Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0332 hiredis security update 30 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: hiredis Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-7105 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html https://security-tracker.debian.org/tracker/CVE-2020-7105 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : hiredis Version : 0.11.0-4+deb8u1 CVE ID : CVE-2020-7105 Debian Bug : #949995 It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 "Jessie", these issue have been fixed in hiredis version 0.11.0-4+deb8u1. We recommend that you upgrade your hiredis packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4xh28ACgkQHpU+J9Qx HljmWg/9G/mGdKqAxO2um02y8T+jphkAGpU5U/fB7qKht23ERkZbfNCt6RfQuOrR UIxL7tmHBSyMmA/vkNuaoirx7GHz6zTT9oWcxGCtKmetCeH3XPeDvmMOnjOwq558 XYb+olE06JDQdMGKC/D4D6Lmw7or5sw8braIYT5cSO42NO5jrkzt50lv65PnrE4g FouYDeH+pp2PHARTa2xF9ZFy5Vhj6ns5TNhmzN7AfSYJzO5YdMxn2g98kIbrDB13 BOqWYBP+m/M4hR/CnB/6LYTqvj1VfzUwwe5UCv+FEDh54xo6c6r78co9fsBqTz4u a9js73AuTjBVN2rQFH9MpO9FXj0SX3wYDMYNxAt6Fr9iyRNxvulbpanHBk4ImIUs SfN/TZTqQbr4oajkJZjQSQXm5qDQEMij38SQB4FMNOtklkZs/L9wDWlA/XkLNC/3 Gf6TslAr0BCMeJlRH5sQHeY/sDjbAH8C8MundvQfYlsVSSWdiI9FL+gj5gxKaq4A wqtODOda6M5zRkUh7g/KaX/LHAZABN7zvYLoBRIfwm8MtxB6jhet7zQHv/bwzYC3 Qw7GMpwi3kUkF7aBSSZnR2L5Lgc05WFgrnJYftEQRwEqM/gRwOlWiZY/FGc9GjX1 VOgOEl2b/Fx/y1+ZBPomlimByaCMQOfINe5jPk5uHL78pY54KIs= =U5yc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjIZ9GaOgq3Tt24GAQiLjA/9FQVmc1OueqRbeyRvzP3qfsEjFTXCywmD GhxXK3nCFNk/JIfD8ynt2kTZNx4YaZU6ysSCAqhncU8ypWkv7YlMU4/0vWvqxi8E AX36H35w3HTsosJr9kCQb4Hju2BTTlkVdU03Ln9qG01BRCjJhSWeE3DJHWO4Z7Mi RiHV5mIQKg3bP5CHvt2RhMkatyBIZUj3G7K9gJzKZA7l8Q7vS0whq6kveIVW/M/k FrDjxV+qxbVkBVArshU3Y4uKcvGYcAKhnHhox2AybY79xasz9k5q8gJkW34sj6ce 8ETSXiVuQmXdIGYeifWGal19XCS4D2vgnPi66E4D/C2BYEG1nt40NiOYpVr4JREO esLuQ+BHTZz402sq27pBrTGI9yAHBorz7KeLwtWdSb8NvphhKyxrS7mmKd5xj90p i5x5c3kkzUnBVLSla19x44qd+HALS5zDryB8I/S8/9ofdQ5LocQhtf445oH732Mc +FnYck6ATnBDQ7B/s0I1CX1Y8TN6sffk0N2jn2pRVSeSjn7yvSY2ECNYX5DBd2b+ v/d9SK5Nd5ahXSnDuTjhnKqNPsZ1l8dVa4hby6ll7LBVN0FVOl35BMuVSnM+87Uw FpIiRgYSr+xip7fsj0yYkSiYvbcSp0yJNpJs9286wLplSKE3uXU578qWwfnPFxoW CHwTQRtJ4Ws= =HIUs -----END PGP SIGNATURE-----