Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2477 [SECURITY] [DLA 1845-1] dosbox security update 8 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dosbox Publisher: Debian Operating System: Debian GNU/Linux 8 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-12594 CVE-2019-7165 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running dosbox check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : dosbox Version : 0.74-4+deb8u1 CVE ID : CVE-2019-7165 CVE-2019-12594 Debian Bug : 931222 Several security vulnerabilities were discovered in DOSBox, an emulator for running old DOS programs. CVE-2019-7165 A very long line inside a bat file would overflow the parsing buffer which could be used by an attacker to execute arbitrary code. CVE-2019-12594 Insufficient access controls inside DOSBox allowed attackers to access resources on the host system and execute arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 0.74-4+deb8u1. We recommend that you upgrade your dosbox packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iKpxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSw8xAArN6x1ZnwUK09AW5jb+sqZ2zj46vOsIHJeL/TQ/y9w3cadB9n2OAZZnKY 1V64tJ7IXkEQ8iWMLJvUhCU7UWY81MGdz+cYeswuhiNXpM+qnhtwYyThBkbEbE33 /V8uXB4z2NALEEf0aTJbA72ykkWCcBt4q9QE2noZUAILhXp82VuSZafa/EHpzwhG lAwZ+QYbLfHREgI4r1uVCJ6tcT/cRoGVkCyrlsQ+CH0DLkohK1FVkSiomqeu3vPy X0vHut9z3Z3IYQHC8OVtbGABdI2TnZiGhTvbqpEc6r+yyITnU+LSoBQ5dkgZlSsT lkW7FZ/J1UTKCtsyU5gBLg0oYOV0rAWNwM8nVkaNmTav0Rc2S+NOOncdHfhbSd5R EZljxs7DhkgnfUP4rY/9pcL6IuYmMxX0fhW9C6pvQIREnSnVDTOb0EZLJYAUWUB2 NQCWGZP18QP76O0QjKCXrpjJEffYS335D/jsGkGO2dEznMZoijHpFwAck48HFAjd SyLXTe3wq4zLsVoSuGqISebOmTXW1yhbopBHy64beiQvvxJrTeU7nYNQh/BGIPRO BDhMG/++wixGgAE4XYjki7lza41KjQnLITMV6ZDIJ+ZAVRyW+p6Al7MAN39GBgjH ajkJjixmSiM6OgvL7lpAtWustMkhuRWeHcmLfrs1Xl6/+U9jbX8= =eQEO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXSKFqGaOgq3Tt24GAQhvYg//egmGwWJ7bQEmALz2PQkACpbQTtPcLPCj oT6t1ag89dbsqLRpWvq+JXYHjoIIPBRdDv0KVY3KLyWT9HefPmHRFUtdWPhpS5xp QJqThlx5DTk1vQ3TfdWZ+4FCm0TK36a/cRAl/dbVg3ypgUtX4LhX8g/oPYF0cBoB MjeZORcTiYGHO0aLSv53s1igYtmpt6AduRXlZF98ReuGudDIVUv6ABtW5q+xW3O4 wDYN7DA0APjVBMf9RvFQ4Mlbg2piydSNVDp9eHLmLH4meWGyKs+pRTFF03czyFKM ICL+dlSmFimVQvU7UzPE1/IPbToXzRvM+RaN1Z2/aHZMvvKuKXKhARn8K+VSP8f2 IdyfIF2MIRaPh0p+PzvV+KcHI4RLXOlqEdq2h1dvSjRcJSCkgiJqYstl8BZuQ9fm io8V2GXo9h1jzq5uaER28dHOXGhgh08ufW7C5w7t6U17VH6ZeD6KxcIbEJ5liEPD A7s5RSthKZDYgho8IDgLMgOUzNMnTPQThNbQma9o2ZaFrzbMtvDZtjCXU4V3w4E4 gJ6L3FX/ZWYWN5kMoEamxDyVSbBVogtAejvWmT9HtylbMZB6q6yrbWc4nnFM3GaK VyJV+puYsfowArxpJ43t6c5Ifh0Uu89DB3tRSvbj0vAqfI3ULahQbpiWK3XE11yi RVEUqtFDkWA= =v4nf -----END PGP SIGNATURE-----