Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0281 slirp security update 28 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slirp Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-7039 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running slirp check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : slirp Version : 1:1.0.17-7+deb8u1 CVE ID : CVE-2020-7039 Debian Bug : 949085 An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead to a DoS or potential execute arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 1:1.0.17-7+deb8u1. We recommend that you upgrade your slirp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4uB/BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEe7cw//RKnZI6rGUmJLnJF4sYKR8+CU482LZauTXWO19Ry9n4feteHkm5ffPPZ6 fiIBT6VxDQ2fDzJDGFtfRrtsyMzUHu4mEDXE7JYnI4mSnbi0iEvPASdo+nWCKDp3 AOF+hvNz4JC4rh5EKJGLNuX05wHc6OoAAArSBq7day1vCqYIq3NDSeasYSb8vYer w3irbpTPe3Wx9hD/qk8Ll7IEZY7u5BcytqqJSywF5qpa6RLv5FEwd7vK5CdQzlgP keuwNTsiJv5cTftbS3J02eo9PZOEks3D5lCExH2jcP8nWV/xMp4Aql/pEzSI1BN8 lcwdSM5v3m442Iy4RqQxMByNa9rmWVi4hCc/tVTV5qqhOkPe20QzTsAUGpEfhoi6 dT46MZSV2wkuZqIEwwK7gPdR5/0Z83AtgeWZN9T5vB4YENp4XKy/tcgzhifhkavg D9lypBaImgPPRypP07hW8Ugfd+7tr33sQV6AR46KDNldlgznJlM/vb5P3SHmLTgS dJxfSZ8pHedigGdTcu1QtOdk4Ps2wtR+qdVnvw0Oqn6egrgu2aCAfSOFjKgYgsND eCfemFiklX/qBddNr5y1emJUSBO8j6sWjSG+fsv6fkMe3Y8qdYN0mcKrAZF4S3SU OYiXhobFGMsWuKi+Q/1YVbWYAQX74D3l9Xva3il6eEyvJlfyjuQ= =hWB9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXi+5uWaOgq3Tt24GAQhxqBAA2Xz6uuy9OKYMALn9H8WhmaqhuMjJsjoo kI4zreoxC7cDZsMlCbdj/waMhjWT2tAmSctntCAKiagj0wVXypjvr89wGxqachvL VivXdKzjC09yQ/xOVa84k29a86ur8P6Y8ASfeQGTmRVpkTJHi+KKTmxePKJ9j6PP JLVxQIMG/vrh1JEcyyBtpuR3Iqu3uNfBz7VJPphWRZ8cQ5A7t0cfpufSF1f5db3J STZvMPvr1xRPqvvnsuN+dmOwsG+qlHDOKA2QHFNL9hK/PggmH72/DmRWfia+Y2a5 2cWlAx9pvNevsmy5Cg6at2afRAkqOl1xW6DATOwcO63E1BlnttUX3enmDOHAve4z PlTFd2nmgv96i5BUM3Mz5Jp8s3cyQlfxpCEeNDKWwJRA3zQksUCVejL7JWtZoOGD hPfek/UVrYvph+r3QbYIsOTCANCusDE+FAAT0FWsIHBUegTuuw0Mn77ZmiDpp+Kg es22ICH1q697bVWmFTo8pUzDwOUuuxdSPGwS3GY2WJpC18hW2dMkSoR8h0xxiZRE dXN96gx5ubep/CaAHj86NbE6LRxYxYriBRWcYn1i31MnbLOcoXyn4I+daaNulwwW ovY/uleWwlt0wEII1010PLLZqlPVg7lPHFQUnQDlqTXoSkmnlM4jp9bNr9pCiGfc gZg9WJcxfQg= =8abb -----END PGP SIGNATURE-----