Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0032
p11-kit security update
5 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: p11-kit
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-29362 CVE-2020-29361
Reference: ESB-2021.0015
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2513
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2513-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
January 04, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : p11-kit
Version : 0.23.3-2+deb9u1
CVE ID : CVE-2020-29361 CVE-2020-29362
Several memory safety issues affecting the RPC protocol were fixed in
p11-kit, a library providing a way to load and enumerate PKCS#11
modules.
CVE-2020-29361
Multiple integer overflows
CVE-2020-29362
Heap-based buffer over-read
For Debian 9 stretch, these problems have been fixed in version
0.23.3-2+deb9u1.
We recommend that you upgrade your p11-kit packages.
For the detailed security status of p11-kit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/p11-kit
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvcAACgkQiNJCh6LY
mLHQXQ//YDgTayEeMTasveCEOlR8dV4EougKZjLYohWCDGlFUVIWPVSqtumYfRUy
DtpHbpKRaKYTv8Kd2+hKzYAvRCWoMM5zx6Bqam8w/LaOT140zeRqI1gAo4XTn9zk
vyXczZaXnGbuaMbyIe4h3kZNfuyJDg3OGwOH3Ygb3UxKJIbsN1EiqD+/DfrtQws0
LakKLTwPjI6oO8ZxM9SCAUAB3QS/eKSnDxGrcElnzU3Mq7dRhiilIuD6DVWRlHmz
7ZWizhF0nCvr8agUnrygJwaBblckA9PghmTm0B7dP8GIK7nC2X/FofM1NWGJTnvG
ORcKFqd4GInSuJ59KKs32FTN9GzhMPmEUWkv22bQkquktRBxi4b/5D0CoqRPJmfp
m11nyzQhXQWe0fgpLCRhM2PFOT6g0esaMkSGXRYvEf0TF3zhbp3zC7XReg6oXUkd
eX5393su0tURg2xIHTxtxv6B8xv1ins27mCLxkGL9a6BHQtleSvYV/80fFjU2Q6j
izp3olcPBjJfyCUTxm90YujVo8xfB0AkXJHu3IQ23E9GmdLmKOtu3osZeYbNgvip
99WcxgmyYv1iuo8u7dj3TvZdKEuga4MWTufd+HVuuYtCLpvzOc7q1sZxBsjq8O9D
dtoLFzZ4T2J0e08rWVk8lQeZSj45/Knp2oIkYJChgCAOYNiW/kI=
=BZW4
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/PAgeNLKJtyKPYoAQgT4A//YF9lb81NUlsXfcljZUxIGw3OYpWmTtev
/ZSfXkrx6m3bAoxvOKx5fFT2fA6Jd8sV9yUWOn4bTi/fHQ/3GTdaU3sHw9XUvyz0
eEWafoRIxv2xzKZQrV/kp5wCFAQwZQohz/c62fIGTxqmKfsMA5GSh22Q2XHQQpgT
lcnSPp8PVoQYcc7VThfCCact7UHKMLKbQlrNDIdEtElIFC0r0Zmxdrpr6apdZ8JP
fOfxu/IXLEifi8SOwJ5Bh4el3o5F/3GsnsE+CJhiHlA9oZjfHvFsQiPXO96GFHGx
mL0dKwgzI1kZZhb7n/Fqk8cwWOQmu9AUpq8UzMgw1s1Pa81uTPAyHFf95RWJKJn8
0almTG2ma++tQ/ToZsxEmoQ/rmGGRXdzl2sAYUOHp9k488aEzUZKbtCr9M2yFUgG
eFF5S4JAIJThUf8gE0uvxLi9eljUNiFFWUXGAwAwK3C+ObVUikCxRSz5lQ4wlbZs
wPz7wFTtuxdW/sREWUn/thJybhKDkyT7S6atS35SnmXejSA5mcp39zukV2N6QYaS
eBYrqKy7fTu7rueG3X+6PtPHf14fWAuBJf4se0p7lNUrEn1a8rdwVerhJBtuXDbv
bizZZ3QLpb5M3gSaxOFzs/DqkoRvx1PFhrMQ47xHcBC81WEOlNPjXlz4p2/90hCm
jTmT2vbIHCs=
=vxto
-----END PGP SIGNATURE-----