Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3723 libapreq2 security update 4 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libapreq2 Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-12412 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/10/msg00002.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libapreq2 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libapreq2 Version : 2.13-4+deb8u1 CVE ID : CVE-2019-12412 Debian Bug : #939937 It was discovered that there was a remotely-exploitable null pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 "Jessie", this issue has been fixed in libapreq2 version 2.13-4+deb8u1. We recommend that you upgrade your libapreq2 packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2V0kIACgkQHpU+J9Qx Hli3Gw//WKNs9LwYUs3daryTlqjyEe1AinpORyUHQt9MQTs/0z6UU8HkeBlPhDxw BMNGXuBH4ckF6ha3wQOSkCbt1Nm4dNJe6TMzoOka7a8p6HCBTb+UsrZoR5NukISR uT682NtpA8J3uN8Zrx2awgbp0aNgFVZlUiwtZo5eUSCW6osa2Jb3cn2ILosuLZs7 8CBx9gDVT6pdTYqNJhX1/9HotjCGv9RhTqCCf5BF1N7l7ebOdSSwafIdNE14fiau tAqjaeGUAvI/XCqOi2lkLNVkNsWaTRcbTZdOsUzcItwc1wR2mD+FXgZmi6SfmJXz NptgUZVdWoBMOEFhp2tnVsPFlkf/lIUDpnNJANKEeMnqUdl/zWEbuxB3HLI0hU9m NPimKI3+lcRUEw24CAaQyEwSMCvSnC4fiOxfEiiC0HOIVSnVfQPo+9lo+GWNjsjy NbNQX9k3PB+H/gyxQrf9SO7vhBtQKkVeTJnpWF0poAt58nKig/cqObmM4wjVqaJo 8eqGbKxIt5uELDpZDkVbxK93ZvyN3/n3xFP10oH+NNl37SObajCmpI+c/x3IXSGJ oUxTlOqKYtkF7bX1bJ28c7JA7D04sLpySBBiDhEGLMBw/PxZpWv2IOQiViTa6rMC +lq0CgAT+J6JBBAc6SQzUHh7V2a84XGT5mZVzTrnXGWrhyZb5Wk= =0XKv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZZ4SWaOgq3Tt24GAQh91RAA2O+bLcHTUc2/Ok7fTgOBYjH3gG1iyOgu m6GC3TbWqDdCqfx2b7meNIpLDLedX2oPuK+UfXHyjrrdGqG+kRoyaIVWxk6G41LB IO9Fmyhn3UPM4vzxl8ymaSnN+T+EN6tfKeuM3twuV4Hl3r2oQdLEufYJhkadutYV U9xaHLgGjx7YHe+MM/M262j5Uom1e3jkaahltDnQWmxxOqN+1NbDIVHeKe9jnDUR KJnJCZvHPBAfY4uop1bg0l0maZ6GrFbDh1DtDVZBvcAsncpa0s/wdtIcR60yfGV/ SdO8FWjtikENcDFNATn/OMkqhczlw2eJxKg48hXpuaMIkA095gxGdMYchNAmBeIo 8/8LINgmr5Y4ez0VkgFrC/D5V0ThhOYuQpGn+Xy1WXA41GBCpjTklw38DdkjQhDV jMt3ytN9T4UkVhPrkb86alMjYhlzhlCzQ15kpUG12uQl9M1HU7MvYl4p3sM2e0S0 O/y5vmmkdy53dqirVC7Cqh7eHCltr1duF4LvvzkAQXUL3UfNZ60826VdRySYhf4u qP3j+f5PlUw1BykW8SbxAA31V2OH20NK2dKcGk4OBQd1miyGGoBEMsFFg/xynFhw kg5IBYOW5NT8dgQVKFCwQ8mnK/rKNgm4eYK3mqr/wcUsAn9NxlBAsrIUVewiP9Mn Jg63o3NKXWQ= =s1/Q -----END PGP SIGNATURE-----