it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5052-1] usbview security update
- Date: Fri, 21 Jan 2022 15:10:04 +0000
- List-archive: https://lists.debian.org/msgid-search/E1nAvYC-00042d-7u AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=f4KpHE5CFHzUFpPpSodlf8JX9fehjUuK/HtO8yqeIfg=; b=Bh ZVSZ9lgyNJLX3SffZfbPpFrnZyVnGQwzwtpnZ22umuJAcBFnavgArcGjkfw5wqYZP5QSN2sbllyuk SWQbyhDoPbpmbEWpoLrJ6KygRbVqpBbT72CjWd4lZXq/whke81Ik/R1p6jU1NX2oVtAGx23t3Z9tg dC4xculvQRMZhCgTpWounqXUuKLe+nRXpE/m/lYWOtqePppD9PYIZe3KdlTp1HceC3R/tWMVUfQo+ GCHvLuu3E6munJ1GdijRhFdm2hDV+dKrt5cnk9FGLlRatG1qOkTyprLhbZxatQ2GxgNSxFMxsWaM2 qXy9mpbRgYSV+kgSdtHWFolZElXKlvsQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Fri, 21 Jan 2022 15:10:20 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <cEXAwSWMqXN.A.WQD.czs6hB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5052-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 21, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : usbview
CVE ID : CVE-2022-23220
Matthias Gerstner reported that usbview, a USB device viewer, does not
properly handle authorization in the PolicyKit policy configuration,
which could result in root privilege escalation.
For the oldstable distribution (buster), this problem has been fixed
in version 2.0-21-g6fe2f4f-2+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
version 2.0-21-g6fe2f4f-2+deb11u1.
We recommend that you upgrade your usbview packages.
For the detailed security status of usbview please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/usbview
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHqzLJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S+QA/+KNbiEGe+2MBmytm1FO61YCb6LRzZyvIavVkgqIpRiUU3PvPUE7Laf77H
ZJZerkrVgVbC/nTEciLwa7LmF/SDKnKyMsVTlqjjbUgkUviducLrOeb4aQoegQh+
zuw9shaOVCIpkU8gAwQOP9Zyejm1pi5whb3lQlPBTvsOkcjJAo48/p02KfcO0au2
raHhOrvYv4+DhxRsuMXAWkYUp0PITiXibM6NsJHrjYEvRtn/yQIJSFe+NsvdiuJn
FKHDX/2AnAp0lRqBCwu++8RAzhMa9AjQ0RSfvLhPsJ0dQ1jR41hxN2ZXtk0WddW9
mAvOSP5aqyg+56+D0fv5AiIsSGlgeOJJZASkRSp0Ean67y4zkTWn+DUT+yg0dSlr
X08Hk2FqPmAaZpgYrJXCqmfRl55TP/tphA3qJNPFp4OYi8xZNnAP4/QBp2mJk4gj
Bkl4uBHkhx3Bq9MSklVPnwMrmYU3Bb58yLcNzhP8UG++XCQRR7DExLDtdcEtpFGv
uHGUWs4lmqaHQBvS38+yutqgqgfZaYX1oQr4stAOzfjjXAUjs+tGVVbS07i60OIY
9T57+4ToCaRyaOcRb2OzysPEO37HGcrl/iYWCYtsm+6JWgvIFoLpQKZuyiwlnqqx
C5xGEsuUzb4xB4w/LyYOcz8gXCe415urh5Pf0Vp8R4ypzDcHqrY=
=262s
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5052-1] usbview security update, Salvatore Bonaccorso, 21.01.2022
Archiv bereitgestellt durch MHonArc 2.6.24.