Debian Security Update e2fsprogs – exim4 und wpa

Debian Security Update e2fsprogs – exim4 und wpa

In der letzten Woche wurden für die Programme e2fsprogs (Filesystem Utility), exim4 (MTA) und dem WPA Protokoll in Debian Sicherheitsupdates veröffentlicht.

Debian e2fsprogs Security Notes

DSA-4535-1 e2fsprogs — security update

Date Reported:27 Sep 2019Affected Packages:e2fsprogsVulnerable:YesSecurity database references:In the Debian bugtracking system: Bug 941139.
In Mitre’s CVE dictionary: CVE-2019-5094.
More information:

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

For the oldstable distribution (stretch), this problem has been fixed in version 1.43.4-2+deb9u1.

For the stable distribution (buster), this problem has been fixed in version 1.44.5-1+deb10u2.

We recommend that you upgrade your e2fsprogs packages.

For the detailed security status of e2fsprogs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/e2fsprogs

Debian exim4 Security Notes

DSA-4536-1 exim4 — security update

Date Reported:28 Sep 2019Affected Packages:exim4Vulnerable:YesSecurity database references:In Mitre’s CVE dictionary: CVE-2019-16928.
More information:

A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in version 4.92-8+deb10u3.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4

Debian WPA Protokoll Security Notes

DSA-4538-1 wpa — security update

Date Reported:29 Sep 2019Affected Packages:wpaVulnerable:YesSecurity database references:In the Debian bugtracking system: Bug 934180Bug 940080.
In Mitre’s CVE dictionary: CVE-2019-13377CVE-2019-16275.
More information:

Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).

  • CVE-2019-13377A timing-based side-channel attack against WPA3’s Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password.
  • CVE-2019-16275Insufficient source address validation for some received Management frames in hostapd could lead to a denial of service for stations associated to an access point. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.

For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u1.

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.