1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5638-1] libuv1 security update

    From Salvatore Bonaccorso@21:1/5 to All on Sun Mar 10 14:10:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5638-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    March 10, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libuv1
    CVE ID : CVE-2024-24806
    Debian Bug : 1063484

    It was discovered that the uv_getaddrinfo() function in libuv, an
    asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal
    APIs or SSRF attacks.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.40.0-2+deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.44.2-1+deb12u1.

    We recommend that you upgrade your libuv1 packages.

    For the detailed security status of libuv1 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/libuv1

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXtrrFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TOBw//UDY7qqzhavYjzvVxQ6ka9PGfBLJcRXhMjpwH5JxR6T0KOqCQkasoXCxm NTSzczr0zrtU4Hdtv6tb/E5QfemTpdEfMOtuuKxhQ3jrQNjnqtfDD5ouomrckxMc PtB3SsJ0e1BV97ORDEqrym39VQTIaVgxdZwXU5/mcqaboZx8uxv8XjaDURhAU1eY z5PDno6bTg/zL7bSSugTnxSPHwokv4FICxaG8rR6y6drbI7hndsx+LL+sXs426O8 xDzro+deanl3i9kdXxQujhTxJA+7vUTeaCl8rLFs7kOyNxDbCVADYc+Cc0h8Z0xn v/xNDYkIMprGcUx2QgW9mwfDgKGxDVtltPwb6oIBsKzrYBF/gVUqM5aym3VquS8n +lL7+uA0ZHKMxeQRrCtHCIoDUAhjVarQPqbxIX92tftSIRHU7e8Qfmyo7PdbPs9U C4zUUwIwQ6UtRR8OWIKE8IFa+BRxL2/3KCDjDvpK60VUfanRqdF7zcvifFQMw9mq J/s/IIY6Unhvk9/6QSKrNiaLnFBOVBZ4E4A5OU6W1KAKvixlH8bmv0XCgrlDr2fx /7+Xn8wNA86qPAd9/t6DAVzyjdlis+P6LYzAfrAguWQQS0xkDW+5OQqV3wyKvK1m 9PRJK4vfmiX5kw+VclGbJM4ToaKOLbSlns/QNhHuRw2RDem0/+s=
    =ai3N
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)