Debian Security Update e2fsprogs – exim4 und wpa

Logo debian
Logo vom Linuxbetriebsystem debian.

In der letzten Woche wurden für die Programme e2fsprogs (Filesystem Utility), exim4 (MTA) und dem WPA Protokoll in Debian Sicherheitsupdates veröffentlicht.

Debian e2fsprogs Security Notes

DSA-4535-1 e2fsprogs — security update

Date Reported:27 Sep 2019Affected Packages:e2fsprogsVulnerable:YesSecurity database references:In the Debian bugtracking system: Bug 941139.
In Mitre’s CVE dictionary: CVE-2019-5094.
More information:

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

For the oldstable distribution (stretch), this problem has been fixed in version 1.43.4-2+deb9u1.

For the stable distribution (buster), this problem has been fixed in version 1.44.5-1+deb10u2.

We recommend that you upgrade your e2fsprogs packages.

For the detailed security status of e2fsprogs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/e2fsprogs

Debian exim4 Security Notes

DSA-4536-1 exim4 — security update

Date Reported:28 Sep 2019Affected Packages:exim4Vulnerable:YesSecurity database references:In Mitre’s CVE dictionary: CVE-2019-16928.
More information:

A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in version 4.92-8+deb10u3.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4

Debian WPA Protokoll Security Notes

DSA-4538-1 wpa — security update

Date Reported:29 Sep 2019Affected Packages:wpaVulnerable:YesSecurity database references:In the Debian bugtracking system: Bug 934180Bug 940080.
In Mitre’s CVE dictionary: CVE-2019-13377CVE-2019-16275.
More information:

Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).

  • CVE-2019-13377A timing-based side-channel attack against WPA3’s Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password.
  • CVE-2019-16275Insufficient source address validation for some received Management frames in hostapd could lead to a denial of service for stations associated to an access point. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.

For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u1.

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.