Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3723
libapreq2 security update
4 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libapreq2
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-12412
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/10/msg00002.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libapreq2 check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libapreq2
Version : 2.13-4+deb8u1
CVE ID : CVE-2019-12412
Debian Bug : #939937
It was discovered that there was a remotely-exploitable null pointer
dereference in libapreq2, a library for manipulating HTTP requests.
For Debian 8 "Jessie", this issue has been fixed in libapreq2 version
2.13-4+deb8u1.
We recommend that you upgrade your libapreq2 packages.
Regards,
- - --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2V0kIACgkQHpU+J9Qx
Hli3Gw//WKNs9LwYUs3daryTlqjyEe1AinpORyUHQt9MQTs/0z6UU8HkeBlPhDxw
BMNGXuBH4ckF6ha3wQOSkCbt1Nm4dNJe6TMzoOka7a8p6HCBTb+UsrZoR5NukISR
uT682NtpA8J3uN8Zrx2awgbp0aNgFVZlUiwtZo5eUSCW6osa2Jb3cn2ILosuLZs7
8CBx9gDVT6pdTYqNJhX1/9HotjCGv9RhTqCCf5BF1N7l7ebOdSSwafIdNE14fiau
tAqjaeGUAvI/XCqOi2lkLNVkNsWaTRcbTZdOsUzcItwc1wR2mD+FXgZmi6SfmJXz
NptgUZVdWoBMOEFhp2tnVsPFlkf/lIUDpnNJANKEeMnqUdl/zWEbuxB3HLI0hU9m
NPimKI3+lcRUEw24CAaQyEwSMCvSnC4fiOxfEiiC0HOIVSnVfQPo+9lo+GWNjsjy
NbNQX9k3PB+H/gyxQrf9SO7vhBtQKkVeTJnpWF0poAt58nKig/cqObmM4wjVqaJo
8eqGbKxIt5uELDpZDkVbxK93ZvyN3/n3xFP10oH+NNl37SObajCmpI+c/x3IXSGJ
oUxTlOqKYtkF7bX1bJ28c7JA7D04sLpySBBiDhEGLMBw/PxZpWv2IOQiViTa6rMC
+lq0CgAT+J6JBBAc6SQzUHh7V2a84XGT5mZVzTrnXGWrhyZb5Wk=
=0XKv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXZZ4SWaOgq3Tt24GAQh91RAA2O+bLcHTUc2/Ok7fTgOBYjH3gG1iyOgu
m6GC3TbWqDdCqfx2b7meNIpLDLedX2oPuK+UfXHyjrrdGqG+kRoyaIVWxk6G41LB
IO9Fmyhn3UPM4vzxl8ymaSnN+T+EN6tfKeuM3twuV4Hl3r2oQdLEufYJhkadutYV
U9xaHLgGjx7YHe+MM/M262j5Uom1e3jkaahltDnQWmxxOqN+1NbDIVHeKe9jnDUR
KJnJCZvHPBAfY4uop1bg0l0maZ6GrFbDh1DtDVZBvcAsncpa0s/wdtIcR60yfGV/
SdO8FWjtikENcDFNATn/OMkqhczlw2eJxKg48hXpuaMIkA095gxGdMYchNAmBeIo
8/8LINgmr5Y4ez0VkgFrC/D5V0ThhOYuQpGn+Xy1WXA41GBCpjTklw38DdkjQhDV
jMt3ytN9T4UkVhPrkb86alMjYhlzhlCzQ15kpUG12uQl9M1HU7MvYl4p3sM2e0S0
O/y5vmmkdy53dqirVC7Cqh7eHCltr1duF4LvvzkAQXUL3UfNZ60826VdRySYhf4u
qP3j+f5PlUw1BykW8SbxAA31V2OH20NK2dKcGk4OBQd1miyGGoBEMsFFg/xynFhw
kg5IBYOW5NT8dgQVKFCwQ8mnK/rKNgm4eYK3mqr/wcUsAn9NxlBAsrIUVewiP9Mn
Jg63o3NKXWQ=
=s1/Q
-----END PGP SIGNATURE-----