[SECURITY] [DSA 5041-1] cfrpki security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5041-1] cfrpki security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 11 Jan 2022 21:54:05 +0000
Message-id: <[🔎] 20220111215405.GA8381@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5041-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 11, 2022                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cfrpki
CVE ID         : CVE-2021-3761 CVE-2021-3907 CVE-2021-3908 CVE-2021-3909 
                 CVE-2021-3910 CVE-2021-3911 CVE-2021-3912 CVE-2021-43173 
                 CVE-2021-43174

Multiple vulnerabilities were discovered in Cloudflare's RPKI validator,
which could result in denial of service or path traversal.

For the stable distribution (bullseye), these problems have been fixed in
version 1.4.2-1~deb11u1.

We recommend that you upgrade your cfrpki packages.

For the detailed security status of cfrpki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cfrpki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmHd/DMACgkQEMKTtsN8
TjamFw//Xp8cdyNRxyeFrg9aH3H9xFVozYVXpGSZMRSoFDgrCW1BZuKPgtYH5Goi
zUjPYRb3w5ETr07ZJ2c0lmjONxFjRBm2t7T/7Yg5nYBy0uD80d6My095GLBDuSTz
bOOHXfcZInUAoc4Mlg3dFWHlJtI5W56R/t5TaBt2EBbxnCkIUcpxdCGq8eTL8uOi
2gFJms0ROkQpuNS4HH5A2b5IWEtZ59CqYkTmq9lIfUnuQXBxP3qGc6UxIjEPHz9r
9qck3lCiFKMvxN2mZ4dYMUFUSYbXRFfVVPQndtxQMII7Z60usFfRTUamEFqm/FAx
2AjrJ4hmtrCEPHcHMCocpE6YMgmaAQcl9DLnosVon8kFWpEk4i7Hv4Dh7Szq9GAk
h+miguOB4cR4NNaE9ZQ6RL2mhe/Rw7RFBnsLreMZ1wkqiHOyBH/MtUSgqGynsUbV
PbJLA8kyBGaoVx2Goc2dNdkWDPwJhEjw38B2Uo+7ay1I11hw7B7Bkp2AECK+gJaM
1CJ0dIeiq7adHZtIadIjL5gsihF3EQFcmmqJDqWH2dxrwNrtwYPVzV3cZVoRmc9q
MjPC4hauxDdgAXFAtrAPqrk50yBU1Q6tZZYjDPU8ZePq21LIHGNDeFbxUbN81DI5
e06MZbHG49n3hI4wOO3VQta+Cb/MAqvAKTlZuUUjdTS4Dtxf29A=
=n8pD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5040-1] lighttpd security update
Next by Date: [SECURITY] [DSA 5042-1] epiphany-browser security update
Previous by thread: [SECURITY] [DSA 5040-1] lighttpd security update
Next by thread: [SECURITY] [DSA 5042-1] epiphany-browser security update
Index(es):
- Date
- Thread