[SECURITY] [DLA 2699-1] ipmitool security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2699-1] ipmitool security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 30 Jun 2021 22:18:17 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2106302214560.3405@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2699-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 01, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ipmitool
Version        : 1.8.18-3+deb9u1
CVE ID         : CVE-2020-5208

An issue has been found in ipmitool, an utility for IPMI control withkernel driver or LAN interface.Neglecting proper checking of input data might result in buffer overflowsand possible remote code execution.



For Debian 9 stretch, this problem has been fixed in version
1.8.18-3+deb9u1.

We recommend that you upgrade your ipmitool packages.

For the detailed security status of ipmitool please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ipmitool

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7alfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdLZw//QPqnmoa9Xnq2pOpiKRtorYNLPbHDefjoZ9M57IsnhPLWGWguWYHa7DsE
c1rZEDsuCJL7etYXQ3YlKeM0cJjf/FMd51BwmpC3vf0BmmlmNFLNr7jxaYnnId+M
9dIyglkfMP9UAba2zCrPOWIgmmjYUGVjf/UBOS/x+A7ee9pFeWjHw+OX2J6rcrEn
iImoIUvw6cniG3otFgYN8rocLj8CtY6srVZbhYr/QHjZjz8n1IaFTLKMSIRWk0AR
cF1fXV4tambhCYAHFcZwwBCsaaGVGFx+iz8A+RFOkeD609LWXG1g3jlvWTeFLBKo
RtQW9GjO04IXFdh0/9gogImosX6ZTJWXC+/pcCcZhEgp2RZmEjyoYKZtH0NN3rMb
LMmchBQ5DbSAkeGH/qBTF+Zpfn/WL+wkjeiBTL+ycFtGQfvQZAqu/Yz5nVU3uqp0
0jNUKbdCaztsWOzjDCQKD8bDQ0vrC5hbMQw37Q/1BCyxbJcXRDjasXv6YYtXzANU
wEM/1V86Jf7FqoGIAMk7KMqneQ/1O+c+Y8O7CKu9Ed2Fd8I8fYTnLZpC2OdU9rKW
7ms3xWEy/IJjKUY2HApv86E4pu4rwiXmPGiVV4px7XUEa0uvENWpjQiHLFu9ykSd
FmIa0DjirCnKwtL7mhHgZqAVMpc84KSHbkkASQqCieBTlHD43vw=
=Gjr/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2698-1] node-bl security update
Previous by thread: [SECURITY] [DLA 2698-1] node-bl security update
Index(es):
- Date
- Thread