Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1951
caribou regression update
4 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: caribou
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25712
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2675
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2675-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
June 03, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : caribou
Version : 0.4.21-1+deb9u1
Debian Bug : 980061
It was found that the fix for CVE-2020-25712 in the Xorg X server, addressed
in DLA-2486-1, caused a regression in caribou, making it crash whenever
special (shifted) characters were entered.
For Debian 9 stretch, this problem has been fixed in version
0.4.21-1+deb9u1.
We recommend that you upgrade your caribou packages.
For the detailed security status of caribou please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/caribou
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmC4x2IACgkQnUbEiOQ2
gwILDhAAuVyLtsAw+iXVuY1tcExwgu/Z5nflVOIrCGKHUXEPiJ3GSUgccAIDaZ8I
uUIF+a4PIOOrKG2pjXUXQkUskKjachQODn5+eZPTvpMd39UCm9iE/uEg93VaW3SH
pXS4JKxCiGgkwPjF4u5NLLW3iHyYRM8FpfZrpYaVV1HkR7oUohakpHwEBuccidoV
afRjRMn++Jn8EzIhMmbuP6/H9haLZi6lldD42h21pW6eGnEq1cRlgX6eURRKo7PN
FJ/E/P4oyxSqQuOASjb+mHlBPushWzYN1mnOj/w/CxwknC3WXbvuV8C1YRiEHLc8
5FRI44u9RXSoIJmEdWaejD6cmHHJcd39A/DTsD+TDv5/pakTLfErnWwdbrnNluuu
wjfB+D+MX7fXE6q8OhqCNXHxdEqSBKzBRAgN3tHdhaIc1f5QXkdeTRbhhrhSFRLX
io7vaLrYc95+ZI/9LTfsX1GMzLVW+qqlGlCrZaXCBTaTYapiStuhgHJptWY+AlAg
0B4drByUs/dB30H72yn96m6k/P14KTQAsQcxQeJMky89olJ9Q9Mk/QzU9jZ2zMa0
OzxbgFzBrhhKL1uGumomh5Fh1kCgfvFDGL/dCB10LN28tdTuv27zMfACqVNqbDul
bZhUITZFtbrgSrTvUbfz3pn2XWsVNf+pJYLQmO/r4Nsvlfz0TwM=
=p48N
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYLmqVeNLKJtyKPYoAQiGyA/7BdklC0qTuV8oVsh+FoOWwrTThHPY6yay
cpJ6fCoM60WMcX/EXPsVHHO6lXYY94aC8D3UCLN6zixuKKDbw70LUzvZ7bZEzetz
Q8ZDQyPvi3CCDUq28Wd2afb4sj5Yho+kPmz/sc9+7kPJkEIarXz3TF4YqP++5qpC
hAqEToaYwOU8nF1C65KW/d7amASV91P++RzQmeYNEOPXSq3IDXDp1KLR36Ia/wIm
FWPxivONLKrlAj4o/ZuEH2WV2G945iyuUvxdzTJhzXg8In9CvmWJFd8oVAhfcs1h
6g48LIrL3+1lce1YqMnruC2a1uzYH9PLvs2da5EObkz9SZBu3ofEnUG4pCV0Axr5
+XCRZE0eE8ti9tMjY8tqDc48gD/3g6oKrD1zB6hIDhlM27vKBwpSfVYIiUcGXViH
twiRDiMRbuwaDeC53kFpx0j/QZpKlGtDRXb3DhM8LLSF0Claiioud+6txHQnWvEg
++R0JrDRmSOllWO0xOf+17euMS268X9w6f4I80zo26OSoye9Kbvozo8caC0bQ/fu
O8mZZFKfZgauqIn4FM78hr7S3GudaVC0cYKRntsON2vRq12/6RWO065qhBlzKbF5
124ic7xLocQ5IyxZ1HxT5i4XsZHxwHhTRgjLAQ2BNp7YK9Xbkw/WKELmdujGy36h
9z3EYMxcfj4=
=kYgS
-----END PGP SIGNATURE-----