Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2978
ndpi security update
31 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ndpi
Publisher: Debian
Operating System: Debian GNU/Linux 9
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15476
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2354
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running ndpi check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2354-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : ndpi
Version : 1.8-1+deb9u1
CVE ID : CVE-2020-15476
An issue has been found in ndpi, an extensible deep packet inspection
library. The Oracle protocol dissector contains an heap-based buffer
over-read, which could crash the application that uses this library and
may result in denial of service.
For Debian 9 stretch, this problem has been fixed in version
1.8-1+deb9u1.
We recommend that you upgrade your ndpi packages.
For the detailed security status of ndpi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ndpi
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9KyClfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdyXw//dcH7bPgN7BAbSVczexZ+7IFNY3vPLDDVPQE4qTjxofCt/rPp0ZZD2o5j
LtDvpq0EAhUtKxPZJh/d5YLv8cOewOkU4dJox/YeQWGW8hjCb6yES508s21YKg1D
B+tUZiilFtdoSVM0We4qywX0g450omdlF7kPBkScvjIm/pvnPOVZWuPEbZBNNqnM
ZS46GQpETbLRo511VNQs7vPYOUJz7L0rKq367MZIVV2nXPRuGrwkbuPp/T6xT3RK
pz2FomD8Hy6loOSDoaaeuPDfityAvwJPedUoXqLJA5Yiu45s9ebRaN5TfpdsMxwZ
zjjwLO3QDdFXNNPmWa0cSiqa5i1URQlDgQJ/zmFa05OjKob+oyq4xGFxtY/hj27H
8gjQv88B2qAute6hHwtyc5ePIONqZD3xXo3/8rWQUMXEAVFEhMbYTimjyn8QmhGw
nu9/SNPVctWMzK++Qp+kjsetafPC574IBa8aTtApr1M6Rn+Gu/YT7l0E4dAADQIp
Rso4jACgS/oxL8tc4dwkRrcku8FWWFbHycE0fKADMhbyKilVdYCjsoWz9U04yhby
eDuxwhvFWNCHhrAomijxc4R0OWdYELm/OHBguO0qndFpQg3pVDrMNaXb0rSzvN1s
T7qjTDfRdSjWxpWoKjjDYFFm+imn3xioonPBROat1CbTQO0Eyq4=
=jxhY
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX0x8DONLKJtyKPYoAQjnvBAAnKkdHUJ+Ww2sEmD3RxtmAvHZ1RNKYxDB
5rFJX03+LxQGONBu8X1i4F9FYbJZcnK/3ZGCs4zWMViKfDuPuUFhAqZz7g78Blqt
Jumis9pfrzu+0I529SLMY1NjH7u3cnP0oqJ33cnCTHYTcaA/OliuShG2GXvk0jxu
X3nTzB2ERtLSKnZFBYpernxS3fhsCM+HrKXyNuR6n7DYabxD9406g1NgRxVf+DAw
n2N5wAfNr4bFE+367+KAuAzeDBXAdpE7hmhmzMLRXdRuNg/1HQ2Swg+R65ii/Amk
RBAmnrbpoVv0ol24xgWHNMsYomrGid/3XIYMup4Q9Q9zhOUfglMAGPZKeZqc0lP8
K5Mwm81HekZbFAndSqwJ1UrLFCF7eq5P09IHQUD2E4oZk0y7XWWoIS/dNbxIiMu5
JpEgHSKVm39vI0+zB5gRGYc8AR/u2ggH/Esc27zb9UxZ8wQjs6tAJiEH4hUfJsRN
oWdReDKM9ZO5Gyiyv+v8ailXXjOGUDwDgLkDx5ju6j1A1LyW75dZngnrtqcSaPHG
nHxN8m5g/7qTEKwSkjccnPmE4CcPuTvDQWwt6bZ8m7pxWiYtEEYjos2fKsF8V5eP
2fMuCzD3KOav1cxmlpqo7+qcVcGxbiTHO7ogwyYozk/ET37xMQLISP6xtHQL3mrn
OKS7znZCAeo=
=0WQY
-----END PGP SIGNATURE-----