Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2315
libuv1 security update
6 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libuv1
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22918
Original Bulletin:
https://lists.debian.org/debian-security-announce/2021/msg00119.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libuv1 check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4936-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libuv1
CVE ID : CVE-2021-22918
Debian Bug : 990561
An out-of-bounds read was discovered in the uv__idna_to_ascii() function
of Libuv, an asynchronous event notification library, which could result
in denial of service or information disclosure.
For the stable distribution (buster), this problem has been fixed in
version 1.24.1-1+deb10u1.
We recommend that you upgrade your libuv1 packages.
For the detailed security status of libuv1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libuv1
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDjTqsACgkQEMKTtsN8
TjZNLA//fyXwxX2RIBFMjEApNAg6G02ErmsQGpWyiWF49u+fvaSa3J2BzLSFaohG
pj5Tk86jTvhm3McYavgmxtjii8/HLpGrzMjmaEDlImFU91y4nFHnuUpkD7XvROq+
s7VhY/EB+8U5RNLuExh6CnzuoLh3bgBBHEpFydf93Oekf8USkBLM1yPFdMrL+1NU
doCL+B2W5KcEWnMt3T7WdsxJBWtAlQw785XveZDmnW8vycRA9O24tCMLYBv/4w6z
PhSRht8Df/0bjZAFyFORq7K2CKeO4nWCN2uy9x+iBR49PBHiZ9WPJo6IjlryIRqg
r/zsWmiuSOA3NcHORyh6VSIQ4G7+Z+TTdwcFe9MNjOlnhicAD1hduNhfswVmMppr
wpB7XSA6q4FChWDcUpeckwGVEpMj2y5S1M3Zcx/vYRjRbRGl5k3bULzo7Kh1fHUQ
dG7i7txDfsWvd54002km8ptV07a7GZNVqyb5Mcx7pPdVhLCNvd6A2bOOrYOrMYjW
S7OwkBhx0RY537J1eH5kZyhtgEN3DrnIxVyxLqzEK9qN2EkljxqtiiBuO8TtOuLz
o2gVsvJ8pmPtdN33Eg3DQO3KhHxVkfpEsOv8IR6Yzq+KPuS7R2KNEZ7MCG3AvQGm
ytQhmgLUOInr/FMoib6iWCkrR0hYFr63ynklSOUMR2OFpt+AIqA=
=79Ug
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYOOlKeNLKJtyKPYoAQjW/BAAlJCB7LphXsbStjaSpISLCgd/IGExgzBp
BQGpjy6sYVOQUBFVFmYZAiTeEOX4OXA2F9KsyL2yYLrb9yX69kv4DRViij+J1R3V
EsHhNqZocCQrsqxpWFpPyxH5AAtTit3gbHqPE00d6AAMpO5c1C5Y6oF3OlnkY2vt
aVDPlcTEz6BUc4OdbFPPR/RAmPl0VaCoKsX4ZYlYpfh6fx7qfCdrVW0H0tk5fm6P
MjsHUy7vPdZaGnYJwluxPxzl3l9K7sdytETRDFk98TwzY38KToUTMH7k0tLWtEz3
PQpWY3E72IaKDxDBQx2hyHmrvjYa1w4uWteUd0w6fyYeRHKR0o3ASK8Xfhp4e0Sw
FqBOlVrpZEQFJ2cpLlHmUiZtfvsfZYsnFRby0aDy9J2L2mMCUwQ8GcrP1WQbTVvg
ivpAWR44tmUXr3QuRRUYfJ9gdDOiwMopuh6tp0hqoCXFaL4JGVDlEJr30F2uSzsg
vhLmIUHdTyRuzj6XFjjibdezZKF8QtLZnfp8j4ge33UF+gbTNamBHnRVGeUM3L2n
mqtKzJ3Slu7L3YxgAJZwB7TGkqndQOH5oD4qSGEoQMkLB9KNNlJ7448zIrUNms5n
nseaAzdOdKZ54M2N6htKzhlPSHYZhUA5LnEhS7tJXHGctucN/FgdWMw9j5YU9LWO
qC98mqNJD6w=
=l2ix
-----END PGP SIGNATURE-----