Jump to content
Compatible Support Forums
Sign in to follow this  
news

[gentoo-announce] [ GLSA 201701-57 ] T1Lib: : Multiple vulnerabilities

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : hesiod

Version : 3.0.2-21+deb7u1

CVE IDs : CVE-2016-10151 CVE-2016-10152

Debian Bugs : #852094, 852093

 

It was discovered that there were two vulnerabilities in hesiod, Project

Athena's DNS-based directory service:

 

* CVE-2016-10151: A weak SUID check allowing privilege elevation.

 

* CVE-2016-10152: Use of a hard-coded DNS fallback domain

(athena.mit.edu) if configuration file could not be read.

 

For Debian 7 "Wheezy", this issue has been fixed in hesiod version

3.0.2-21+deb7u1.

 

We recommend that you upgrade your hesiod packages.

 

 

Regards,

 

- --

,''`.

: :' : Chris Lamb

`. `'` lamby ( -at -) debian.org / chris-lamb.co.uk

`-

 

-----BEGIN PGP SIGNATURE-----

 

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliGiiQACgkQHpU+J9Qx

HljIog/6A73rjluvxV8H9H5WLhMi/K/DFRl6x9i9VqobzxaWyooHnHQI/+zMAq2x

JvW5lL0CIm9M0Mp0c1YGE/dlI1FoZGv+/aSCEm2Rzmgn/VwxVZ74gu0oTJJig3de

NIB1A8Dwjcx0zKvBO6hHCgwtjpCopPSBFxoFwkLdsx8TVLDSu4iH6NTmzQM3Rglh

M18Ba8Ro1g78RtBbt/57H170tLJftuWEkdC3y6u5QmOXvczMejv0MdH/38Q67J6Y

VTq8Y8ip7xq5AekRJNsV2W/+yFGcf8q0cY1fWAqmyPn4gJfneBis9kfki0dTCnLN

oIHxJnKASsnEfZ4VrPrKHoxIapWUkU8WaxZopdY9Ll6uWaZEiFjUTX3Dx+QyBd+6

DbBkDoYubCI+tahmT2IcMnljKnbfprWyZadTXyPRny8O+Ta1eORWUxNhuw9IRVSY

pV/gMkSgzBmGgnixDXeAJ1kmh7DEWyIYoEkxxY4ONpvSnsoK+jHmbWOWLzCgN6rc

5GbY0Tfh4LQ//WUz3VoFtSEk60mENVyTgygNlYbaeImMiDHM08kptiKlmojASejG

QJtqIOQHL5ksZRWbN2k/o+yPolEdXXAfT5cUmlJxF9+RmKc4sKa902Cgnux9f548

0mAbC7+dhvU3AHx2HtxieSXjHD7r2Wg7rCthrYeqN5pmaAM0yb0=

=9tes

-----END PGP SIGNATURE-----

 

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×