[SECURITY] [DLA 2852-1] apache-log4j2 security update
- Debian LTS Advisory DLA-2852-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany December 26, 2021 https://wiki.debian.org/LTS - Package: apache-log4j2 Version: 2.12.3-0+deb9u1 CVE ID : CVE-2020-9488 CVE-2021-45105 Debian Bug : 959450 1001891 Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure. CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. CVE-2021-45105 Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. For Debian 9 stretch, these problems have been fixed in version 2.12.3-0+deb9u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: This is a digitally signed message part
[SECURITY] [DLA 2851-1] libextractor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2851-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: libextractor Version: 1:1.3-4+deb9u4 CVE ID : CVE-2019-15531 Debian Bug : 935553 Invalid read for malformed DVI files was fixed in GNU libextractor, a library that extracts meta-data from files of arbitrary type. For Debian 9 stretch, this problem has been fixed in version 1:1.3-4+deb9u4. We recommend that you upgrade your libextractor packages. For the detailed security status of libextractor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libextractor Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIxbkACgkQiNJCh6LY mLF6eRAAlRIutXMZIvGM67b1xFnKqLMSrMw8YtErELWFNi25x8qV0fELQJbGQQJw ycdm6Nb1BMSbMOzlkKbhJ9pF7U3WSvD9JVlmRPs0BHAB8AiDAbZEk5EaSU6nE1bI U/J57XYXU9+LZnuC31EXP3YYaTzr9RHw9OkbRf66SfVF79wT0Pya/iBvBjfI0qmV 10k8JqIwDyileioDbFALqU+J5L9MeQoJ/aJO3OsJB8h13+KwB3+TbJjQTC/3yI5h 0Wa6390fbd3jOtVBJ74ViG6Ep1cNnERX38Aa6DN+88PeYBS4CMlxQ7Gzxk/iBpP8 Tx9QOMkNWoh7I9oZo3eOJ3eksseCzKQOuzDgZ5yQv/C9sXCt5EFIOrkUB/S71wuX Ae/h6OyGQwnjnZJZLg32Zr5AK+YKvLPb/l7fZANI7/c0ADXAH2oMyDTSJ74FDQZ4 7uTI4wHqjX9RYYz18vZTTSaI4/oan6ee19B7dMmH1X1DTxZvG+7TJKDyjJgou7Mv wmwTl+/O4Bavq4G+D5YOFkJA7jIRH9lZfYG5jJcom72mHBn0DpBtklUApNGqbns5 sq+J1JwC1TmhWFPysQMSHngyfCBe1dNE2pgUaP8tIraMwWpK7IzQdjx3Q317kghl EcfJzd9foBSuDnlNAGdLqtl8lN95bCFRYVk2VFb4gdfudGfV6/A= =IkFl -END PGP SIGNATURE-
[SECURITY] [DLA 2849-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2849-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: wireshark Version: 2.6.20-0+deb9u2 CVE ID : CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928 CVE-2021-39929 Debian Bug : 987853 Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2021-22207 Excessive memory consumption in the MS-WSP dissector. CVE-2021-22235 Crash in the DNP dissector. CVE-2021-39921 NULL pointer exception in the Modbus dissector. CVE-2021-39922 Buffer overflow in the C12.22 dissector. CVE-2021-39923 Large loop in the PNRP dissector. CVE-2021-39924 Large loop in the Bluetooth DHT dissector. CVE-2021-39925 Buffer overflow in the Bluetooth SDP dissector. CVE-2021-39928 NULL pointer exception in the IEEE 802.11 dissector. CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector. For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u2. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIwmAACgkQiNJCh6LY mLHgMg/+Kd1wRS3kNX5Qxvf3Zi/+kAWLOcLGeTzsuXG6Gxvokyh957PV6TiCe+N2 J3m1h0oZQECWrPf/4l/m2I3adA6P7xlOX2ozO5PbtRPju1+FmqY8fs4mEDEgrR5d z608Cvyl32Y+vffze9/rpSK6UzLzW7QnKX5SKRNt6q03q2pnAOjT7ED79AAZXPL0 b3mTHQsiAQO93t+6D0dXf8oUjZ/FFM2anTDPbRcGQu5f32pFv+KCLWEMDUwdA8Nx iVbVk/FL+tMKtd/kABUFwa3gpYDbm/1fH9kHFEamElOsv+R9qFzITgnZr+tKRb6P 1AP8FJhLwcNMSk8FXK7BEIOIfxOTh3I/9eC4KLOznKIfGqPYSrQmFJIqJ/l5xyej PXyo/Ygf58OQbeLSZkOiTlq5yhJmxOj/G81sDx0VxBgnt6JStBo3Vhqlz2Tj0nYp WuOLFUW+k74NpG0rtfFU8hJjdrKzvvqGhS6XBmDuH9RThKwi/xyPEhZI+DQxL06n l1qaJ1tfGiOS0mLWP+ZU8cOLdmc2jiQvdOdAe9onFyQPkJ8Knsa+ik+OuVC3VMXK X0NwdVPpb+p5DcIV4cE8yei0YXZ2CZDugA8s4I92HwIQ/Gn6tYq1lmYpG44pigGI i6ZJczH9UYzOXpJIiHlqg6OsorE0mJxynLbWdYo0lXnbqNOWcAk= =b+J5 -END PGP SIGNATURE-
[SECURITY] [DLA 2850-1] libpcap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2850-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 26, 2021 https://wiki.debian.org/LTS - - Package: libpcap Version: 1.8.1-3+deb9u1 CVE ID : CVE-2019-15165 Debian Bug : 941697 Improper PHB header length validation was fixed in libpcap, a library for capturing network traffic. For Debian 9 stretch, this problem has been fixed in version 1.8.1-3+deb9u1. We recommend that you upgrade your libpcap packages. For the detailed security status of libpcap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpcap Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHIxJEACgkQiNJCh6LY mLETvg/8CK9+TXruBN5nlo7xikNd+K6x1ukuMwar5VlJ75tlnpPkZjxqH+Tu3U9k OLgSelTTFB6qME1DP+q5dxGbUB7SZMgVJMGkwIzy3c8DJRYY9BBHA+Qi/oxN4j3R JFC6+SJDFfEzoNh5QT6+QNHv8AEtIZb7HoCxkS32hVTcMSkYFixKCqXrgyAu7QKs NJ/qvi6yOnxmdu7d5TR0Fn27ZUi8mnQQdXnaDCXc2q/UX1+XB8C40IJP0RE6IXKI Xa+EqH1PJrokfzgfkmYsi578Kj5Q32PdjUh6VRLmPR2Y2qzjunNU9+PBz/4GuN9p BqWxWlFerHTLQdVQyShorzl16qKVbwKuSrtoogF3e9gJ568ELVXkD6uiJlJHqaEW GJuYPybrokHAhq0qjCNfjlwIwlAv6/eYJnjQ23ffN2KX7FQFNQxZWUj9+WJx9VyD YF1qMTemVRlgtJCnfkK+neg1Hb8Bc7tAl8/sVR2ry5sAOCMwWYSYgqno0f3XxTNW UcYf4GzVGEdr5YhiqK3bBa9DHKb4HkPtfB23lC5xzrMiN54jlMMVG3H2iWyUpReZ z2F6J4OWyjsOApyHHlWvKyAWSIuLpsasfHoIN4orhVB4rbrVWhbtLBaTCAhzlJTd 99lRdq514wClUqOWggy3sp1pVqqNXCvcREVicUJzo3utGn16ems= =5bpO -END PGP SIGNATURE-