[SECURITY] [DLA 4238-1] sslh security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4238-1] sslh security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 09 Jul 2025 14:40:07 -0700
Message-id: <[🔎] 175209371683.103644.5879817418738138646@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4238-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
July 09, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sslh
Version        : 1.20-1+deb11u1
CVE ID         : CVE-2025-52936
Debian Bug     : 1108284

It was discovered that there was a so-called "link following"
vulnerability in sslh, a protocol multiplexor often used to share
SSH and HTTPS on the same port.

For Debian 11 bullseye, this problem has been fixed in version
1.20-1+deb11u1.

We recommend that you upgrade your sslh packages.

For the detailed security status of sslh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sslh

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmhu1BEACgkQHpU+J9Qx
HlhXPA/9H7uCmd+a0Lhwf+AhhW/z5dOIsHM+T7hw8mwXlJnOldKGYPS8bgtn7OJN
Sh57T6lNh+NEZ1Vym4x2xnlR/V/EtTkkNWkzCVWgR7bLmjLORd2Do/HirvfTaGHf
VFHqYeIXWvx1uGbts7YttQVnGqqW2e9OmODAtZDKJQ4uFfoFzZJfBxxFLahTtv5r
o69qZTteGHB2sX1JKhtrCeuPaj+AYWzOIesWEiKb1xHMaK2oFrgj587tikNX/NtF
kTrBq41kKxrGCimchLUIPgnv2A4j6SJuj8cOE9OhnIMvROxM3wJXTP3S1WJwalwQ
y1o9gfu4WNi8H8PpMMWJjlwZqSG+TQpQ5EiqqaFMz9dUSgVsJc/WI7PxpWeNwn2f
wU0iBbQqoNjL2SX3E0e2xd5PDCTuNAWYW7kVMw3LIANFicDSm9/uLwSqBdIf9i1C
PyPn/++hl/9lXcOUvjqvJa+Gfpaddo/q+WZfPFFlUbsvomErrK25qrgm8MvlIJfO
FWf4CIjgRazqR96T551Apm6ogKEg/Snv5cpZEpEVDkw5rlgXGR2LD3QOFUKnktJa
NKSndx9tzz8H36igQaX22qhoOCU6dXNWKTUCD6Kmo132gSZCMQYVvoyZe3VAXRVY
0J/juFXEJ1LT+dBIk+vwJmmAIwOIyzDfEVCCJa2q5I9AK+XK6F8=
=vgzg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4237-1] xmedcon security update
Next by Date: [SECURITY] [DLA 4239-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 4237-1] xmedcon security update
Next by thread: [SECURITY] [DLA 4239-1] thunderbird security update
Index(es):
- Date
- Thread