Re: [SECURITY] [DLA 3406-1] sniproxy security update

Abraão Teixeira Sun, 30 Apr 2023 04:48:16 -0700

Oi

Em dom., 30 de abr. de 2023 às 08:30, Thorsten Alteholz <deb...@alteholz.de>
escreveu:


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian LTS Advisory DLA-3406-1                debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                    Thorsten Alteholz
> April 30, 2023                                https://wiki.debian.org/LTS
> - -------------------------------------------------------------------------
>
> Package        : sniproxy
> Version        : 0.6.0-1+deb10u1
> CVE ID         : CVE-2023-25076
>
>
> An issue has been found in sniproxy, a transparent TLS and HTTP layer 4
> proxy with SNI support.
> Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS
> packet might lead to remote arbitrary code execution.
>
>
> For Debian 10 buster, this problem has been fixed in version
> 0.6.0-1+deb10u1.
>
> We recommend that you upgrade your sniproxy packages.
>
> For the detailed security status of sniproxy please refer to
> its security tracker page at:
> https://security-tracker.debian.org/tracker/sniproxy
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
>
> -----BEGIN PGP SIGNATURE-----
>
> iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmROS4pfFIAAAAAALgAo
> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
> MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
> WEfYMA//RvxUFnx0SBALjE35lRana+KH4Yv2zmC368mJYQwJvT3jHU3/0olTtQ8s
> bibxPmQ7MC3sZ7oSQHt4tz4xI6HzUJqf6AsVOkUaz0Nz6N4RZBA+Rdby0lWVLvss
> SL7lC63PzoGie4SgWGMHPD01SnVX7YWQjJGzd9wzLPKwSm0h/5mMhq7C/BTPwT76
> I9gAhoJcOiOWMVnGHChI2dbBvzXiwfpUEhoQ5yZxklKP9vg+sTks4csYoDyZVTUA
> jPHLytGAohVcAuSUsIIPxOq82Lg7qIGB4CmEd1fDAw8cYd8mwDwh6VdiQ94fQ/VF
> T2mbJB+Xvk0gjAZOOv+5MntzcvHKMfiqVVCdxz1z18dSHRDVbDh2ib1LClwFggHB
> SHyHHvMIItOJZAlIg0L7jmucN+lYZc1R3GOuX7LBeIe4DNu4g2sr4yQm87W9em1l
> StME5HfdmucckbuWGxN5d38IU6n/LzxMC0qGOqOgzW/PldUCyQyQbE5vRqd++PD/
> GIQW93AKTPDPFLLrYjoGBgF1fLfWqMZw8oXmX1kU5gAJbSb/8CPTdDX7qzpuONVZ
> TVBq4CuEQTjqgsBuQSozEdh6bhWMufZSUFg+NViRmkOOkStPnzIHKYwjbms71XyK
> CqZG6JkG9XMsePq8RkrX/Jr9cKz87AU9//1vUNSAX24fjKtzx60=
> =Ly35
> -----END PGP SIGNATURE-----
>
>

Re: [SECURITY] [DLA 3406-1] sniproxy security update

Reply via email to