Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2289
ipmitool security update
1 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ipmitool
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-5208
Reference: ESB-2020.1850
ESB-2020.0463
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2699-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
July 01, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : ipmitool
Version : 1.8.18-3+deb9u1
CVE ID : CVE-2020-5208
An issue has been found in ipmitool, an utility for IPMI control with
kernel driver or LAN interface.
Neglecting proper checking of input data might result in buffer overflows
and possible remote code execution.
For Debian 9 stretch, this problem has been fixed in version
1.8.18-3+deb9u1.
We recommend that you upgrade your ipmitool packages.
For the detailed security status of ipmitool please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ipmitool
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7alfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdLZw//QPqnmoa9Xnq2pOpiKRtorYNLPbHDefjoZ9M57IsnhPLWGWguWYHa7DsE
c1rZEDsuCJL7etYXQ3YlKeM0cJjf/FMd51BwmpC3vf0BmmlmNFLNr7jxaYnnId+M
9dIyglkfMP9UAba2zCrPOWIgmmjYUGVjf/UBOS/x+A7ee9pFeWjHw+OX2J6rcrEn
iImoIUvw6cniG3otFgYN8rocLj8CtY6srVZbhYr/QHjZjz8n1IaFTLKMSIRWk0AR
cF1fXV4tambhCYAHFcZwwBCsaaGVGFx+iz8A+RFOkeD609LWXG1g3jlvWTeFLBKo
RtQW9GjO04IXFdh0/9gogImosX6ZTJWXC+/pcCcZhEgp2RZmEjyoYKZtH0NN3rMb
LMmchBQ5DbSAkeGH/qBTF+Zpfn/WL+wkjeiBTL+ycFtGQfvQZAqu/Yz5nVU3uqp0
0jNUKbdCaztsWOzjDCQKD8bDQ0vrC5hbMQw37Q/1BCyxbJcXRDjasXv6YYtXzANU
wEM/1V86Jf7FqoGIAMk7KMqneQ/1O+c+Y8O7CKu9Ed2Fd8I8fYTnLZpC2OdU9rKW
7ms3xWEy/IJjKUY2HApv86E4pu4rwiXmPGiVV4px7XUEa0uvENWpjQiHLFu9ykSd
FmIa0DjirCnKwtL7mhHgZqAVMpc84KSHbkkASQqCieBTlHD43vw=
=Gjr/
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYN0VTONLKJtyKPYoAQiWdQ/+I2W5X3A5Q1wI6uAWZqsX0F+Ro7ReWeH0
BwRq5cB8I4esNg3aOpBW9g/pM8MpCnJFFaiCnfG6NSyUsS3m+IvP6fzlj0VXcDz9
eEwWAjn5i0ZoOEr/IARh7cIZeI7P5p+0WSKnGcHiYk3zYgY8NArgtNARd+n8bzA4
nmqcdtkshUDGNW8LP/8G5Oh+HaT8Y9Fp47IEGLDyEgNDlSoJfJN4EmoP++kf0G9a
jCb0VNDbFVP0tFMFGvY22r8aaFnNHK0QhldRQt28qefSZ4AsnP3Ar8QKDGlihsGu
S2fmmRE6tkj6ErntKVgKm/+LsH9rMWDW9fpAyYcsdAOrJ7m9nCpO4aNXKC9IIms4
TdzWUpIZq2CgZkvdYMVawGC0F5n/JYaxSLTMbwHAxwjCK/z47hMwsSgMKrkP+4K3
NI6ivQGfV4DOsQW0iJfH3NVbQyIjUm4rQEM2uPBx51bolNyXf8nJ9YrGHPE+CAyB
I8xVynFTUlk+sP9kCihW4iTLQr8v4rBF0x2Szmc+eWAn8fpBXGW5o/pqaeTJu3o3
2VSFDJezoeaMdXOPJoPGiv0QS0nZhJ+/n0LCfwkWoXhUzGH3uJeEtyJPJw4e6OUo
pAP0jCLtgZ8c4Bv0tl+wd4MNArntJrD/uagazRzOolwAAoQ8CRvnbFSzJcY/0R2E
TvCVGXd6pnM=
=hFPY
-----END PGP SIGNATURE-----