Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2083 htmldoc security update 10 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: htmldoc Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-26948 CVE-2021-26259 CVE-2021-26252 CVE-2021-23206 CVE-2021-23191 CVE-2021-23180 CVE-2021-23165 CVE-2021-23158 Original Bulletin: http://www.debian.org/security/2021/dsa-4928 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running htmldoc check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4928-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : htmldoc CVE ID : CVE-2021-23158 CVE-2021-23165 CVE-2021-23180 CVE-2021-23191 CVE-2021-23206 CVE-2021-26252 CVE-2021-26259 CVE-2021-26948 A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed. For the stable distribution (buster), these problems have been fixed in version 1.9.3-1+deb10u2. We recommend that you upgrade your htmldoc packages. For the detailed security status of htmldoc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/htmldoc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDBLRMACgkQEMKTtsN8 TjZAwA//bsvw4iNAFgAEdFTHouPfF7n/xdB6V78uGiljCcejE9XMlu8yhVBGCkfO xdT0ir/7HCHNm96mdnUJPFrqSQ8N4lMRJZLxwMoTZ9ZvPZ8HpLF/1nbzvSF5vtoD YTvfwcFxQZsnZr1m5DLYOpdRGPRFPicTMffidhW/Y0MzyhiRaoAdjP2iWAoOmI1S 3JRfNinipZPZFZcnZkBK3Tt7OzyPuG/vvrjUMe0+UxFTA3c61g3P9plfIYg6uDtC ZFXLpIwouQMbs7ZaL3+LwmNVrNngfyCWESSBnPQK4HnTLyC7SvLPeHXiBjFq4LCO eue0DxAMls/oxfX2kwGL4754Zhkl0f3PJuYRSlT7aKtNjipQCfayzEzM0F62JpkJ N6jeW81DSl881Z5QHMePtDRCtV51+wB37URDKncfbsjmX2jwulyO2QP6wGfC0ILY La92BzrNb+UjBOON7DVfsmP3petl/mYl/OxDBB+IM7sK6BtBowx6dUFDhiwPwv60 IRJ8Q3notu6ITZhxBGCgtMa2fmIbDYB9eVaC7UEI/CKjJb8XLx7P7csMZmJMEUUf JGgQy6pkg0uPWAjdOg3mUYpuGCFdHqtpZ5RxQtl31t6dyQ2kuQsTEYNDqTmpHsw1 Azh/bpDRKEKPUHHYkmkYfQyLLRjNNyIBbNqB+ZPYA0d+3GmxL38= =AxaN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYMGRsuNLKJtyKPYoAQiEKw/7B4QRTf+7+jh68Z7XVT1TfpMuivOfUAN1 e3WbUEznbOBA7pgtGsZldqSF6uMOjCioNKg8nbnj8w7z4qYw3bKk1OOzUH2tbY+w RwlsM3uaO4Uym/blPGnka5IaHjlKpvjdANfI5WopJJ3w8nVsk02x9sMBxKUm5rpM oy/hd5+pRt4KrodsPpAVTSsRIQ6xYnzb1yMlhq/u7bXRmIRdntA+XCsIcFKGodWJ C/8YjRHxV0uoZ63UXcGlS1BRuDlgd523GOtGq5BU8UeDpahJ7ld8EJ+H/r2A6eUv 8hZnsrh8+dH4T6aHM7g69HbU8cXMlyURHQCIrMFM102Vzlut5+YdZtoIOkofOqM8 G0VNFNE5YHZ/qk3gCt92eAZOFbBT9UNijJ2GKNNxKivgvgub0PB8vY5dzMsXFt5H WzBg+rw+2gXChXdu9OoBG8hSjGBfOaPwJol3v3OeishByVRqiwR6M2R05k13+m2k NVxl4LouOVo+Bans/xVueokJSGqPs2xB4RzRsJP73ddZUuNuEuIZ0eLCUvUDuDSb 4o4ooLQF06gYEqDTA8zzU5CDRXdwWSSqgN9BAjZXsQqAmKH+ZbPp2yBwP08M5e6V 1sGGF/j9JI6ZK1r56UL6oCfsbJDDPCzRQ5492lW0wgBngYhChotxf3DQ7XkpZUJa 8qaTkXGIyko= =OPX8 -----END PGP SIGNATURE-----