Debian alert DLA-2064-1 (ldm)

From:
             
 
"Chris Lamb" <lamby@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2064-1] ldm security update 
Date:
             
 
Fri, 10 Jan 2020 15:06:58 +0000
Message-ID:
             
 
<94ea0aa6-5f6d-4cfc-b108-83ce0c394fd9@sloti26t01>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ldm
Version        : 2:2.2.15-2+deb8u1
CVE ID         : CVE-2019-20373
Debian Bug     : #948538

It was discovered that a hook script of ldm, the display manager
for the Linux Terminal Server Project incorrectly parsed responses
from an SSH server which could result in local root privilege
escalation.

For Debian 8 "Jessie", this issue has been fixed in ldm version
2:2.2.15-2+deb8u1.

We recommend that you upgrade your ldm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4YkwMACgkQHpU+J9Qx
HlgdUhAAvqidGimvnMZyolTY9K2V5Ir1fDo/2eFHj/EAwLO09Miffl+A7cjhv5ip
8Om75CkacrlFehAPQOZ/Zi9Vpdl77G2m73ab3NpWApcFa/4vb8jFpM0VC7XP+Yi5
jeHl/hapszxyXMs/wQi8UoT9MD0Ju2zXQvHgDFJYCOTLAK1vLxPm4bd65lbA4ZJD
RYaqJGNzxJXhuJnejP2sywh9sRIANaqeR4NXkXpaf++y1j2IHld1DT0Se5RwqTZ9
ObY5rnr+uyudIJKemOOEV0dQfJ2/NQ9h7s/WLeLHz9caqs6YHSQ0o508FgMgxf/Q
U9mjPL2F0cbg23ywH0Yd4P78PATFX5YbezTPDnWbMIMnXP7oe+HxbceC7v10rukC
OKC78z6iHQj4/btUJAS9zGyE3SrrSayTPoodbvlCoYu0ViDxSuhxMgCeQzF4Jpcg
Oa5KbaY5kgCj6WWrLMIqJB/aSPyfJtZ/3oxfmV2q1gROaDDwi3Q1ZDWqOQeER8KD
6NBjeemzL9U170GQjpP7KHJP1uGnMNlrnKjAzpUY8t3rsTZFdhaj9gDhwj8chcm2
RfOEYRLZt6B6Tcjfpe46Z1DvUTbmlO5u4r9KX+pljT2dTYtFshmfBwJQQocHbsm3
mrs0eCWwjNMByMOcHK3Z5HqAS7FZSE6AqPfNWeRPYckJeyh02O8=
=jpgo
-----END PGP SIGNATURE-----