[SECURITY] [DLA 3084-1] ndpi security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3084-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
August 27, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : ndpi
Version : 2.6-3+deb10u1
CVE ID : CVE-2020-15472 CVE-2020-15476
Two security issues have been discovered in ndpi: deep packet inspection
library.
CVE-2020-15472
H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c.
CVE-2020-15476
Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle.
For Debian 10 buster, these problems have been fixed in version
2.6-3+deb10u1.
We recommend that you upgrade your ndpi packages.
For the detailed security status of ndpi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ndpi
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmMLOuQACgkQ0+Fzg8+n
/wa5EhAAk2gRn9sJAlealaLCTNtatgM1VNAS6+qans3GFqUd++lzcD5DX1i2e6Tx
lOR55eWNLeMqx3wP6w67Ik+uPvEfmPg6AKk/EiGkcgRfw8A5ZFdAXfg8yT7cC723
X/9qK7FepHR0cB297vzXezrWggV/Mjbsbfx3ZfMyUiS5S4iwSR5sqsNNXdLkudKC
E3AymRsUKhOty6TSCRilNOd5kvORx9eJvUUTJca8Tfo6LwTQBCRWyTX6hU/5gQqP
el5n2K+MZJ5eV0+ckrj8w8dCLT5y3M+/qgZGSosOMdqKSDZrNzDdvuUF8EKSjN6z
4H+ba5u4Fxr6oDCC4V4uCijsSTvbslH+XwGMCKGABxPL3Yq+ldC7H9mZIi5bJEGr
gwu4iEeIAzIlTPdLvyycBqgLPV8S2Dzv7HV5Z1SXp6f38fUBczBTyq0kBSXkivOq
tAH6eKGtqkiW1VXY1JSCl197GaxDrHQkBdFG3bDI+3hX0Kx9MN8qXBc0mShOkGep
788dVF38OL5BtOLVRwTLCsqGX2+mZX1hA1SgvZ8v3wg4Y3gZoIP/p0UYNsa3XFEV
DZ3QamPS/YZlWhLfa05sTC+CaM5+W7SYkTaPT84wpyPd3//XaXYUuK+LUxBnkt7N
t9PCZPXxSc+xlsECEWadAiXvTVDN7Q7iBkjuqps19PcQy4mMQjs=
=ufUV
-----END PGP SIGNATURE-----
Reply to: