDOzrKu3HmRiyntbR4omvwA472 ipXuGYjEsFgXrsN0M/4vDNhZQRPjfElpiyoMbi6WV0k/ktKkjt6Gv22tXcwYuSqe ZPnZrJF68/i9KMC29uyK1wiWG/3kQUMr0s9oCGFosSDMAPQ6CfnLteIGHfZJOyAU c6LRvh9VCpoVM3t+b3hSO+mfUTEgvOnWvnk5aB4o7iF14VNsPwaIRypl70mSuZw0 i0rigXMbbog= =3SM+ -----END PGP SIGNATURE-----