Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1951 caribou regression update 4 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: caribou Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-25712 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2675 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2675-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 03, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : caribou Version : 0.4.21-1+deb9u1 Debian Bug : 980061 It was found that the fix for CVE-2020-25712 in the Xorg X server, addressed in DLA-2486-1, caused a regression in caribou, making it crash whenever special (shifted) characters were entered. For Debian 9 stretch, this problem has been fixed in version 0.4.21-1+deb9u1. We recommend that you upgrade your caribou packages. For the detailed security status of caribou please refer to its security tracker page at: https://security-tracker.debian.org/tracker/caribou Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmC4x2IACgkQnUbEiOQ2 gwILDhAAuVyLtsAw+iXVuY1tcExwgu/Z5nflVOIrCGKHUXEPiJ3GSUgccAIDaZ8I uUIF+a4PIOOrKG2pjXUXQkUskKjachQODn5+eZPTvpMd39UCm9iE/uEg93VaW3SH pXS4JKxCiGgkwPjF4u5NLLW3iHyYRM8FpfZrpYaVV1HkR7oUohakpHwEBuccidoV afRjRMn++Jn8EzIhMmbuP6/H9haLZi6lldD42h21pW6eGnEq1cRlgX6eURRKo7PN FJ/E/P4oyxSqQuOASjb+mHlBPushWzYN1mnOj/w/CxwknC3WXbvuV8C1YRiEHLc8 5FRI44u9RXSoIJmEdWaejD6cmHHJcd39A/DTsD+TDv5/pakTLfErnWwdbrnNluuu wjfB+D+MX7fXE6q8OhqCNXHxdEqSBKzBRAgN3tHdhaIc1f5QXkdeTRbhhrhSFRLX io7vaLrYc95+ZI/9LTfsX1GMzLVW+qqlGlCrZaXCBTaTYapiStuhgHJptWY+AlAg 0B4drByUs/dB30H72yn96m6k/P14KTQAsQcxQeJMky89olJ9Q9Mk/QzU9jZ2zMa0 OzxbgFzBrhhKL1uGumomh5Fh1kCgfvFDGL/dCB10LN28tdTuv27zMfACqVNqbDul bZhUITZFtbrgSrTvUbfz3pn2XWsVNf+pJYLQmO/r4Nsvlfz0TwM= =p48N - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYLmqVeNLKJtyKPYoAQiGyA/7BdklC0qTuV8oVsh+FoOWwrTThHPY6yay cpJ6fCoM60WMcX/EXPsVHHO6lXYY94aC8D3UCLN6zixuKKDbw70LUzvZ7bZEzetz Q8ZDQyPvi3CCDUq28Wd2afb4sj5Yho+kPmz/sc9+7kPJkEIarXz3TF4YqP++5qpC hAqEToaYwOU8nF1C65KW/d7amASV91P++RzQmeYNEOPXSq3IDXDp1KLR36Ia/wIm FWPxivONLKrlAj4o/ZuEH2WV2G945iyuUvxdzTJhzXg8In9CvmWJFd8oVAhfcs1h 6g48LIrL3+1lce1YqMnruC2a1uzYH9PLvs2da5EObkz9SZBu3ofEnUG4pCV0Axr5 +XCRZE0eE8ti9tMjY8tqDc48gD/3g6oKrD1zB6hIDhlM27vKBwpSfVYIiUcGXViH twiRDiMRbuwaDeC53kFpx0j/QZpKlGtDRXb3DhM8LLSF0Claiioud+6txHQnWvEg ++R0JrDRmSOllWO0xOf+17euMS268X9w6f4I80zo26OSoye9Kbvozo8caC0bQ/fu O8mZZFKfZgauqIn4FM78hr7S3GudaVC0cYKRntsON2vRq12/6RWO065qhBlzKbF5 124ic7xLocQ5IyxZ1HxT5i4XsZHxwHhTRgjLAQ2BNp7YK9Xbkw/WKELmdujGy36h 9z3EYMxcfj4= =kYgS -----END PGP SIGNATURE-----