[SECURITY] [DLA 3084-1] ndpi security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3084-1] ndpi security update
From: Anton Gladky <gladk@debian.org>
Date: Sun, 28 Aug 2022 11:52:45 +0200
Message-id: <[🔎] 20220828095245.0B1A24A020A@localhost.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3084-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
August 27, 2022                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ndpi
Version        : 2.6-3+deb10u1
CVE ID         : CVE-2020-15472 CVE-2020-15476

Two security issues have been discovered in ndpi: deep packet inspection
library.


CVE-2020-15472

    H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c.

CVE-2020-15476

    Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle.

For Debian 10 buster, these problems have been fixed in version
2.6-3+deb10u1.

We recommend that you upgrade your ndpi packages.

For the detailed security status of ndpi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ndpi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmMLOuQACgkQ0+Fzg8+n
/wa5EhAAk2gRn9sJAlealaLCTNtatgM1VNAS6+qans3GFqUd++lzcD5DX1i2e6Tx
lOR55eWNLeMqx3wP6w67Ik+uPvEfmPg6AKk/EiGkcgRfw8A5ZFdAXfg8yT7cC723
X/9qK7FepHR0cB297vzXezrWggV/Mjbsbfx3ZfMyUiS5S4iwSR5sqsNNXdLkudKC
E3AymRsUKhOty6TSCRilNOd5kvORx9eJvUUTJca8Tfo6LwTQBCRWyTX6hU/5gQqP
el5n2K+MZJ5eV0+ckrj8w8dCLT5y3M+/qgZGSosOMdqKSDZrNzDdvuUF8EKSjN6z
4H+ba5u4Fxr6oDCC4V4uCijsSTvbslH+XwGMCKGABxPL3Yq+ldC7H9mZIi5bJEGr
gwu4iEeIAzIlTPdLvyycBqgLPV8S2Dzv7HV5Z1SXp6f38fUBczBTyq0kBSXkivOq
tAH6eKGtqkiW1VXY1JSCl197GaxDrHQkBdFG3bDI+3hX0Kx9MN8qXBc0mShOkGep
788dVF38OL5BtOLVRwTLCsqGX2+mZX1hA1SgvZ8v3wg4Y3gZoIP/p0UYNsa3XFEV
DZ3QamPS/YZlWhLfa05sTC+CaM5+W7SYkTaPT84wpyPd3//XaXYUuK+LUxBnkt7N
t9PCZPXxSc+xlsECEWadAiXvTVDN7Q7iBkjuqps19PcQy4mMQjs=
=ufUV
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3083-1] puma security update
Next by Date: [SECURITY] [DLA 3085-1] curl security update
Previous by thread: [SECURITY] [DLA 3083-1] puma security update
Next by thread: [SECURITY] [DLA 3085-1] curl security update
Index(es):
- Date
- Thread