Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2220
picocom security update
29 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: picocom
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-9059
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/06/msg00030.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : picocom
Version : 1.7-1+deb8u1
CVE ID : CVE-2015-9059
It was discovered that there was a command injection vulnerability in
picocom, a minimal dumb-terminal emulation program.
For Debian 8 "Jessie", this problem has been fixed in version
1.7-1+deb8u1.
We recommend that you upgrade your picocom packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74sClfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdiRA/+Pde67/hQ62Avy9Ezn5TnHT3Y+V3t95KNZwXRFCzFwSS7tNfch6APJQon
7Pj4t2Az1E8CkBSezJdmBd139/1DNsMDTwqrDkStAoQenr/zC8EcXnF/15Mgh6pW
xk4Q805GjQqmzLOmGXL5h4j6fRIX7b9P5BFkvLbr/+46A2LDsGwZYy8FPx6XQKTL
HDxtDzM3mLqKGr7DzQN2t2LvHwrwNQg2m7JovZmtSSoX/VHc4vkTcvGrc81YuHoi
ZwMnD911Jso+deew68zo3wfsGjir3VO4v4qDNtqLNwA4Uo34scNB2Jj0u6u1odmB
Htf4E1agEaaIsrYWUdJnV39aOlYeHmyXPWGUXqbh24XkL9GzFJGBSoPma8M1f+v8
7ABNWUxv247TCapjKQ8QQY53gpqt58J4UJLVxxN1Owq36bPpVCvgB0ji6NA1iIhp
h4Mtsi68zhJAVWJqsduyM1OVOm2ZED3jtr/MFmHVEXm/9aoRpHYxlqZwALtlthiP
ll4JbNPuKDxZ1LHUXsKET0wdPWWzUu/87jJjmzOjIhbrXOwmdl5KoLqNuNx9AC6y
B6tDgC5t2Fspl38ogNPoVSW/ZeW5S+GvEEogIpatM0txagtHvH1yiIiIJojqynFM
j7rdzCcBSz6dIWTaobnYT0dzELKFn5UoBIdQo43suUYZuEYrKFQ=
=p5ym
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXvlureNLKJtyKPYoAQgd6A/+PlwWYnV4ob/JiDM+iOt5+oQGXoVGpOQ3
uVjf7QDYzxZGzIoTanT3yuvJ/KTZdhCZlc1kU3hf0TkjfVpmp8cITAEME4yNnIPN
so8JyiKR2Dx23DFu453mhJVrLF6/BWYxiokIUe4fMl5K0s+QUy+Xp99BMsTS1Iz7
2cv/aMwH7COoITyYr0lPBdc0Irz+esGoUhXmnqEa/RerZiU/noqshBeiaKSCKSPA
6GZQbvD2wxep3oQLbcCm0WCx1bA93eKqxX6HM3AdsEP9hGbCHYl7z21v0Wf5i//V
prwIrxLWfK9H1QRSBKLfMKSfW+cPPO+l0PI/zKPKVH7q+kH7Y/SkGZGlR8PhdOJn
O+5qQKGsk1Bc/O+EKq5zPIxpDOt65W+IbM8u6s3I6U97vHzkRjwr4PpT30/LEpXL
2/0he/gT1GrUMpqqKW1isbkejXSNeWJY7HCCxIX2Srq7L1vjo4Z/ieckI2gyFuE5
57iiMTK3T0/2v7K9F97R0kYGB/yhImH0+ieTiqNw0zCC7+ivoPBFaE2VwZd/d3vc
up2zeSj8/KqQJcWX0D3dpXAHYtE9VHNuKNEnoHfJtd3Lro2j8jdC/rovEQ2ooNJe
WWoNRYqdqVHRDA00CQQ2I9VHCh+GtnGJY//fQmw6hk66tNiuvT2B+2weGxKtSshp
UWgDU0p5If0=
=5P8X
-----END PGP SIGNATURE-----