Malware Devil

Loading...

Monday, March 8, 2021

ESB-2021.0812 – [Win][UNIX/Linux][Debian] libcaca: Execute arbitrary code/commands – Existing account 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0812
                          libcaca security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libcaca
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3410  

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2584

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running libcaca check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2584-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
March 07, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : libcaca
Version        : 0.99.beta19-2.1~deb9u2
CVE ID         : CVE-2021-3410
Debian Bug     : 983684

A buffer overflow issue in caca_resize function in 
libcaca/caca/canvas.c may lead to local execution of arbitrary code in 
the user context.

For Debian 9 stretch, this problem has been fixed in version
0.99.beta19-2.1~deb9u2.

We recommend that you upgrade your libcaca packages.

For the detailed security status of libcaca please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libcaca

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBEbQEACgkQhj1N8u2c
KO/rOg/9EfLQhJ4lag0jGfblNYa04HUg8BWpiVYPq4HbMXSwM/rB4V/bSS+4KrTx
bhJLL7qyYhf7BlfM1mLXKgCS0BxU4bZkqTpmV3iOFF2kIoeEmvJBXRDD6aOfbVUt
8l8kP8iq7LCPaw5qqFtW4j133jjHKzoN6eUUctUEiui/jgWOlf6ZhrD/XGNwLMVw
g4AHhJS4o2nuS4fvgrqdoi/WA2wy4Ts/WzSbqCpP0yP70KN7vSu847mKIXK1HPRc
JFBFMN0CXMiC9dHevxyzkeojRAVfk8G0xVxCfzBCzLcDYQI+a8AsgYp+5YBzTrMN
0QmMhLeOBGVDqhVjzAwhDbs6AuacaYhCyCliNgNj19X+zG/OzN3UGPQHqIetpPDb
ecPi/VF2V6DMhUf7BwS4GD6LwJhoiBcfs7k1jIvpTHYb3bV+DR+CObI0dsBtdCPE
6Uaixf5vXwW+ionVrm/zue0r3WTKkFI3JCtev23ZiumR/wH4c9Mz2O8oAUCgC2pw
QG9OxxSYT55ekBYyw+KDb1MEb9q93PlFjZqN/9HM6HgxrsG6+G0J+kTT5lWOhXUq
Vc15LPRvf/e8hsihjsV0VQxr64/nzLpfeLz0w0DvNBh66gpBuxMbu7eEjvB/a2pq
qYfmfGow5Eov9Q8jU640W7Y2xDKc9GvBdeXFS5XjOLLN1Lqy9fc=
=XyNc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEWEHONLKJtyKPYoAQi7GxAAhKii3hr8uNtl6AtQ8bT0YNxaAzCm6pz5
me6xxb7KIafaPHvzSpZSSqOtzF2aznw5b6rLIGfYY87n1QxNlpUmQlKO/nNx+KP4
mXnzFVMla0LQPC1timKXxeXoIN5oKnI4Mx66HUCfuS+u4jWpuOkIbaA65iOy7St+
WQNk+E4SlVo/z21RuYgpqmcfJlLFXnM6YasjU4/GPPV6zUGt4PXVf3MKL5Tz54Jn
Go+xWQVd8C8YM5rLpm9MKPGAehqIJmplAIWJ1liaUtqNVZtyMdkZBfzFYk0+eJHh
sZLxvChAWGgDd4an3WsSx5qZeaVLN9h0CGAaWKlgTn5L8Sd6JOnN8RdHvqmW7z3s
9abYwBTrt44wo1l/rltuqaEhtzOJuwCpGnWDro7fwlGgZOaq1EfJaTBo/Gf3aOpn
aJeTvtgRiTyP8mR2JvjsntRyCyrHDL9VVe5s+UUAWP9dMLm++CtHD8vWzTrPTVq6
DVbkZeXWrfSqmagjXJ+byDEgKdUN0xKO/q3yoyV3aAxvaarybtwMJlzr5O4TCfMZ
2CegOGSImkxpL9c3cr7pH1/PaBgGAMYn5rS1f97j5sxAG89k+0GIAcY6vdqnlKc+
1/Zf6grf5VuPh69yRg9htQs9gWV+XEI6kJOSyTZtboCz6J7GB3n2/OqJ+gS/t1iE
gFmVUOOSH0I=
=776b
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0812 – [Win][UNIX/Linux][Debian] libcaca: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.



https://malwaredevil.com/2021/03/08/esb-2021-0812-winunix-linuxdebian-libcaca-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0812-winunix-linuxdebian-libcaca-execute-arbitrary-code-commands-existing-account
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...