Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4093 packer security update 19 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: packer Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-9283 Reference: ESB-2020.4067 ESB-2020.2792 ESB-2020.2377 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2455-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Brian May November 19, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : packer Version : 0.10.2+dfsg-6+deb9u1 CVE ID : CVE-2020-9283 golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2020-9283 SSH signature verification could cause Panic when given invalid Public key. For Debian 9 stretch, this problem has been fixed in version 0.10.2+dfsg-6+deb9u1. We recommend that you upgrade your packer packages. For the detailed security status of packer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/packer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl+1i6kACgkQKpJZkldk Svoj+Q/+MCj8B1I+bFcG+bv05XwnCk5sgQgdD5fNdWpJ3W8hVc/l2IYdEk0SiyDE SMJfBy5Q3Ttq0i0oo0zs5BrHY3+3fsuBZSKzSHxfL0AURheIk6xuKQ33mG5x5elO eABqUE6sXasaqTy1QR/MT9JAiRpkMPHyQCuWyP95fJQJwdf77fhS6RpeyqsVeVI6 MsS6Fn8VYe0e0GiB3udXRwiMFxfMLXbBFL1XVYK1L60TqhgljoCgXhbgnlPacFXm 5eheDHJfBx0sqtOyej2n+JqLIZJYfVkxFezt04hyG4L5861BfeEby/Q1avEI7Gjp ZeUxQKUgODnpmZhc4pK2xxGBdT35PSF7YDLqkWXyLynOW4v83u7WjRbxSXcF+8EE bl5zfP75Z02cX1xOAZo1KnByLkBcBoIUeBd0KNjRMFcmRA4EgSrshKlA084Oa3ui qoUOuoo/Bxl2ZCjaLAo2aZB8zGGIiJPRNV0L1CXjAA2QrTY/IszglNQpn5J7h2Ga 9zRRh4z29tHj7aT/DYKgVpxtsdSHEkpYEZriQb89AQs57ga4Y36zL9hlG0YmwYPp 0tMY/1993hpC65dPRHRKndKq9p9b+xsuNVGVKLpr2vCoZUQtJh+OEP+8HT1GqEY5 Nv9SZ3Q5e/SbhYLHKCXT2XDklszgEjrJfe1UIV7hKP5mZjDenC0= =+L0M - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX7XFEeNLKJtyKPYoAQh1fg/+P2fu3m/A+nB5G561SUdjrm/BfTug9nCP cX/Bg7mgBAageixaScyMUbP+EQ6q7BDYLncq6W8CDuzFua/uHWU19FkSIPMnh2CR aecS/arzulr73sVA5eTnixMVwl8LDS45AbU3ITVz57duyvCn+BOiIEMFJHZUI9dk ycx7Ge8OeTO0Dtl5Yd9u365bjXh9dh+gfHT7NU+WIZGhRfxWL8vG6R8qwUgs3UoS A8zXIW0+vqDsOmLUb4TEpCxIQdvGTGzwAi3pGIOS9wvdsDJkVOAUUW2mfm63wQXK eSjNz7UjByy8iQPJqWXxN0L6a3MXvJDyMi1zqt4bhjcdOHv+vUKBqYi39Lt5Bnt7 oG3NjAabvd5/A4KRnTuW78utL5yuC6QSJKUSPnfgj4FyTev5ROg8hvQ32wdOcQ1n L1EgrZsi8Qfh1mmJfrKJFGfaLsAscb5ZPlno2BSrHyTPLrwkVzTVGViruwxpOPY+ i+qZvKInxd+qwcjAf+h1+ZIWFcQOnwEZAnpbWDJ9akiTHoejuEsODpzSmx5T3gcY dppUtl9t5q8+xpUpJKxCcnPafo+NvDin5tuqHoiJv6Gxzx/H7RK18sDeAD30F6Dd 7/4wRluJaAJKu416g9CaMRQ24QAdIEvM0DqaTiGg5EDVO3k2cypKLWaIVtOSMAZO SpFqa3JL2w4= =04n6 -----END PGP SIGNATURE-----