Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3170 grilo security update 22 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: grilo Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-39365 Reference: ESB-2021.3062 ESB-2021.2915 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/09/msg00010.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2762-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz September 22, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : grilo Version : 0.3.2-2+deb9u1 CVE ID : CVE-2021-39365 An issue has been found in grilo, a framework for discovering and browsing media. Due to missing TLS certificate verification, users are vulnerable to network MITM attacks. For Debian 9 stretch, this problem has been fixed in version 0.3.2-2+deb9u1. We recommend that you upgrade your grilo packages. For the detailed security status of grilo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grilo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmFKV3dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdmeRAAlbiqx0HW+AUlC1r509FSDWRqSCoMpNCB2q8RqlRiBe0nFywk62iqCRof OBWJcAyZvHjnp0DTdtYI7gDjuGe+6taQYYLLRLIQl+TomH88y9cIEgQ1r5EJUIyy AZLHxVtbxft3pdKe/yv3/fZoe1xliLO6mepq9+mzfrECJnK6Vfum8lvHua5PtTtD Ffywdfkb16SVHucTmAsAHPGPPd4NRuApNAx2OUrSApMt3h/SnfaEWd0fVxrckLHF fjVx8iqOt6TdnJWllJx/9A6HiVcjXdo6Epmbtd6u9IhEWtOfoj3s5o5ZptmSCcYi mE0Sl9osVBWraPPFBVaGt6vKJ2wWIzhQgwUkN+Uw+EkiMkAfOHLAougUNJBTrgAf 42I0MiaQjVgZo7yURfr/6t9ZxWoYx2ndLbMMeF93egyyq9d2kiTJM+7Uv3rPRj9t 2uS8C0thL4mqNpVIyKvZ5PN3ZlMhJxMd1RUBpf19W2xpJmKMoTLxf9VvMChFyvL1 XTYZC35afhzSWVIVn//vn+uEVMLHY6q9h8Y1DtHnmtQgdEpClatWAFKYb4lUFD8M 8cYG9f3isG6Y6DCch47iJnAg/kb6mnYa/2WTKNzI33Cf0Ts0yNueGNVKiGVXKwpt u5YP1cnvuJyXF0i1+AkfltZlK4s4TfNDP5a7yHbWo+3IV7sNhZ8= =glxU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUqTN+NLKJtyKPYoAQjWKA//ZmXCHbUXOaps/8vuJlkFtOmYK8yFg1u8 vEXlFehii5efo9Hw3JQmHApOnMCp1QY3Wmwqnfq22RQSqLaSklWlz1hOQ2B//4wP VrX54pS1CwQ0vgJ8UZyJnjgtCLQhInSW7w3p8ULUurHBpfT+oAHTQFvmnlbgRr0O Fx9hAqPWIth+hKPeblMqYIyDbYX3+V8/CV2a7ffTHzwmqaf2LPXbwg7AwQSmrDE4 p5km4yHvdkyrVvpt6LGm92ffvHBEyBVQcE5luOm6wscd87QTA7HLNujKGEeECABg BpMPmErplDJONziwsS+Yq9tkisCAKo7btDpS7WsGb3T/MXQGy60K8z7Ce6bistnB 4TejnsretK/QEAL54j3ho8RpayB4MeRsW/gxPUCoc3rWfrTgD3/obiAP7aWzz6pa Xus9tLod/wGEUggV/s7psXlP8D8PSTaprBSW/COcjzg4lM8V9vs1cS4cCY5uGnZo 0ph3Udk/fGXHZUrG/118jj9/iMHHwJ9KFAIxbPwUxO42On0utM4KygLAXyFh/7Zg rf0FJIV9M7LKkpBsIjqGZfekk9Q7GIHulTGg4DDTWCgRQUreQ1IUXMIcKZ/bnwJB A73YVnZ0CPFs9XljHnOZzYHvQul7M+clFwK4UwlUxuR1+InRINZITuy1TRzCLCvk fLCeIMiij9Y= =uSRj -----END PGP SIGNATURE-----