[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1253-1] openocd security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openocd
Version        : 0.5.0-1+deb7u1
CVE ID         : CVE-2018-5704
Debian Bug     : 887488

OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does
not block attempts to use HTTP POST for sending data to localhost, which
allows remote attackers to conduct cross-protocol scripting attacks,
and consequently execute arbitrary commands, via a crafted web site.

For Debian 7 "Wheezy", these problems have been fixed in version
0.5.0-1+deb7u1.

We recommend that you upgrade your openocd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpk8A9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS69RAAity0WbSmzBAdtFExYmGdtcbTFsIRiKb3PzTG+LI2wTGOlrqBURh4jqCA
LnWJUw/msfhzAgYpXvUumcu4fS8T+GGPhCwY/kxOKbBdarUSmZgq4u6/NcvAVM2E
DEEgg80tTdvF/+Cc304ACBn8aNofkmLH3uoZPdwSl6uIIOf24K8L9IYO4GE/4BPM
QWK3NvRSjZ6/MfS6PH5Y3TqiXfmA4TdUq4+N/8986AVp1fKkheN4YxqFJ589OJ8W
hVdQTO8zueOHw6rqsUIVx78vJDzeD6n5M9cH6bPJr7qYeWtEPe6w6Rx72pxHrqsC
4G7qyofKGDVHhdwnyJpgj2/sO9DBItfPuMzWP7OYuosYElkiOknCTvI2r5qGtsR9
WPIn2NF5nd4CuS4sE5+0anSK8/b4ernCxXoPsHCWz3eL2BQ/+sAOHqUZy1oJreRF
1zuzN9MLUHXaRguFs2XlBKqrV/3z+LM1OjfPGVeDqKA1DKAPMO2Dy6W2oxpYB1CF
NFUN893rlAIIWozwMT6kPT5a/rQtfTrTTDbf06bLTQjZZaQIH05DkBzgtZZdqVax
n2+o+CeAArQVKlzcuhR2nBn8QhRA82h6PxBCxpOEuhEdF2FpNC7Rhq4TnlEioJUc
X5UCnAOB+fzbYPvOL/MU+HcN2z6F+DJxRqx/cd7oDGpDiAImq9E=
=2kwn
-----END PGP SIGNATURE-----


Reply to: