lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1ZSOLn-0004tJ-G8@master.debian.org>
Date: Thu, 20 Aug 2015 11:49:43 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3341-1] conntrack security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3341-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 20, 2015                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : conntrack
CVE ID         : CVE-2015-6496
Debian Bug     : 796103

It was discovered that in certain configurations, if the relevant
conntrack kernel module is not loaded, conntrackd will crash when
handling DCCP, SCTP or ICMPv6 packets.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:1.2.1-1+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 1:1.4.2-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.4.2-3.

We recommend that you upgrade your conntrack packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV1b6tAAoJEAVMuPMTQ89E9acQAI9mJw2+XMAYv6o3b3LPoWEw
blxUTwWaoEB8JzMthDL4vw54GbfYaAecIQ2/3Q81TQVHn+CUw4q3lgKIgRg4MHd5
Zi5WGD8tUFc0OLzX34E7FkHzMLgNDt2x1GfVCNZYJ2cLvEu1xMJTRKl0UxCfSUGU
THHNEc6Ko9NgAtzJZgun2K3bxEpko61VuCNpoHW4ib4kGyeJ9aZE0E0CDh5s1CVm
F6qSvoI5KOm4molOStf7AQU9dAubTi6ZNc8YaKKlHon6/uCySsXt52nBDfcygAlf
HVK1lio+t5s0T24qzYjaJZxH6VqQ6dLLsc2YDdiBYuMkmylOgnAXlqW5kRjyrJEb
kX3JCgLxI/lbdw9XHwsUELDcEppSXkrhor97K1Kmv4ef5qTLEp1IHUMppmn609Jk
+P2sBlPco4+3fj/CSqhEdtnZADwKt/5ZuvEJr1J0ueZJvUrmuRi4v1tiwNUmnzlU
0Rwo0npZs0T/QarPtCtPgWutG2v8yS1XaOl5al8nqmE7+DtBql7Z22QbGYG9nD8t
tHPTPMy8o9mctyrJ8bR7f3dQBbYjQwB3WJSNnC+1ceiU2+f4L6FuWUFbkU8rum31
8WpfUUA519b6vh8/SoiZrMaOwNcGtw23BkIYXko3GoEF3Docnb2dfXLRosZCIoH/
IC2ZqmuMiY41a0obKSdj
=S6/f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ