date:20181220

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

2018-12-20 Thread Salvatore Bonaccorso

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4357-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2018 https://www.debian.org/security/faq
- -

Package: libapache-mod-jk
CVE ID : CVE-2018-11759

Raphael Arrouas and Jean Lejeune discovered an access control bypass
vulnerability in mod_jk, the Apache connector for the Tomcat Java
servlet engine. The vulnerability is addressed by upgrading mod_jk to
the new upstream version 1.2.46, which includes additional changes.

 
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.42_and_1.2.43
 
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.43_and_1.2.44
 
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.44_and_1.2.45
 
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.45_and_1.2.46

For the stable distribution (stretch), this problem has been fixed in
version 1:1.2.46-0+deb9u1.

We recommend that you upgrade your libapache-mod-jk packages.

For the detailed security status of libapache-mod-jk please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libapache-mod-jk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwcFXJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qu7Q/6A6UGJsGJox6vlwjOso6/n0kSUW+Q/ojIL5O3BkDgxY4SkZ0Aw3OBWuj4
b4WimxndglxjA2/Lx5NPzthA82kSSYVJWkngjlhRCIX1eqFadpHrkXVPb1pBxvQ5
/JJsArO0X01qQQPlqsjSHtWQVDlRsELwycb48B+3u7Si9LUiyg5Z2kaBSanWvYNw
zDwludKjJpvMg8XoqR1dvrycXPK5NDkfqAud22cquog8XCNpc/jDNPMFLHwXQp1H
JJgLpIIJncHB9CPbi+7rMYpNsRBnAQNEcz6LGjsWY7fkgSfJfx/P8ezYjliDY7xf
EzxFDNXj+LHs1xH/7cTkf5+EX+rjU8lonPEAxqXpsZ9OKqGZfUBUAM7dyUWoMAMI
W0EB1Hr3ysa69V5EjGMdp2djH56OcMAAYB/uHu+R0p4YrE0Ivkx5XfUglnYLa9Wa
X9+jVf5Unp4qRNuCVwaI2k9P2u60UZezYx6hjMG81nxkZLDg6CAzDcVqGYR+dS4D
Z8wY0ya6NOMwnrkhuJfTX1LONbkwgzvNh/EvAZNduy6r8x62Sff7PVtaRWf2LjXq
sjjs9IT9Tc7Ta96GcR/nXkLc+VVdefvf2hZ29BDhEWovYhnb9X4k8Wsd2e/x4NFW
uz4nNmazB9Yyj1QD3G5DN7tfIoJ+iSuqIWtJqLIiOY7/VO+scPs=
=CyjI
-END PGP SIGNATURE-

[SECURITY] [DSA 4356-1] netatalk security update

2018-12-20 Thread Salvatore Bonaccorso

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4356-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2018 https://www.debian.org/security/faq
- -

Package: netatalk
CVE ID : CVE-2018-1160
Debian Bug : 916930

Jacob Baines discovered a flaw in the handling of the DSI Opensession
command in Netatalk, an implementation of the AppleTalk Protocol Suite,
allowing an unauthenticated user to execute arbitrary code with root
privileges.

For the stable distribution (stretch), this problem has been fixed in
version 2.2.5-2+deb9u1.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwb2aFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TaWA/7BLosSUP7w9QtHSSXqZcQQ2S2SzVNbANKjK0E1VFb+P8yZYXmQTQIBcLI
SvM8A8tewM7gil0d8Nl+5m1xPZeWZ9eLrwCkD9CvAbqS+6h1HiiIGAEyAFJ0wzL8
P49BUZtUmg/vFFecjhdwPW+D5ve31EKZlB/IJngGm4ETHnRUyGXvYtW6Y89KWKQL
Fl2t3quM1zq6nIi8ovtHUvEMkenHfziT3I0WcEjqZp/YJb8WlckpQOBs/oIH9Cem
m5FmQmYbQLFt40RPORjhsA+7vWOCofBFfW7caVY+9hkSL75USzhfZRHeIWS4LHrA
4tKmwS4ZDv/9FyT/KEOnA0qBjLltFUYoK3ZnWGvw0lGVVJE4ae9N5nsLYuVsbEey
6Q8MYn7H/Kks8/CXicb9Mg4pgCcRK8PdudY+BTo6BTZHE6oRT2fj1t8COYWJ7xWo
92CoIbuQ6E5fJwxyZ7aDOGbzQxUmuE1SL6QblK/xlIdUCdJ8qtyFBat8++KVNoAn
mtYah1/VFfqUA2XqzRdQIq3O45Hks48jhKWhqIPjJaK9kJQaiRLkSkqZr/SBI2Vy
ZIe4mHG/j5Ps4Y2Z9WiamvZCP2jlFRWFsaYKpS7Bj1auf9ekA3zOB7PH+3Lxq93N
KDl9HJLTrKym1v4p3hAeuHpkbMDOxH4Bpf5K9Qys7/ce6cPOhVA=
=VFiz
-END PGP SIGNATURE-

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

[SECURITY] [DSA 4356-1] netatalk security update

2 matches

Site Navigation

Mail list logo

Footer information