it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5847-1] snapcast security update
- Date: Tue, 21 Jan 2025 19:34:28 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/Z4/2xJ2k+JnIwO8T AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=WER+z7tY8LnTsEzCf5j98JVnn3sjOwigPZNZXsKbS6Y=; b=oZ bBcyBejQXCvc8Ymx4i8IA1QY9ccnidQh7WWyPuEEiVwK9z3lay/KC0r5NyKUEC+EiptePsbUUEE9L HdoyPFh6/jI6xfDav53+vg9KnoNssNALA5PEgDMee+rvqpiyLCTReCs/0sfU1aCzB9LZeQFhgB4eE DGa/pCdOIS53s7K4i3xa+finRZV/NmaMWZx7vT41CshE+y3hdXJOVhXgUSotH5PRyCq1C62foufM5 /Wp0EmZJ3lKLMq2tKriuMMHHDYcGfzh/qXJns+cyGq1WiT9MZLm6GZsHTw0g3TycBSTKLW6RCn0AU xu4iQmGqsPnhiDVvoM6rmJmyphXWdNMg==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 21 Jan 2025 19:34:48 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <8C-juHZ-EHH.A.y-BF.Yb_jnB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5847-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : snapcast
CVE ID : CVE-2023-36177
It was discovered that the JSON RPC interface of the server componenent
of Snapcast, a multi-room client-server audio player, allowed the
execution of arbitrary code.
For the stable distribution (bookworm), this problem has been fixed in
version 0.26.0+dfsg1-1+deb12u1.
We recommend that you upgrade your snapcast packages.
For the detailed security status of snapcast please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/snapcast
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmeP9ZEACgkQEMKTtsN8
TjardxAAvEnDOkrG9PWltWiBQNm0KzRZ06PgqD08BHGmDiEQE2fz/DzSb3Gt5C5m
SzoP1JKHhP7nWo/HjuJMILJJhRlxVOaSi3o+U45H+0BbH+VHa+qUrpPHDARuXsuk
exScqEPdH1lqC5v26h6SFyOS4SFsk6vTzGJhLCkVKU+Yxtq91eDSPqnUzvt1Uw1P
eDiX8fhCnm9mqj5uvIIt4zd+AJs0xJ79Bq/oKNgrlj02FQQf3qIXXqHw7CjCPXl1
BBN30gPLO9ibvKQlK5fsTuKwUNZsu3qdY/hTQ9qg+F4XKtETO5A65rVJWsaR8hEj
DLZeeyfw09FDwSvRABr8E5NNsonZvVUlhd2TEd7KWLVh0Ne39WA8dB0bdf2ZvcAX
Us0857CsoeLYic5JCNbxhg9A2mZFSkZl+vsKurmIWIOzDyBSxaFC0HzHbB5n2syj
uUEdKuX1sw7ZT9N+tvCxfsPAYQS2Ysikjz5gqcqe/pNXnPuZsXHw5zkHlqEmMxwo
igXEVSmJdn4dOQi3pB/TBTj6GnavgLvje9bMQih3AHcviZuaE1zNETvXsLDnJOzi
JozDj6Au5ggkOjdf+yhV1XLkRO9kRsVTyRR+Pxt9C2X6qz8sTj8IMeq1XY/fCJna
S4bwCy+tDuL0iZ1qWHUlLGNlmwsLENm4d+CXLaqZNVNC9QiKYwI=
=W/aT
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5847-1] snapcast security update, Moritz Muehlenhoff, 21.01.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.