Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0927
slirp security update
16 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: slirp
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8608
Reference: ESB-2020.0569
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2142
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : slirp
Version : 1:1.0.17-7+deb8u2
CVE ID : CVE-2020-8608
It was discovered that there was a buffer overflow vulnerability in
slirp, a SLIP/PPP emulator for using a dial up shell account. This
was caused by the incorrect usage of return values from snprintf(3).
For Debian 8 "Jessie", this issue has been fixed in slirp version
1:1.0.17-7+deb8u2.
We recommend that you upgrade your slirp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Regards,
- - --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5rXkwACgkQHpU+J9Qx
HlhhLA/9GrRPoZEkZVu3G3S5hkDyxmpR5I3MXoDu/VjkW6QmniGo0ET88tCALVvR
WDfurU7/ZLR6c1tBBZwQmn4lsd2JgQ8F22/JtBtuGJ8VVt/erlYbUXnW8DDq5hhN
5FQjekDW500AEtaE4Oqk4346kjqtB8Gxe6PXKYQ+kA6RepMqrtl4cmgGC1exM6Q5
8GxVseHg5sz4uQNp3sEPswO2CcMnMyU0jbh+cJAq7cwVhURbY42cUz/yM+0Ps007
BQtIUVGv/qzvZsW6g9OodNMgXcdNFLNA/KrmMEppKHFjVoQ/AU50fWMvHyHPR31f
n4oz5TUR1PD3o2Q6hzYQ+c18ODAdL2DzSZrXnSjgeK7LqktdGoyKndVR+EE1acDU
QxRQroIPHC6rvyRdd1lkisICtRMx27q5KA6FM9XLiJVY62IN8Mka9NeQv2V4xcaZ
x4LsTuOHvzkTcYdU3v7yIb6qKEj9lNoXA3ASFgB9NYRiFqDg5RRmmMvcLkxjqt93
z9Dnv685HBJHb8fTac+T+c2r2g+TWpLc6uZi0v5QD73WXkopuhRtBVSmvbC/3V8m
g/uvJMAGB1GHioJnmjVL01mdpGnSXUhekQ/6i/NvJ4EVFpUx313SZ0ilM+Glu0gu
qRjZAdpIJLQcCMas1qM0SAu98SCzdZbNVbyEDDlgdrYAh3Ft2HI=
=RU3H
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXm71jWaOgq3Tt24GAQio7BAAk7H3lUIj6FFY+j+PwZMMH3fUtpbUudvK
UV0oO+Z65O0cfFEov/24PDqjcJg4nP4nGWPI2FkmRMXPv0stJQSXKxcUqybP3GX5
9c3HYKFw55m9AzR3jdAcfJG/bO/cZGQNHtvYoCWo2Rh4NmRWv3Y1dwTC1mwj1cNt
X9GUZnv8AG9yT2AQyv3FcmlDjJ6pCawOt3/j1lua3kxcPNYBw0/cnRmY1XEcKpyC
IsF8hzCPn06isOzas1vCBUr3s3LHBySp3gLh9C109s9xmyXYzx44O4h6SU6WERje
jTy1iE4rK8YjGOAkcgAF4BCgDzfLs4FEA0ankyKxi5dZ2uWwe8Sm3q5Hqs1rys7o
lWlpkb89PB39sBgUFeruljbGg0PlEFCSAhG50JeVx1ZtZKBSYA/OiCOjAmCK/t+V
tuWPlTfkO4lQ/wcPrqK2JG5Q/y7xKIcl8PR2jz3ulrkKLftzxWr9vo9q6eNILyyw
4SgH/12q9H8yQqm4xxnfquzAnK1JNjLGxVm/hLGwPNBch4mWtqJ0QUDQlb/irJ5J
BQN46scehatw5LWALh2ctxC+FW95K0pUywGwgAbZjd9/jt4A5P1JN2n6+8Zo+IYF
jcEfT08MULHQrBN+9yyioJGhqPtktDbcTy1bi+p0i+JgVOJHWJhAO2SpjCkJKM2A
UKMMKCqHyiM=
=lYkr
-----END PGP SIGNATURE-----