Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0927 slirp security update 16 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slirp Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-8608 Reference: ESB-2020.0569 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2142 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : slirp Version : 1:1.0.17-7+deb8u2 CVE ID : CVE-2020-8608 It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3). For Debian 8 "Jessie", this issue has been fixed in slirp version 1:1.0.17-7+deb8u2. We recommend that you upgrade your slirp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5rXkwACgkQHpU+J9Qx HlhhLA/9GrRPoZEkZVu3G3S5hkDyxmpR5I3MXoDu/VjkW6QmniGo0ET88tCALVvR WDfurU7/ZLR6c1tBBZwQmn4lsd2JgQ8F22/JtBtuGJ8VVt/erlYbUXnW8DDq5hhN 5FQjekDW500AEtaE4Oqk4346kjqtB8Gxe6PXKYQ+kA6RepMqrtl4cmgGC1exM6Q5 8GxVseHg5sz4uQNp3sEPswO2CcMnMyU0jbh+cJAq7cwVhURbY42cUz/yM+0Ps007 BQtIUVGv/qzvZsW6g9OodNMgXcdNFLNA/KrmMEppKHFjVoQ/AU50fWMvHyHPR31f n4oz5TUR1PD3o2Q6hzYQ+c18ODAdL2DzSZrXnSjgeK7LqktdGoyKndVR+EE1acDU QxRQroIPHC6rvyRdd1lkisICtRMx27q5KA6FM9XLiJVY62IN8Mka9NeQv2V4xcaZ x4LsTuOHvzkTcYdU3v7yIb6qKEj9lNoXA3ASFgB9NYRiFqDg5RRmmMvcLkxjqt93 z9Dnv685HBJHb8fTac+T+c2r2g+TWpLc6uZi0v5QD73WXkopuhRtBVSmvbC/3V8m g/uvJMAGB1GHioJnmjVL01mdpGnSXUhekQ/6i/NvJ4EVFpUx313SZ0ilM+Glu0gu qRjZAdpIJLQcCMas1qM0SAu98SCzdZbNVbyEDDlgdrYAh3Ft2HI= =RU3H - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXm71jWaOgq3Tt24GAQio7BAAk7H3lUIj6FFY+j+PwZMMH3fUtpbUudvK UV0oO+Z65O0cfFEov/24PDqjcJg4nP4nGWPI2FkmRMXPv0stJQSXKxcUqybP3GX5 9c3HYKFw55m9AzR3jdAcfJG/bO/cZGQNHtvYoCWo2Rh4NmRWv3Y1dwTC1mwj1cNt X9GUZnv8AG9yT2AQyv3FcmlDjJ6pCawOt3/j1lua3kxcPNYBw0/cnRmY1XEcKpyC IsF8hzCPn06isOzas1vCBUr3s3LHBySp3gLh9C109s9xmyXYzx44O4h6SU6WERje jTy1iE4rK8YjGOAkcgAF4BCgDzfLs4FEA0ankyKxi5dZ2uWwe8Sm3q5Hqs1rys7o lWlpkb89PB39sBgUFeruljbGg0PlEFCSAhG50JeVx1ZtZKBSYA/OiCOjAmCK/t+V tuWPlTfkO4lQ/wcPrqK2JG5Q/y7xKIcl8PR2jz3ulrkKLftzxWr9vo9q6eNILyyw 4SgH/12q9H8yQqm4xxnfquzAnK1JNjLGxVm/hLGwPNBch4mWtqJ0QUDQlb/irJ5J BQN46scehatw5LWALh2ctxC+FW95K0pUywGwgAbZjd9/jt4A5P1JN2n6+8Zo+IYF jcEfT08MULHQrBN+9yyioJGhqPtktDbcTy1bi+p0i+JgVOJHWJhAO2SpjCkJKM2A UKMMKCqHyiM= =lYkr -----END PGP SIGNATURE-----