it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5260-1] lava security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5260-1] lava security update
Date: Sun, 23 Oct 2022 18:38:14 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Y1WKFiTNXrwfB0yR AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=BQ1qLTFu5OcA6EYapPtSO3In5OgvLbKtmjOOtCwgT9E=; b=lM 45i/lwyBk6WhMJG8Tyh5VXYFOdqVuKa+BrMwLHt4sgm8FCBBiFRKZydzcoB1+iTBdC0Rp2l8SqWBJ d8sr6hsiNp+PytPrrQjSWJAmLRRwNdsuXYQnNfJw4cKvqHSfcpMWDvG46D6lGRgOtPFaEPK+im+M7 Y6nHVYdW9v6D1Q266wJwy/FS9kUBlfZo9JS2VIfLkaI4td6tBxa2P5kC/A9WeSwVYWyOLk5Cnp8mW xFfhzefk0iNDv+qDoBcGXb0U6MqhdrxILPOl9iYgRGpElqAtPu+gYHfo4d8M9V/dfUPI/Bsk5FUSt IJcy6HZx9U9y1QRcrLnoWa4mJbXYnfWQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 23 Oct 2022 18:38:37 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <0wUBKpUITvE.A.VuG.toYVjB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5260-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 23, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lava
CVE ID : CVE-2022-42902
Debian Bug : 1021737

Igor Ponomarev discovered that LAVA, a continuous integration system for
deploying operating systems onto physical and virtual hardware for
running tests, used exec() on input passed to the server component.

For the stable distribution (bullseye), this problem has been fixed in
version 2020.12-5+deb11u1.

We recommend that you upgrade your lava packages.

For the detailed security status of lava please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lava

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNViSgACgkQEMKTtsN8
TjbTZQ/+PZMyV4LA6box8yB3VGBSBfh4NSDKqtc0YqmsBhMFbiXAtSqNfxr93GEI
d+e6cHdGJQn73g0gLj/N70922Qz7k+nC7+kjDBul19S84M2gp5O9OWaOgXwZVBS2
BFJQkdGz4yG1bp94GxX/S66q1podS+NWFP6M87OD3eB/XnBUIPYj9K+ItUiSwr3X
NiXvqF1ocItc4yGjtJDM8Dh7avYL0mVLJ+VEZV3x2JVGR2ytTDOQOT9MOiNl5aG+
PziP8nzxUN4XcS5vSjFQjCNrfEJ43vCR5n20KBFMgTA8NlRGqKhElHuel2MC2R4U
reOnw7l6/6b05aaUfXJhi94KZx8/4ZEniL7MF6WyGmCnXp2oRlEM07U+nefTOo2q
PbPfEm4fFYajFVSO7Spq4GbSYdDku1/83zoa1BFOw3UU2YQhYfNFhmcR6cLoqdVw
vjitSbIfysdtvWWXef0q1cdmI5M1GWfiuIOstUQsleOQCBDxqMyGtxoZzvwwDyAt
eZe8dV8iBwgDPYwuii40l0/0npSVEsmwMUCz6K6D0b0AxmGmAf487c64WErQhlRF
9dl/VYzwLtPJNweEUC3y3CwhrdFu1J3w/4Blj0+ynnMgqUENwMFvCTJlitbMy74o
DUY3qu3tGE52FGCODrct5ksPShI9KBAyE7DDlnsapJjV0yuvxZQ=
=b+Kz
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5260-1] lava security update, Moritz Muehlenhoff, 23.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.