Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3890-1] spip security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3890-1] spip security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3890-1] spip security update
  • Date: Wed, 21 Jun 2017 19:39:17 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1dNlTB-0003xb-BO AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 21 Jun 2017 19:39:34 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <zaRsQCkZM3B.A.80.2tsSZB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3890-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2017-9736
Debian Bug : 864921

Emeric Boit of ANSSI reported that SPIP, a website engine for
publishing, insufficiently sanitises the value from the X-Forwarded-Host
HTTP header field. An unauthenticated attacker can take advantage of
this flaw to cause remote code execution.

For the stable distribution (stretch), this problem has been fixed in
version 3.1.4-3~deb9u1.

For the testing distribution (buster), this problem has been fixed
in version 3.1.4-3.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.4-3.

We recommend that you upgrade your spip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllKyx1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QerA/9Ht8bSm1F/5OvmtEKgEr51KO/QO/yLYs53RJ0FC7GY+kIMsgo/oG/30H6
XXHMZqgjt4HqzCUVQAuU4N40LKDdYToiL3sQb5csvwjmG8enAMnmudgpAEc+Hn2R
cevTxpATuBI8hjzUiZ5eoYjNielawb8ttWrBVGc6RvKt0KxMflvL6igDal1QoxA7
/DVGwWwN848T+j+fbHWKFJ40J+eFeBMC15akzObjfCqvGOb46XLNV86CnrFtmxhJ
/OcUwlS5B5Rfp8Aw603cYESiRsUwgUGty+DDpcIYvhPSs0iYHc9fjPOWsQPFwMv8
hcqo1B2EfWynPZJBYKvO2moC+sH2QnnZzl0qjOY8sPdgpPqUpnxUtwzH44yMqsJt
XTkYr/hiSZZHs5OD6/IjSZn4Ul00zeXgRaX18Z/iNSu2Xcnop9x7l2Zxrl7H3xDC
J4b9WlmQNhFMP1eDVAMw5lVodFP59b7fBrHOH0uHGMchJ35Wg4i3cTcVODRkRRR5
Fso+u/SeCzZ3OfEh9OrdLIEEp9thl0f+wgRS/f8nA6XhmAh709T5kb+ymh7hW/di
DLC5hzEfeLi7wy7zwo0gRuxNJyXHb8fdYmfU0dkwKLeVm3Z7bowFTTEx0jtAOo5U
ExvcqyPJOunxWmN+R+DOjsiagCnxt/7kq15TlLXcYxqcjnDFaPU=
=oJxJ
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 3890-1] spip security update, Salvatore Bonaccorso, 21.06.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang