[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 795-1] hesiod security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : hesiod
Version        : 3.0.2-21+deb7u1
CVE IDs        : CVE-2016-10151 CVE-2016-10152
Debian Bugs    : #852094, 852093

It was discovered that there were two vulnerabilities in hesiod, Project
Athena's DNS-based directory service:

  * CVE-2016-10151: A weak SUID check allowing privilege elevation.

  * CVE-2016-10152: Use of a hard-coded DNS fallback domain
    (athena.mit.edu) if configuration file could not be read.

For Debian 7 "Wheezy", this issue has been fixed in hesiod version
3.0.2-21+deb7u1.

We recommend that you upgrade your hesiod packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliGiiQACgkQHpU+J9Qx
HljIog/6A73rjluvxV8H9H5WLhMi/K/DFRl6x9i9VqobzxaWyooHnHQI/+zMAq2x
JvW5lL0CIm9M0Mp0c1YGE/dlI1FoZGv+/aSCEm2Rzmgn/VwxVZ74gu0oTJJig3de
NIB1A8Dwjcx0zKvBO6hHCgwtjpCopPSBFxoFwkLdsx8TVLDSu4iH6NTmzQM3Rglh
M18Ba8Ro1g78RtBbt/57H170tLJftuWEkdC3y6u5QmOXvczMejv0MdH/38Q67J6Y
VTq8Y8ip7xq5AekRJNsV2W/+yFGcf8q0cY1fWAqmyPn4gJfneBis9kfki0dTCnLN
oIHxJnKASsnEfZ4VrPrKHoxIapWUkU8WaxZopdY9Ll6uWaZEiFjUTX3Dx+QyBd+6
DbBkDoYubCI+tahmT2IcMnljKnbfprWyZadTXyPRny8O+Ta1eORWUxNhuw9IRVSY
pV/gMkSgzBmGgnixDXeAJ1kmh7DEWyIYoEkxxY4ONpvSnsoK+jHmbWOWLzCgN6rc
5GbY0Tfh4LQ//WUz3VoFtSEk60mENVyTgygNlYbaeImMiDHM08kptiKlmojASejG
QJtqIOQHL5ksZRWbN2k/o+yPolEdXXAfT5cUmlJxF9+RmKc4sKa902Cgnux9f548
0mAbC7+dhvU3AHx2HtxieSXjHD7r2Wg7rCthrYeqN5pmaAM0yb0=
=9tes
-----END PGP SIGNATURE-----
Reply to: