[SECURITY] [DSA 4377-2] rssh regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4377-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq - - Package: rssh Debian Bug : 921655 The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 2.3.4-5+deb9u3. We recommend that you upgrade your rssh packages. For the detailed security status of rssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxhnshfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R8AA/9FF8cVX0NDYsJPBOA4eIuqEWcfVUm66FcyHiOORDZ0J0jXNgXAuwJ4KVz CpgkmRkxbVudV4naOiJfuiASMxdPREs6VENWsEVc1E1F467V6he2ngJb67owOW4B Z5cHtHEaWFgThdf7cojlmswQ0hzXjQrIdu1CxYDRHyEDgDu7IxGPD2nonpZwTwOf MkwlXSCpQbAk9SbVbgGgwUOWtYX0woldR3JaaqOV++ufV24Pxwnalgse2lV9Cxou VinbJMQZ+0ABBBFuH2YXAnn5RCFn5IYMcsUveQQKslL9tBI1EFpIYEqxifcRxHS8 k3RWCZZ+OGUwCF0xwxcWLmbvLYhbzfKGv4NXxBGjo5++w322oqVNaQmoIxwJs+9k 2vc6NM1kr8ubPJxgDTpoA0ea91wh7B65IhUGZAnfj9lAuJw/l4Caf5+srFDxCDZg YGK/nAumEBR+3vec2MDpfs0suUtog7u/xmFYfqPReq6SaQD2GJTS5pYu1hwUBu8W PxWbwq/Ezx4ivJq+jLMwLT2EY0gIPh5i9tj8NT0o2QnJZcB9VKyKBSslMev20EYq 5gE6wC/uR9jCGl8W2fdKMAX71sXGFE76xP/waUtXykeihhEovB+SlTiua8F2wv+G aOLZ1S3gwzBj3SPtgnc0dEoVJdzs/cnYukMFxTJDmM6LmnkgdS4= =35hB -END PGP SIGNATURE-
[SECURITY] [DSA 4389-1] libu2f-host security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4389-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq - - Package: libu2f-host CVE ID : CVE-2018-20340 Debian Bug : 921725 Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer. For the stable distribution (stretch), this problem has been fixed in version 1.1.2-2+deb9u1. We recommend that you upgrade your libu2f-host packages. For the detailed security status of libu2f-host please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libu2f-host Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlxhdxAACgkQEL6Jg/PV nWSRdQf+Pt+y/MxE9ugOhakI80frcv8zTVYjE1PDu8ZvP6TjJDUT354O1njS05iX bYgw+PCHORKSvDIiwisMUFFqN6JdtWdweGyk+CyKO2pa4PLaQKXoTHSqfkxgSk5+ 7bykv5KgxfYLHFs3WewW2ZjC0TMcLMNr8u6uW0i9gWC8r4cnvZP7ftpUFdTfCcvj lFVLBGDBB6cS4dX+ZkMxtzJuyXE4JzIlLCECKJTYPeEGDxJLwd6v2MEgqKYswF1J +50VqdWi398+4koamrpAt1YnRK/QPYknU6Sfir++MuONPKbmHwPQX3/wDupsG//n AvswjQEqfv03MvTPNpEr50EBpeRbeA== =jLYL -END PGP SIGNATURE-