-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5413-1
security@debian.org https://www.debian.org/security/ Thorsten Alteholz
May 26, 2023
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : sniproxy
CVE ID : CVE-2023-25076
Debian Bug : 1033752
An issue has been found in sniproxy, a transparent TLS and HTTP layer 4
proxy with SNI support. Due to bad handling of wildcard backend hosts,
a crafted HTTP or TLS packet might lead to remote arbitrary code
execution.
For the stable distribution (bullseye), this problem has been fixed in
version 0.6.0-2+deb11u1.
We recommend that you upgrade your sniproxy packages.
For the detailed security status of sniproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sniproxy
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwsRMACgkQO1LKKgqv 2VRavQgAuKHflNXCnnu4VYTdqVME/Gkm37TyaxmrIaWliakXlQcz56ZIVBAdbko4 mUgqaWBleXcSXRNe/D+9I8ugQUSVzWXNXqOcu9Z+nQzlpHpB+wQR/rMrC97Ep00N LcEELevoz20uDf6ufU+AQixYyfthvncwKcj0TFp4G4VcQboB5CocCVhlXvqEtimc h/M117hfKEsD5AJWY04vXicmCqZWrtEjKUSNkZkrRKT/7u4DTkYcYgYsPBKCT0vP Gf2XpWEP0bJb7vRyrPq5BnoLXJclF/t6CqD4L9MtBP1gwHPrtJQmgYdjyWm7wKvK AKXINGSUIYDZKOw/3EEkzL2tHOSxng==
=0CH/
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)