Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2477
[SECURITY] [DLA 1845-1] dosbox security update
8 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: dosbox
Publisher: Debian
Operating System: Debian GNU/Linux 8
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-12594 CVE-2019-7165
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running dosbox check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : dosbox
Version : 0.74-4+deb8u1
CVE ID : CVE-2019-7165 CVE-2019-12594
Debian Bug : 931222
Several security vulnerabilities were discovered in DOSBox, an
emulator for running old DOS programs.
CVE-2019-7165
A very long line inside a bat file would overflow the parsing buffer
which could be used by an attacker to execute arbitrary code.
CVE-2019-12594
Insufficient access controls inside DOSBox allowed attackers to
access resources on the host system and execute arbitrary code.
For Debian 8 "Jessie", these problems have been fixed in version
0.74-4+deb8u1.
We recommend that you upgrade your dosbox packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iKpxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSw8xAArN6x1ZnwUK09AW5jb+sqZ2zj46vOsIHJeL/TQ/y9w3cadB9n2OAZZnKY
1V64tJ7IXkEQ8iWMLJvUhCU7UWY81MGdz+cYeswuhiNXpM+qnhtwYyThBkbEbE33
/V8uXB4z2NALEEf0aTJbA72ykkWCcBt4q9QE2noZUAILhXp82VuSZafa/EHpzwhG
lAwZ+QYbLfHREgI4r1uVCJ6tcT/cRoGVkCyrlsQ+CH0DLkohK1FVkSiomqeu3vPy
X0vHut9z3Z3IYQHC8OVtbGABdI2TnZiGhTvbqpEc6r+yyITnU+LSoBQ5dkgZlSsT
lkW7FZ/J1UTKCtsyU5gBLg0oYOV0rAWNwM8nVkaNmTav0Rc2S+NOOncdHfhbSd5R
EZljxs7DhkgnfUP4rY/9pcL6IuYmMxX0fhW9C6pvQIREnSnVDTOb0EZLJYAUWUB2
NQCWGZP18QP76O0QjKCXrpjJEffYS335D/jsGkGO2dEznMZoijHpFwAck48HFAjd
SyLXTe3wq4zLsVoSuGqISebOmTXW1yhbopBHy64beiQvvxJrTeU7nYNQh/BGIPRO
BDhMG/++wixGgAE4XYjki7lza41KjQnLITMV6ZDIJ+ZAVRyW+p6Al7MAN39GBgjH
ajkJjixmSiM6OgvL7lpAtWustMkhuRWeHcmLfrs1Xl6/+U9jbX8=
=eQEO
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSKFqGaOgq3Tt24GAQhvYg//egmGwWJ7bQEmALz2PQkACpbQTtPcLPCj
oT6t1ag89dbsqLRpWvq+JXYHjoIIPBRdDv0KVY3KLyWT9HefPmHRFUtdWPhpS5xp
QJqThlx5DTk1vQ3TfdWZ+4FCm0TK36a/cRAl/dbVg3ypgUtX4LhX8g/oPYF0cBoB
MjeZORcTiYGHO0aLSv53s1igYtmpt6AduRXlZF98ReuGudDIVUv6ABtW5q+xW3O4
wDYN7DA0APjVBMf9RvFQ4Mlbg2piydSNVDp9eHLmLH4meWGyKs+pRTFF03czyFKM
ICL+dlSmFimVQvU7UzPE1/IPbToXzRvM+RaN1Z2/aHZMvvKuKXKhARn8K+VSP8f2
IdyfIF2MIRaPh0p+PzvV+KcHI4RLXOlqEdq2h1dvSjRcJSCkgiJqYstl8BZuQ9fm
io8V2GXo9h1jzq5uaER28dHOXGhgh08ufW7C5w7t6U17VH6ZeD6KxcIbEJ5liEPD
A7s5RSthKZDYgho8IDgLMgOUzNMnTPQThNbQma9o2ZaFrzbMtvDZtjCXU4V3w4E4
gJ6L3FX/ZWYWN5kMoEamxDyVSbBVogtAejvWmT9HtylbMZB6q6yrbWc4nnFM3GaK
VyJV+puYsfowArxpJ43t6c5Ifh0Uu89DB3tRSvbj0vAqfI3ULahQbpiWK3XE11yi
RVEUqtFDkWA=
=v4nf
-----END PGP SIGNATURE-----