Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4093
packer security update
19 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: packer
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-9283
Reference: ESB-2020.4067
ESB-2020.2792
ESB-2020.2377
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2455-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Brian May
November 19, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : packer
Version : 0.10.2+dfsg-6+deb9u1
CVE ID : CVE-2020-9283
golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in
turn requires all packages that use the affected code to be recompiled in order
to pick up the security fix.
CVE-2020-9283
SSH signature verification could cause Panic when given
invalid Public key.
For Debian 9 stretch, this problem has been fixed in version
0.10.2+dfsg-6+deb9u1.
We recommend that you upgrade your packer packages.
For the detailed security status of packer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/packer
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl+1i6kACgkQKpJZkldk
Svoj+Q/+MCj8B1I+bFcG+bv05XwnCk5sgQgdD5fNdWpJ3W8hVc/l2IYdEk0SiyDE
SMJfBy5Q3Ttq0i0oo0zs5BrHY3+3fsuBZSKzSHxfL0AURheIk6xuKQ33mG5x5elO
eABqUE6sXasaqTy1QR/MT9JAiRpkMPHyQCuWyP95fJQJwdf77fhS6RpeyqsVeVI6
MsS6Fn8VYe0e0GiB3udXRwiMFxfMLXbBFL1XVYK1L60TqhgljoCgXhbgnlPacFXm
5eheDHJfBx0sqtOyej2n+JqLIZJYfVkxFezt04hyG4L5861BfeEby/Q1avEI7Gjp
ZeUxQKUgODnpmZhc4pK2xxGBdT35PSF7YDLqkWXyLynOW4v83u7WjRbxSXcF+8EE
bl5zfP75Z02cX1xOAZo1KnByLkBcBoIUeBd0KNjRMFcmRA4EgSrshKlA084Oa3ui
qoUOuoo/Bxl2ZCjaLAo2aZB8zGGIiJPRNV0L1CXjAA2QrTY/IszglNQpn5J7h2Ga
9zRRh4z29tHj7aT/DYKgVpxtsdSHEkpYEZriQb89AQs57ga4Y36zL9hlG0YmwYPp
0tMY/1993hpC65dPRHRKndKq9p9b+xsuNVGVKLpr2vCoZUQtJh+OEP+8HT1GqEY5
Nv9SZ3Q5e/SbhYLHKCXT2XDklszgEjrJfe1UIV7hKP5mZjDenC0=
=+L0M
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX7XFEeNLKJtyKPYoAQh1fg/+P2fu3m/A+nB5G561SUdjrm/BfTug9nCP
cX/Bg7mgBAageixaScyMUbP+EQ6q7BDYLncq6W8CDuzFua/uHWU19FkSIPMnh2CR
aecS/arzulr73sVA5eTnixMVwl8LDS45AbU3ITVz57duyvCn+BOiIEMFJHZUI9dk
ycx7Ge8OeTO0Dtl5Yd9u365bjXh9dh+gfHT7NU+WIZGhRfxWL8vG6R8qwUgs3UoS
A8zXIW0+vqDsOmLUb4TEpCxIQdvGTGzwAi3pGIOS9wvdsDJkVOAUUW2mfm63wQXK
eSjNz7UjByy8iQPJqWXxN0L6a3MXvJDyMi1zqt4bhjcdOHv+vUKBqYi39Lt5Bnt7
oG3NjAabvd5/A4KRnTuW78utL5yuC6QSJKUSPnfgj4FyTev5ROg8hvQ32wdOcQ1n
L1EgrZsi8Qfh1mmJfrKJFGfaLsAscb5ZPlno2BSrHyTPLrwkVzTVGViruwxpOPY+
i+qZvKInxd+qwcjAf+h1+ZIWFcQOnwEZAnpbWDJ9akiTHoejuEsODpzSmx5T3gcY
dppUtl9t5q8+xpUpJKxCcnPafo+NvDin5tuqHoiJv6Gxzx/H7RK18sDeAD30F6Dd
7/4wRluJaAJKu416g9CaMRQ24QAdIEvM0DqaTiGg5EDVO3k2cypKLWaIVtOSMAZO
SpFqa3JL2w4=
=04n6
-----END PGP SIGNATURE-----