Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5413-1] sniproxy security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5413-1] sniproxy security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Aron Xu <aron AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5413-1] sniproxy security update
  • Date: Fri, 26 May 2023 13:19:21 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1q2XLl-005PM5-32 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=vmAEFblfK+6ygx1TlsXozti6d1qOYtmuPzOp466/nj4=; b=Dx +IHUvtIOl4JWfH37lmQGsfGll2yjd/omA9cn2Z6fRKv+n+n80lL+8dfPyURPOlzyUQ4+d2Ql5Y4y6 bsv3hILVqH43pIe3DPvhhnjKeX8jd2VYC+vAhSLOBOR8T33syjxpm7qIfw8RpbavwOzR6rHlQ9/ti p10ujSPxZeJnlXSmGBwFYZqL+4IsZ/BWWgxP1Ly1L1tyIgwrPJrOzSBTP4iBrA9XEievtLdsIvnpH jX6qmPqRUzek5F7rqjrNn2lsz379OjM2lNvA5ANiBbnWsFBRKRpExzdoWIDeRC/dmu1HDqhCbLLl8 GBOUXDHmTL6PPJJ/q5wfIdAdPjYyEKKw==;
  • Old-return-path: <aron AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 26 May 2023 13:19:50 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <kqYXseMfGqL.A.L8G.2HLckB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5413-1 security AT debian.org
https://www.debian.org/security/ Thorsten Alteholz
May 26, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sniproxy
CVE ID : CVE-2023-25076
Debian Bug : 1033752

An issue has been found in sniproxy, a transparent TLS and HTTP layer 4
proxy with SNI support. Due to bad handling of wildcard backend hosts,
a crafted HTTP or TLS packet might lead to remote arbitrary code
execution.

For the stable distribution (bullseye), this problem has been fixed in
version 0.6.0-2+deb11u1.

We recommend that you upgrade your sniproxy packages.

For the detailed security status of sniproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sniproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwsRMACgkQO1LKKgqv
2VRavQgAuKHflNXCnnu4VYTdqVME/Gkm37TyaxmrIaWliakXlQcz56ZIVBAdbko4
mUgqaWBleXcSXRNe/D+9I8ugQUSVzWXNXqOcu9Z+nQzlpHpB+wQR/rMrC97Ep00N
LcEELevoz20uDf6ufU+AQixYyfthvncwKcj0TFp4G4VcQboB5CocCVhlXvqEtimc
h/M117hfKEsD5AJWY04vXicmCqZWrtEjKUSNkZkrRKT/7u4DTkYcYgYsPBKCT0vP
Gf2XpWEP0bJb7vRyrPq5BnoLXJclF/t6CqD4L9MtBP1gwHPrtJQmgYdjyWm7wKvK
AKXINGSUIYDZKOw/3EEkzL2tHOSxng==
=0CH/
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5413-1] sniproxy security update, Aron Xu, 26.05.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang