[SECURITY] [DLA 2455-1] packer security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2455-1] packer security update
From: Brian May <bam@debian.org>
Date: Thu, 19 Nov 2020 08:02:24 +1100
Message-id: <[🔎] 20201118210224.GA1722262@canidae.wired.pri>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2455-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                            Brian May
November 19, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : packer
Version        : 0.10.2+dfsg-6+deb9u1
CVE ID         : CVE-2020-9283

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in
turn requires all packages that use the affected code to be recompiled in order
to pick up the security fix.

CVE-2020-9283

    SSH signature verification could cause Panic when given
    invalid Public key.

For Debian 9 stretch, this problem has been fixed in version
0.10.2+dfsg-6+deb9u1.

We recommend that you upgrade your packer packages.

For the detailed security status of packer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/packer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl+1i6kACgkQKpJZkldk
Svoj+Q/+MCj8B1I+bFcG+bv05XwnCk5sgQgdD5fNdWpJ3W8hVc/l2IYdEk0SiyDE
SMJfBy5Q3Ttq0i0oo0zs5BrHY3+3fsuBZSKzSHxfL0AURheIk6xuKQ33mG5x5elO
eABqUE6sXasaqTy1QR/MT9JAiRpkMPHyQCuWyP95fJQJwdf77fhS6RpeyqsVeVI6
MsS6Fn8VYe0e0GiB3udXRwiMFxfMLXbBFL1XVYK1L60TqhgljoCgXhbgnlPacFXm
5eheDHJfBx0sqtOyej2n+JqLIZJYfVkxFezt04hyG4L5861BfeEby/Q1avEI7Gjp
ZeUxQKUgODnpmZhc4pK2xxGBdT35PSF7YDLqkWXyLynOW4v83u7WjRbxSXcF+8EE
bl5zfP75Z02cX1xOAZo1KnByLkBcBoIUeBd0KNjRMFcmRA4EgSrshKlA084Oa3ui
qoUOuoo/Bxl2ZCjaLAo2aZB8zGGIiJPRNV0L1CXjAA2QrTY/IszglNQpn5J7h2Ga
9zRRh4z29tHj7aT/DYKgVpxtsdSHEkpYEZriQb89AQs57ga4Y36zL9hlG0YmwYPp
0tMY/1993hpC65dPRHRKndKq9p9b+xsuNVGVKLpr2vCoZUQtJh+OEP+8HT1GqEY5
Nv9SZ3Q5e/SbhYLHKCXT2XDklszgEjrJfe1UIV7hKP5mZjDenC0=
=+L0M
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2454-1] rclone security update
Next by Date: [SECURITY] [DLA 2456-1] python3.5 security update
Previous by thread: [SECURITY] [DLA 2454-1] rclone security update
Next by thread: [SECURITY] [DLA 2456-1] python3.5 security update
Index(es):
- Date
- Thread