Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1875 [DLA 1805-1] minissdpd security update 27 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: minissdpd Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-12106 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/05/msg00037.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running minissdpd check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : minissdpd Version : 1.2.20130907-3+deb8u2 CVE ID : CVE-2019-12106 Debian Bug : #929297 It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process. For Debian 8 "Jessie", this issue has been fixed in minissdpd version 1.2.20130907-3+deb8u2. We recommend that you upgrade your minissdpd packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzrCpwACgkQHpU+J9Qx HliZ4A/9H8XKuQ7aADtuy+o9Qx/Qi2Nqz6UdzEe8MD5tFirBF4TSsjkt98Mv2D+Z utbmKrMpLyaEvq6oid8Vljl0QI4iIVQYk1U7WL2Npyklqt3KjSou2x+iP9drCw/Q Stu/V3s0aMeTh5RW+pHyHcVEpxwr4isoWdKLQqRTTBDzcGCdk/7EWamLTVH3Ci05 xUXXWMk0kYHOClLAhgAlVuGV+60NvM9X6Ul7WGMcbIp8jf48UOXnqxo6U8bjULvs 2SfiPFVAlBboGHLmFmJooKg29EQh4a6xLiGvpAcJyNYVHQOWRwTOzjhUP4uF4vbe F3kFlqF+Z4dQ1K+TKjhSRID6RgfgINjPXzlv0ajw5S5g3HTYWj4h/KGtO9FsYO2I KcoGqtObEOS/Q9r7OMCEvoe1gmjw/d+8glgea0PJnvFLFxTw1xkUlEEKhA8qOBNH bnipkFmQBEDoZMNVfsAiff4j3CUQwXQPtuvxvgqjU8bztyQclED4nxsJnDClPLc3 YtumQnqa+ir/rfCd6Xc0aoCC/rvuoc0XaQN13+zd370/Q5S0Dn5+weNxQFEX4KpC tGw4M1diGYUyAZDDjhjkwt6DIc6hvzC4lZF1DFizpZyZU4ET3AmSPsMzyEXBExNs 3JFmlkviH3dudzR4XeZFfX+6/PVFdGh4rKM+BBGeUa+aXOJ32Iw= =ieW3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOssoGaOgq3Tt24GAQh+XBAApdbPtw2cEKo+gIgF+rE45Pp6CiM8s/Lj jDIkFZr1PH9R+SOgo4lKLI8HurAEGb4d1SYe2n3fXmvblugNCT6009luH8UH2Do8 ungzC2Qayf5u0tFw1LuGifx5C/70yzhaDR6hWz424LCtlM0T6CHimIhrpmppe8kd zgJo/d2kyQrLWW6ZH+pKWoz0l9gHkOTRL4rMeMfXci6xeSjDrdgOSkFb1INKpVOJ 14vvnMGCL5H+1b4H4mmAc9wOqdBpiDVEQoZBfr/hCQPP8ebvBtb933UISx4wwRf7 Eh5cfgFVAkL/U05Ss7t3+B82YDcJoel+owUYtbIQ97DLk+qOTY3bBEyM7ILU+qZK M6KYS7+ZtDLFOJeWIBQf6sQOlnc4YBRy5kwKcAGVV74QbVhXvT9d3938tMwOYjhe vRZ0iBhxPD5t4UdhioW+gNCVbeMkp8ZzFz4fcnytIqZ8YGKimxeg/oA/rQ2NCTpS DjPs3/DN7PtG4Zjx6xRJnG3rPxQU+EUFsh8hylK6pjo9Ef9l27KWrh10UnGThBgU obTQppDWBwa6zDhVKXibUXHURIhsqk/Yv0JehkczGEoo94c58PV6GmiXmlxOjyZX UXoyzDWEhNPhVj9vNmPsrvDXLQm3PHP8FYIRmZcWKjiNMngSs/tcfqBZ+lMXfdHm 0+dUrpw7/So= =/zIi -----END PGP SIGNATURE-----