-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3084-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky August 27, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : ndpi Version : 2.6-3+deb10u1 CVE ID : CVE-2020-15472 CVE-2020-15476 Two security issues have been discovered in ndpi: deep packet inspection library. CVE-2020-15472 H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c. CVE-2020-15476 Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle. For Debian 10 buster, these problems have been fixed in version 2.6-3+deb10u1. We recommend that you upgrade your ndpi packages. For the detailed security status of ndpi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ndpi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmMLOuQACgkQ0+Fzg8+n /wa5EhAAk2gRn9sJAlealaLCTNtatgM1VNAS6+qans3GFqUd++lzcD5DX1i2e6Tx lOR55eWNLeMqx3wP6w67Ik+uPvEfmPg6AKk/EiGkcgRfw8A5ZFdAXfg8yT7cC723 X/9qK7FepHR0cB297vzXezrWggV/Mjbsbfx3ZfMyUiS5S4iwSR5sqsNNXdLkudKC E3AymRsUKhOty6TSCRilNOd5kvORx9eJvUUTJca8Tfo6LwTQBCRWyTX6hU/5gQqP el5n2K+MZJ5eV0+ckrj8w8dCLT5y3M+/qgZGSosOMdqKSDZrNzDdvuUF8EKSjN6z 4H+ba5u4Fxr6oDCC4V4uCijsSTvbslH+XwGMCKGABxPL3Yq+ldC7H9mZIi5bJEGr gwu4iEeIAzIlTPdLvyycBqgLPV8S2Dzv7HV5Z1SXp6f38fUBczBTyq0kBSXkivOq tAH6eKGtqkiW1VXY1JSCl197GaxDrHQkBdFG3bDI+3hX0Kx9MN8qXBc0mShOkGep 788dVF38OL5BtOLVRwTLCsqGX2+mZX1hA1SgvZ8v3wg4Y3gZoIP/p0UYNsa3XFEV DZ3QamPS/YZlWhLfa05sTC+CaM5+W7SYkTaPT84wpyPd3//XaXYUuK+LUxBnkt7N t9PCZPXxSc+xlsECEWadAiXvTVDN7Q7iBkjuqps19PcQy4mMQjs= =ufUV -----END PGP SIGNATURE-----