1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3890-1] spip security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Jun 21 21:50:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3890-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    June 21, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : spip
    CVE ID : CVE-2017-9736
    Debian Bug : 864921

    Emeric Boit of ANSSI reported that SPIP, a website engine for
    publishing, insufficiently sanitises the value from the X-Forwarded-Host
    HTTP header field. An unauthenticated attacker can take advantage of
    this flaw to cause remote code execution.

    For the stable distribution (stretch), this problem has been fixed in
    version 3.1.4-3~deb9u1.

    For the testing distribution (buster), this problem has been fixed
    in version 3.1.4-3.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.1.4-3.

    We recommend that you upgrade your spip packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllKyx1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QerA/9Ht8bSm1F/5OvmtEKgEr51KO/QO/yLYs53RJ0FC7GY+kIMsgo/oG/30H6 XXHMZqgjt4HqzCUVQAuU4N40LKDdYToiL3sQb5csvwjmG8enAMnmudgpAEc+Hn2R cevTxpATuBI8hjzUiZ5eoYjNielawb8ttWrBVGc6RvKt0KxMflvL6igDal1QoxA7 /DVGwWwN848T+j+fbHWKFJ40J+eFeBMC15akzObjfCqvGOb46XLNV86CnrFtmxhJ /OcUwlS5B5Rfp8Aw603cYESiRsUwgUGty+DDpcIYvhPSs0iYHc9fjPOWsQPFwMv8 hcqo1B2EfWynPZJBYKvO2moC+sH2QnnZzl0qjOY8sPdgpPqUpnxUtwzH44yMqsJt XTkYr/hiSZZHs5OD6/IjSZn4Ul00zeXgRaX18Z/iNSu2Xcnop9x7l2Zxrl7H3xDC J4b9WlmQNhFMP1eDVAMw5lVodFP59b7fBrHOH0uHGMchJ35Wg4i3cTcVODRkRRR5 Fso+u/SeCzZ3OfEh9OrdLIEEp9thl0f+wgRS/f8nA6XhmAh709T5kb+ymh7hW/di DLC5hzEfeLi7wy7zwo0gRuxNJyXHb8fdYmfU0dkwKLeVm3Z7bowFTTEx0jtAOo5U ExvcqyPJOunxWmN+R+DOjsiagCnxt/7kq15TlLXcYxqcjnDFaPU=
    =oJxJ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)