Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3933
raptor2 security update
9 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: raptor2
Publisher: Debian
Operating System: Debian GNU/Linux
Linux variants
Impact/Access: Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2017-18926
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2438
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running raptor2 check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2438-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
November 07, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : raptor2
Version : 2.0.14-1+deb9u1
CVE ID : CVE-2017-18926
Debian Bug : #973889
It was discovered that there were two heap overflow vulnerabilities
in raptor2, a set of parsers for RDF files that is used, amongst
others, in LibreOffice.
For Debian 9 "Stretch", this problem has been fixed in version
2.0.14-1+deb9u1.
We recommend that you upgrade your raptor2 packages.
For the detailed security status of raptor2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/raptor2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+mmeMACgkQHpU+J9Qx
Hli+lQ//WHgjnzZ3/3RMe3JonPJGosdd2atiWKnFrhq90JurUB/qlhEr/YYAYbwX
6BHKSyZZ95uqZRqbzRbmzgxEDhu8C3UuldPbO2q5vkmmCRrEVRUHUtw4HmGWGXOo
LQoJttPlvXN92gvh7hBSg3NFtbmfnlAfEQN9ka2xe5WpTG0v21f5Pa/yk1h+KwGl
2KQNmi/oyUzW8smOP3rQ4esLdrR6dlrzfb2cKAQ85UZLv/OFoAMS/3DDjCGu2WoY
11L+K/scqqtFALl4sG5EFS57a7ExDwa4Y2ZCA7RCol+OYXTQRk34lDrHO7fk6JaY
kGJbPavTti9PIgopx/Se/QXH1suTz0JZYAf0PxfZHVfg1jiut7Qh8/0DSta3BZ6v
y1bHzFNeIPDqmo1wNgWg3imVIvY9uU0VYtU28W/qFkXm607QfAqLcIvh6O7CPL70
V58ycLNqiA+B7ZVxslBNW6HxV3ogRiiD3tsv7iXp7/J0PanZ89PkR4Su8oPa76Ir
lB+4uvfMjHc+8QgoxIkbBErexbiFxp+cQ1pjVnl8ZStGpaQ2okCiP10OE7kCcqBE
vJCkFH0ecteE3OCqAwe+z9OV3SAtPO4sfNO6Zw6CKjPBtGzHncqXn2QyTavNqGbS
q7I+8UMaoWFt+/2feWWiBzp8+wOsATozuGawe4alG79lisFbp9U=
=vkN2
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX6i9heNLKJtyKPYoAQhlUxAAlqrnnfkHb2lPgCNUNTIg/OvGZEZDdqZ5
XgQ1XeCwsHwy1ydk6PRb4cM2xapwFnh/GuoyFZEMWO5LPFeQFeM3rwVC3Kc2h9gD
FpwZ+VUJhqS9OguerclInZyhjWV5B1SLiiEO+zhfBl1cIGXDgOOy2znYArevhPdb
wrqJtTsc2/lzzax/D2V3cUcmJ2B6GhwmLxqR5amB2by01bw9enkxXjBzP50H/jvv
mJycP8kwgaNP9/J4Drn2OYDpBT9gYGC0tx2kAf0qB6zsf7W0qpqAJ3fKTn2i6JBw
saLZS24T0SXP6mr/Q01cj60q6b+Pw8sgYY8NGaut9j0XGhSlOPG0w/RaIy4atfeJ
iHL//t53c3pPEVp6yPoqVCZ5wSiimtmIgmGIoqX9CbNBau/1GMqrFImpujiqqYm/
21PTAlyUp9RQbtmJHLnkzGBAX9DJaH9gF+7CUM2iHmrRa1A8kvTvGYgGktPMG9cT
04/8i4I1vcKsqZv8lK88u8xtZGvyqi2osRCVhBAeQlukKbagr7k+/9WYxLl7zusQ
sqcN8Ky0mYsWGo2bknsUT/fII/m2ma9LY99oaLJKOVPdQfoq1bB3pdbOPsO0yzIf
75G2KDKo9LXWxBsE7YjerQSZnbNQE6E/4aVPCmZkxuBdtGN8Q2hIDF3Mp7QubF3i
PFpHePMWwFA=
=41Y6
-----END PGP SIGNATURE-----