Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2521 admesh security update 24 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: admesh Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2018-25033 Original Bulletin: http://www.debian.org/lts/security/2022/dla-3019 Comment: CVSS (Max): 8.1 CVE-2018-25033 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3019-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky May 22, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : admesh Version : 0.98.2-3+deb9u1 CVE ID : CVE-2018-25033 Debian Bug : 1010770 One security issue has been found in a tool for processing triangulated solid meshes admesh. A heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c was detected which might lead to memory corruption and other potential consequences. For Debian 9 stretch, this problem has been fixed in version 0.98.2-3+deb9u1. We recommend that you upgrade your admesh packages. For the detailed security status of admesh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/admesh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmKLAnQACgkQ0+Fzg8+n /wYpLw/+KtBi5ChsLMU1jLZjls+VLfnHQqHPignYNTSW7uFLnI/VDRo81PVYE19f LqzNbfo8xYsEBrUyiYpd9P0D5luaYBwxPrsQr7stfTlIUrVEVpgHFBPHYmXOA4Vj EI9K0wYLY7FVJyiC/Ry+qlSx2PMd48QdIt2ILD1EoTHKccUWUR0QJotvly5s1bvA 9B2Yxm32jGRmKpS78FZoT+FGI4XGEzOdufdCVGaMeTCeSpUd8EPla9vycQZ1tz9c M283aFNWYSDCZUutlfbfbnx9CmgvH/W59jzyOjdch03+kvN/qz48t1ApYpynSBtj 373R0D3SkRHzLo4i0NYKW5Mtnxw9sQYNvPSMQjdSlMjKE5Z7nL0sUckEqGJS+9nW J4vSCya37H9JFv68G3E6XR8hr0RAS+dg+65NshrYJgLRwNE0VcGLQP2ZVHZYubyE rUfk6V19DV/pjtUKSdazDOC5pUBp/XlsQ6FWuIYc4qyvPzYs0gj14zn1S5/D9V/i agh2o4qxqTHrRGMw3QYbArL7Z7XuxvGSKUnJW79OCHgtO+ikIA+l0tjbn9wJLAjb RJ/IGAIRHWewoxMTbAB5gHMEFPIaTVIKT71+j9k18yHveNxg6mtLI/vCEbjI1H7t 9+WVEL8T4J/3MCNaNCWWZFdbYJFt9TGb68KI1XciWM5ssmnPE3c= =2Q17 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYowV0skNZI30y1K9AQgZdA/8CPRyEdNuB3LkACYmIeC/jt/Ac5qInRC1 OIJZ2/jigrXPUtm/Sy9JXtG24sSWQ701lGqquJ6WNtQYuM1jfwlXbn/4zxs/QjCw gpqSoXY3nRY1tBZnH4qlQAxoqX5hXyuka7rkRWE8zsTWjrG5WIClAhMVSgI8z6ji BS/gLmuZHo/xCgtk/tzoywACAABITYDZoP1MpHWAZbx48daLKwytA6khOZ1JqBwF /tlAF10ScoSOfPTL1i1GKV5MGnB/ZIDmczZRmQTrQU8BUwPbTiMrNL8htvP6kWeC UWB0CgTgZmRKcEiXFcnYD/aTB6nCOrbXNc0bsEHgxOg6YVqf6mnBajM5+13FfK1O QgWrRuvLtXraAo1LKiOZbhGVxPF4cHJIHDfAHHg8qqGpdQ5awieV6T+rtHq4X8ix Ri+CCRYIMvb2q5ZQIK+fCz0u87Fq/SRUEoHa8/dOe2WK1xrn/t4/Bcu7IMHC1fds YGb3o0WZ64sgiDCTmwQ0q9ew6O9ZCXLxGbOYBG8HZBV+UB/DquqN3QXGCT6ymgdC uZWGjuQ6earGv6QqtENv5euvb+MfYHm1JtroopN7ha6jDFjmFaUL5YmtHeniEi2r TkEwS1Yzbofvk+AEhXDu5MKsVB655HB535eiut4EMe9diSWU3qJ3w6XEBGgz6NTU NsrQrf0ia2A= =91nW -----END PGP SIGNATURE-----