Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0460 slirp security update 10 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slirp Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-8608 CVE-2020-7039 Reference: ESB-2020.4502 ESB-2020.2241 ESB-2020.0371 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2551-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz February 09, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : slirp Version : 1:1.0.17-8+deb9u1 CVE ID : CVE-2020-7039 CVE-2020-8608 Two issues have been found in slirp, a SLIP/PPP emulator using a dial up shell account. CVE-2020-7039 Due to mismanagement of memory, a heap-based buffer overflow or other out-of-bounds access might happen, which can lead to a DoS or potential execute arbitrary code. CVE-2020-8608 Prevent a buffer overflow vulnerability due to incorrect usage of return values from snprintf. For Debian 9 stretch, these problems have been fixed in version 1:1.0.17-8+deb9u1. We recommend that you upgrade your slirp packages. For the detailed security status of slirp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slirp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAi9w1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfBDQ//bxMDkVDJT9fYMpFJGb8EHVMYJPBJSzg+XI/Fb6V5M79CAR7nRvcwIkHo bmZ04gxmhDy1ImvnAS+uj1qEE+TMpIHgDBgfr+Ua92Hut5rEkeIKcUCqyB3bihDl eXjffAuawjhV1f9yIKqUxviduY0xwZwU8A35x3bV+SfeKcOxqhBIIduvWr4Il4Z4 QSMUNsxCY+WyJ83g1NJyQyJJ2WwU9NUL+A8LiEwyNIg/13vt4TGEVb50snPYuHSV LgamAEtkqR4ZcCwGiuvWlGDpnScyS619iga+pedhk4GhSuDW4P84W5jOrHTm6xZ9 safiuXTw5Bg1NqnXOl1UFu63rnpc5wXYAKad8vVthVZu5pno+9+rlVMyLkcPi5xI joSzPFtbvWuep6bJmbz/qwVjvDISDJEh504FbVPzpfosPoI48ASfb5WdwYMMfvyC rpDCIiU/b7/pq0f0Q8rQkHrWPQsaZjOBJ2Gk+rP7Il/tUO6q83no81sGzUcPRWzN 4poCNeudCW5gCrNcd1bkGz9Gg1CK6+VZvq677ZtJL+UM6u0YPsA6yXVOkLwrWuuA dr/P8NScCQ3ofyeBdoaIqhWzE5onyhIFX/VVhWMe0xXrm/wsNEZm8srdzEHqqd9k aEVdohKyrSHrxZaG4Rt+dLPnKc8zFfw2qX/pST8UkYPBXKB6+nQ= =j1K9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCNtO+NLKJtyKPYoAQgPERAAm3g11b4DByoohWF5IspxmPDCsK1xJZ9q CYF7MpMrERHGuMNtACx+fioz+tudxuOhzaExQ17rtwRrLX5xLI5+y+gJ4FIHlIiH ASHox/17uWT7rBKm0baI1Zi4y6U+4LkFIvbSleF5gqfONRmCkeEwZ/tyiX2I9WhW GosYm4XNRhqm7pjBYWyOZejPrGeGSodgjLb/DRzCOegQX7msT3fpoJHq5WfYVjti 8EAgzg41i4gh3AUseS8gia37lJL6jYKNuUsMr3yIXUCsIFt0ogpZziTNGeeLQyCm d7oftlYwFo113Rf2+WVjiQcnJHlBBd8fdLjRBhrBic+Kca8pyXlZjZ4K/JGIeOS/ L+aUptxXz6CQ4SzxNcnP+5dqitSpno4eCg5hGEpU+f5wrclGcm4uv3Xtf2vR9JNd 3/5hV7suE8fYqAXr+JXGxWlszjhIvs6WORwcyxYtuM8WT0sC4kBcxH3qF6RDYfFN TTokF+vO6Tyv0L05DxRAMtTs5bVpDrIcSLbcOrf0QZgEneQiEJIBWumPq6Dhk8vV StDsAebLxjHf1Fb7vd2+tSJE3wTat+kWquBfRewd9T+mWFvjzFDseMeYEwGPvqTb H34TLduwj20xoPncR/GTdV3WS3bMInFoFrDZ1uY+XKbGVONSikaeccUcvk9uYts9 UYrmZOrY0H0= =nBGG -----END PGP SIGNATURE-----