[SECURITY] [DLA 3231-1] dlt-daemon security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3231-1] dlt-daemon security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Wed, 7 Dec 2022 17:00:04 +0530
Message-id: <[🔎] CAPP0f94pKxsArT5t0oY0LkTpqoW_A9t-J5s9vZy8pp_xqG6A1g@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3231-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 07, 2022                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : dlt-daemon
Version        : 2.18.0-1+deb10u1
CVE ID         : CVE-2020-29394 CVE-2020-36244 CVE-2022-31291
Debian Bug     : 976228 1014534

dlt-daemon, a Diagnostic Log and Trace logging daemon, had the following
vulnerabilities reported:

CVE-2020-29394

    A buffer overflow in the dlt_filter_load function in dlt_common.c
    from dlt-daemon allows arbitrary code execution because fscanf is
    misused (no limit on the number of characters to be read in the
    format argument).

CVE-2020-36244

    dlt-daemon was vulnerable to a heap-based buffer overflow that
    could allow an attacker to remotely execute arbitrary code.

CVE-2022-31291

    An issue in dlt_config_file_parser.c of dlt-daemon allows attackers
    to cause a double free via crafted TCP packets.

For Debian 10 buster, these problems have been fixed in version
2.18.0-1+deb10u1.

We recommend that you upgrade your dlt-daemon packages.

For the detailed security status of dlt-daemon please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dlt-daemon

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmOQeQsACgkQgj6WdgbD
S5ZnwhAAj0xKxHgJeDvhXAw8Fxonu2px0NfLYDz3nJb2anbiCIzNMNw5ZJDy7uHp
H8FSxOWqTVizmRtT//A/SDaYLHc4U+HcSp0L1cMc3tb4Oh/0ypzOw1/YsOm7z9pg
otepGlGpD8r4u9WsROAC4HlZQ9i2ra3PcC6zrYrHtacEsxunjB6bzlrmKlB5vEMy
GaB/6QVNLoIda5rovff132Gdozq9P4mqYVpo2wWdwr2nnc8man7Kwj8AOTV14p+d
nTYNkiBHCRHMvHBUDx8UZg5Xvl6/VhFosOYk5kjtvyBkR0ozyz/Wkr6fJZE8vOFU
zbfE85GT+sh3h/L7muUE0Kft1C+vMMPjRCwRGhP+wrhzAnTOuelx1pp2q9eY5yDO
/Sn7gWdL4lmx+ly+lbXZljdwGweuKnG8Qrjxl9SePGRYpxkwXqwHtOVbEv6Shp3t
4Kqg5TwKJ1NfsnAT4AvUsHz4ULdg8hLAkb+s9jjWgfMR04snPuwv3rIhU0nZOD3Q
9KnxsYF9O20ZQbBd8xJUgQl+pDcvrlur/4nTnCIzUFMkY5wRx6PtySGeqSi0VkUY
Ehc9PiEdQaHlpmT+sfMFstOUvbvLM2X4u5M7WZi6WyoFPzdHx54eyGk82PSQ+RQK
atb3yNVD4fp4TtkB9ja1q/TJUh+DuCwJAfFCE80Zdj+JZTS1zoA=
=4FfO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3230-1] jqueryui security update
Next by Date: [SECURITY] [DLA 3232-1] virglrenderer security update
Previous by thread: [SECURITY] [DLA 3230-1] jqueryui security update
Next by thread: [SECURITY] [DLA 3232-1] virglrenderer security update
Index(es):
- Date
- Thread