-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2284-1 [email protected] https://www.debian.org/lts/security/ Brian May July 21, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : ksh Version : 93u+20120801-3.1+deb9u1 CVE ID : CVE-2019-14868 A flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. For Debian 9 stretch, this problem has been fixed in version 93u+20120801-3.1+deb9u1. We recommend that you upgrade your ksh packages. For the detailed security status of ksh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ksh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl8WDUAACgkQKpJZkldk SvrGmQ//eQV7NZ5AnTL20mZkw1A7ow/kLpnZL4zMycYs40WdpC97r7eOYXGaUhhv DMl/oQryJ5YLA2DgvrfupsIacvIhXKYoy82uMQS+C+GefIqNE4JmqMDkvuFy+9EG /8yVaHVz0VkNrDZPTWvvPb16hhmlI2Ugnpn8sfbNb7T3cRS8X2K+cosQhiOtpz70 LikFfRw6HoFzYXmPD2iNdb/iWVA+Ph6t7ijyDfoiGtZXdSCyi9nbd+noPa0uicoZ 964kh2up5sAtH0Aq9ZIwUK2NuTCyf97Q879UyrB08b2vheO/r1v0IDeAU9nNfOWl +wFoF8j5cLWaRwpIazi1LJi+rtfhmYlw2hVuKIATlQSGqHFVq4jbpcrrNjlxjeQT cxLtpqcwTiHm4BrO4tKiUiEUixHYV1OH9TO+G99zXOK5poQgyN6w7z9V1/qxhNoZ Q+tM+MtiEO4REYJRtbat5VKMY5gDUMK6bblwlzuGUAnr6irt6O+u9IHeCoae309I np5Mnm++jlKgkt0oG2Rf/9MGqeA6v996UF65TRmpCzaTbuVw2IvSSkTTIionzVfd on0FOSBu30pEEKDza06u3nX+jFy4rxx03NFKWrUNEvkmql4OMnbiCDisn3kq51r4 kqhEEsYlJvlMi18AL72IowWHTd6fud21R76kjFHLY0g82UKJnMY= =9+xc -----END PGP SIGNATURE-----
