Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5041-1] cfrpki security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5041-1] cfrpki security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5041-1] cfrpki security update
  • Date: Tue, 11 Jan 2022 21:54:05 +0000
  • List-archive: https://lists.debian.org/msgid-search/20220111215405.GA8381 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=fLS3z3HBsPHfg41b5sexfklpHiNlw+ByF+CudpxGHcc=; b=FE 9G/JZRSqZW/zqd5NypVQCb9qPDqCqNVZaluBytyPnktAVpgIgW/bj0rMvDMUNR8g5JOOYpLVy06zs K2FvxjVyX0eZtOUPOkR9HktThUJjksaXS/cek0NYbCJ2cb/T1feWdI9ScD7lan3FGv5CCQ6uDy/Bq e7RpMQLaucfsJnAWW3jnqpNuYd8YEHjUQ0YHHPt56T5/5STS2l+bAvxCZEIQk1/cKedJeo7v0bTDB VPxyYle1bmrnWghcuOaQ+mKSIVdMLMWLhiXOU0fYWIFbulFpvA/kKQfqGlsRQsM4gMlJwy0623g7U kLInxqYOTMerI9cUQgRGTBHN7Fen098A==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 11 Jan 2022 21:54:24 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <7c33vYRsGpE.A.qrD.Qyf3hB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5041-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 11, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cfrpki
CVE ID : CVE-2021-3761 CVE-2021-3907 CVE-2021-3908 CVE-2021-3909
CVE-2021-3910 CVE-2021-3911 CVE-2021-3912 CVE-2021-43173
CVE-2021-43174

Multiple vulnerabilities were discovered in Cloudflare's RPKI validator,
which could result in denial of service or path traversal.

For the stable distribution (bullseye), these problems have been fixed in
version 1.4.2-1~deb11u1.

We recommend that you upgrade your cfrpki packages.

For the detailed security status of cfrpki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cfrpki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmHd/DMACgkQEMKTtsN8
TjamFw//Xp8cdyNRxyeFrg9aH3H9xFVozYVXpGSZMRSoFDgrCW1BZuKPgtYH5Goi
zUjPYRb3w5ETr07ZJ2c0lmjONxFjRBm2t7T/7Yg5nYBy0uD80d6My095GLBDuSTz
bOOHXfcZInUAoc4Mlg3dFWHlJtI5W56R/t5TaBt2EBbxnCkIUcpxdCGq8eTL8uOi
2gFJms0ROkQpuNS4HH5A2b5IWEtZ59CqYkTmq9lIfUnuQXBxP3qGc6UxIjEPHz9r
9qck3lCiFKMvxN2mZ4dYMUFUSYbXRFfVVPQndtxQMII7Z60usFfRTUamEFqm/FAx
2AjrJ4hmtrCEPHcHMCocpE6YMgmaAQcl9DLnosVon8kFWpEk4i7Hv4Dh7Szq9GAk
h+miguOB4cR4NNaE9ZQ6RL2mhe/Rw7RFBnsLreMZ1wkqiHOyBH/MtUSgqGynsUbV
PbJLA8kyBGaoVx2Goc2dNdkWDPwJhEjw38B2Uo+7ay1I11hw7B7Bkp2AECK+gJaM
1CJ0dIeiq7adHZtIadIjL5gsihF3EQFcmmqJDqWH2dxrwNrtwYPVzV3cZVoRmc9q
MjPC4hauxDdgAXFAtrAPqrk50yBU1Q6tZZYjDPU8ZePq21LIHGNDeFbxUbN81DI5
e06MZbHG49n3hI4wOO3VQta+Cb/MAqvAKTlZuUUjdTS4Dtxf29A=
=n8pD
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5041-1] cfrpki security update, Moritz Muehlenhoff, 11.01.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang