Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6201 mujs security update 29 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mujs Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-44789 CVE-2022-30975 CVE-2022-30974 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00262.html Comment: CVSS (Max): 7.8 CVE-2022-44789 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5291-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mujs CVE ID : CVE-2022-30974 CVE-2022-30975 CVE-2022-44789 Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in version 1.1.0-1+deb11u2. We recommend that you upgrade your mujs packages. For the detailed security status of mujs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mujs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOFDJYACgkQEMKTtsN8 TjaAig//ZqldnlH6KJxGSEtnKDeH6ep71yuIrKCTe1D0Y43ZW/NEkwkY9dAXxYO0 np5uz7BqTZwgyU17nHuVD9TKvO0shPdMQw1qHI1kza+16w1g5aJ4QWKtURFQjJ7r b/BS3HgGCBRjQ7NVM126WzVNobiBnkrJqab/Bsi7vvZdu7KPubXpc3OivwAa4uA9 Dfb7awFoZTTS8eunAH8hKl6/UiY7rTXrQuLBinXeIiNPH38aeEKr+9MWehSRdEPs T8tQoUsE0HYj0pgj+gAu0IZyRwz8O/9mT909N7vUgqHDsTgC0ej5+MTSTM50s5aX MGBOAjQTpx1eRJePylo3T0RhsV/LM2rF9Jx/7PSuiX+ySqYkHJgLll846RxWJfQL HdIY6Nx6Jkk4gAxIFPEa+Skum62zZTg1QUsCHC0sJizhn5Jtlj4EfwusbMDJm734 JNkXHZ5kV8zl0piDK4F546p8pB0AuLa2iWiy4kz8TOxwQ6f5h+UrCnWG/jvAtgJw 5gADyjmoxsAZMIdKe3Xb4n8fGE8LX1qutYkx2k857ZAJXNrJUPycmcYozy4KOAlf 15Aj6vzrXhgEjUFJCppOUMosOi01pMSmC7HhKjnpyuGJwU3auVkHaCemmyck6y6B fZwfxU/gRE4x5GFlIH3GTuWrYENUvpxI4weInZb/xbEWWouwklw= =oEne - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY4WjkMkNZI30y1K9AQg5mg//ZZfFUfa9+XQBGbgwP1j5RW7nfphnE6bj uHvMYM1hK6Xj/X3Ocwd0PTUzYfjxhwd/t3Ve5MCPHiUc3eZIjepaCocinReFQDAB 6spAGsotRCjrAzUiLNSyjdLfTEX+J1x+Nh8VHzxXswXt/3h3p+tkfCSYwzzwawkF 7XW466Ycz7FXjMv7Q6CR45lYgBf0S4yiSd/xOprG/qVdjwpkkXfDjdZF5opQ5T47 hcyx/aHozMiCtJ7Q0XggrKJGSR5SCR9UqcLLIEijAspefd5KHxbqNXw/oE8Ul4wi /zBJRKvIi9qtISnVav6OWD2ao9YjTWwRmFvWdmkE3ub0VM9VFnVJhrRbY7QjXady +IWG5mkQ9a2i0wZEnH1Gd4AwAODoOp7j7yt3Rf2WU0n66pEunKyU2gP4xFMqpSc+ TBwZx2IYxx26Dk4Cb2QefNBMFPexV5pZn5A70VyBmCXB9XBMophlb3zVOxiCuHot dNlkV6eqkXKtoas/gLq6KbRFPETLlSOBSiT7dsYZUW/lX5UVat6J8Um0rc946T0A kn5nksepIXUmvEtVp77pDTeCzayDB698FVZ1n/LbUSZWAubfXsK6KqnZRlAaP9DB v4dDmrzZRG2sNtd8ZvfVdpr/V+VGIQRs9t5MefQQfjuErfLAJATha30/CW5B835D qkHqnWY8BrY= =H2OT -----END PGP SIGNATURE-----