Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2289 ipmitool security update 1 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ipmitool Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-5208 Reference: ESB-2020.1850 ESB-2020.0463 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2699-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz July 01, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : ipmitool Version : 1.8.18-3+deb9u1 CVE ID : CVE-2020-5208 An issue has been found in ipmitool, an utility for IPMI control with kernel driver or LAN interface. Neglecting proper checking of input data might result in buffer overflows and possible remote code execution. For Debian 9 stretch, this problem has been fixed in version 1.8.18-3+deb9u1. We recommend that you upgrade your ipmitool packages. For the detailed security status of ipmitool please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ipmitool Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7alfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdLZw//QPqnmoa9Xnq2pOpiKRtorYNLPbHDefjoZ9M57IsnhPLWGWguWYHa7DsE c1rZEDsuCJL7etYXQ3YlKeM0cJjf/FMd51BwmpC3vf0BmmlmNFLNr7jxaYnnId+M 9dIyglkfMP9UAba2zCrPOWIgmmjYUGVjf/UBOS/x+A7ee9pFeWjHw+OX2J6rcrEn iImoIUvw6cniG3otFgYN8rocLj8CtY6srVZbhYr/QHjZjz8n1IaFTLKMSIRWk0AR cF1fXV4tambhCYAHFcZwwBCsaaGVGFx+iz8A+RFOkeD609LWXG1g3jlvWTeFLBKo RtQW9GjO04IXFdh0/9gogImosX6ZTJWXC+/pcCcZhEgp2RZmEjyoYKZtH0NN3rMb LMmchBQ5DbSAkeGH/qBTF+Zpfn/WL+wkjeiBTL+ycFtGQfvQZAqu/Yz5nVU3uqp0 0jNUKbdCaztsWOzjDCQKD8bDQ0vrC5hbMQw37Q/1BCyxbJcXRDjasXv6YYtXzANU wEM/1V86Jf7FqoGIAMk7KMqneQ/1O+c+Y8O7CKu9Ed2Fd8I8fYTnLZpC2OdU9rKW 7ms3xWEy/IJjKUY2HApv86E4pu4rwiXmPGiVV4px7XUEa0uvENWpjQiHLFu9ykSd FmIa0DjirCnKwtL7mhHgZqAVMpc84KSHbkkASQqCieBTlHD43vw= =Gjr/ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYN0VTONLKJtyKPYoAQiWdQ/+I2W5X3A5Q1wI6uAWZqsX0F+Ro7ReWeH0 BwRq5cB8I4esNg3aOpBW9g/pM8MpCnJFFaiCnfG6NSyUsS3m+IvP6fzlj0VXcDz9 eEwWAjn5i0ZoOEr/IARh7cIZeI7P5p+0WSKnGcHiYk3zYgY8NArgtNARd+n8bzA4 nmqcdtkshUDGNW8LP/8G5Oh+HaT8Y9Fp47IEGLDyEgNDlSoJfJN4EmoP++kf0G9a jCb0VNDbFVP0tFMFGvY22r8aaFnNHK0QhldRQt28qefSZ4AsnP3Ar8QKDGlihsGu S2fmmRE6tkj6ErntKVgKm/+LsH9rMWDW9fpAyYcsdAOrJ7m9nCpO4aNXKC9IIms4 TdzWUpIZq2CgZkvdYMVawGC0F5n/JYaxSLTMbwHAxwjCK/z47hMwsSgMKrkP+4K3 NI6ivQGfV4DOsQW0iJfH3NVbQyIjUm4rQEM2uPBx51bolNyXf8nJ9YrGHPE+CAyB I8xVynFTUlk+sP9kCihW4iTLQr8v4rBF0x2Szmc+eWAn8fpBXGW5o/pqaeTJu3o3 2VSFDJezoeaMdXOPJoPGiv0QS0nZhJ+/n0LCfwkWoXhUzGH3uJeEtyJPJw4e6OUo pAP0jCLtgZ8c4Bv0tl+wd4MNArntJrD/uagazRzOolwAAoQ8CRvnbFSzJcY/0R2E TvCVGXd6pnM= =hFPY -----END PGP SIGNATURE-----