[SECURITY] [DLA 795-1] hesiod security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : hesiod
Version : 3.0.2-21+deb7u1
CVE IDs : CVE-2016-10151 CVE-2016-10152
Debian Bugs : #852094, 852093
It was discovered that there were two vulnerabilities in hesiod, Project
Athena's DNS-based directory service:
* CVE-2016-10151: A weak SUID check allowing privilege elevation.
* CVE-2016-10152: Use of a hard-coded DNS fallback domain
(athena.mit.edu) if configuration file could not be read.
For Debian 7 "Wheezy", this issue has been fixed in hesiod version
3.0.2-21+deb7u1.
We recommend that you upgrade your hesiod packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliGiiQACgkQHpU+J9Qx
HljIog/6A73rjluvxV8H9H5WLhMi/K/DFRl6x9i9VqobzxaWyooHnHQI/+zMAq2x
JvW5lL0CIm9M0Mp0c1YGE/dlI1FoZGv+/aSCEm2Rzmgn/VwxVZ74gu0oTJJig3de
NIB1A8Dwjcx0zKvBO6hHCgwtjpCopPSBFxoFwkLdsx8TVLDSu4iH6NTmzQM3Rglh
M18Ba8Ro1g78RtBbt/57H170tLJftuWEkdC3y6u5QmOXvczMejv0MdH/38Q67J6Y
VTq8Y8ip7xq5AekRJNsV2W/+yFGcf8q0cY1fWAqmyPn4gJfneBis9kfki0dTCnLN
oIHxJnKASsnEfZ4VrPrKHoxIapWUkU8WaxZopdY9Ll6uWaZEiFjUTX3Dx+QyBd+6
DbBkDoYubCI+tahmT2IcMnljKnbfprWyZadTXyPRny8O+Ta1eORWUxNhuw9IRVSY
pV/gMkSgzBmGgnixDXeAJ1kmh7DEWyIYoEkxxY4ONpvSnsoK+jHmbWOWLzCgN6rc
5GbY0Tfh4LQ//WUz3VoFtSEk60mENVyTgygNlYbaeImMiDHM08kptiKlmojASejG
QJtqIOQHL5ksZRWbN2k/o+yPolEdXXAfT5cUmlJxF9+RmKc4sKa902Cgnux9f548
0mAbC7+dhvU3AHx2HtxieSXjHD7r2Wg7rCthrYeqN5pmaAM0yb0=
=9tes
-----END PGP SIGNATURE-----
Reply to: