Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4093-1] openocd security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4093-1] openocd security update


Chronologisch Thread 
  • From: <luciano AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4093-1] openocd security update
  • Date: Mon, 22 Jan 2018 02:43:31 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1edS55-0006Kj-0M AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <luciano AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 22 Jan 2018 02:43:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <ha_erTtqXUP.A.4VB.n_UZaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4093-1 security AT debian.org
https://www.debian.org/security/
January 21, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openocd
CVE ID : CVE-2018-5704
Debian Bug : 887488

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS,
was vulnerable to Cross Protocol Scripting attacks. An attacker could
craft a HTML page that, when visited by a victim running OpenOCD, could
execute arbitrary commands on the victims host.

This fix also sets the OpenOCD default binding to localhost, instead of
every network interfaces. This can be changed with the added "bindto"
command argument.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.8.0-4+deb7u1.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.0-1+deb8u1.

We recommend that you upgrade your openocd packages.

For the detailed security status of openocd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openocd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlplTRkACgkQbsLe9o/+
N3SoCQ//YBD0bq5cBK382flGHmfA5mu7unG6aUxd9+bDCvoKqbZdmgModuh/nBG/
qF/0kUOInDN0gYXFAoXFKKn2aIjOQ3SHc6miyu5XA+I/Ie4TVDtpndajW6rqvrNd
Ylt8fxRexRctY1MXWMB9Jv+uP+8MU/18abMGxFdltBZOLQM6DsKyS0AKlbd08zBu
ykdgg4X9qRm44fPU4KyPCWroAhAfUkRWdg8YFweRLY6uOetkwoUR0MKbw3zZjMyA
3qQ+ejjoC6/vFZ0Nmy3QRHabqLSiR/ierLx/n0ZC4xiGfQBYiPpOyyN8bQtkzGf8
csFvDh77PxUeaA1RC8tlY3cR/vvB+GaODRmxKzQPrsUf0HoWxHTfGT1/MbcKuuxP
s8Vn5Plwg/v7H9KJYOUbNyzNq/xt/sxcZdTXDF049vaagmEwQnM0iXG5D6quLQkS
iXn2qzHw0Xv73yA6msdxu/v5d8i/6ly+qzkf/qUNE1Vc1WTfWw41qb6VxLB6W/3A
fVBIp3Jpykj+QlDFhgYTenuaPim86G8JjvsZDb2x9k0ThJQQs4SD8ikhwoYrhlnm
JsHe/uFjDyLWUZxRumPS16pZMrMjDKO93NiR17R8u/KV1jPWkwq/2D6WSIyJfiT8
sYUEV1rhsYSD82sP6+vpMJF89LOeHpl+YI0SLL91Oixw0RypB9k=
=8CD/
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 4093-1] openocd security update, luciano, 22.01.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang