|
|
Subscribe / Log in / New account

Debian alert DLA-3028-1 (atftp)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3028-1] atftp security update


Date:
              Thu, 26 May 2022 23:37:23 +0000


Message-ID:
              <alpine.DEB.2.21.2205262334040.29052@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3028-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
May 27, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : atftp
Version        : 0.7.git20120829-3.1~deb9u3
CVE ID         : CVE-2021-46671


An issue has been found in package atftp, an advanced TFTP client/server.

Due to missing bound checks, data could be read behind a buffer so that 
sensible information might be disclosed to a remote client.


For Debian 9 stretch, this problem has been fixed in version
0.7.git20120829-3.1~deb9u3.

We recommend that you upgrade your atftp packages.

For the detailed security status of atftp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atftp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmKQDzNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcfEg/+J72HF6LGn6v5AsQ0qC5zSbQGYggaarEnlumZnszETbyK0evjXEbvhcWr
WVqAtAnNdq7GacryDUW/I4APGZomwl68xAxh0i/P4NvoKGbXmfrcg5oVxj0tgZjq
810dovgiwh8Lrg8apiy4j7Xd9iIZXLm+1CkLOjltPbh35+nJ/RUtCatMXwaIZyal
12K5d2ZO91wT+A3AqQHuhz+S/jEJpEE1OWhNhJnqtY7Sel7gvFzhW5KVHrmJZ9zo
dUA6ZtMLgyj/F/ymwewJ1xyIRcx35W+bYTgsUO0pG6B2pSaVrnf8s3fmZbSKY0qy
hQ7uTCqZa5LlMpjf2tM/wA2/xUatiTQG14ylzymjhH3d4uiSRz8dIlJVmdtSPRVJ
hNw4jdBvrxTa+mC5HP9BSouY7PNi4BVGD6ODdsPgH9RRlJF37IVz2dRQfVilCPxh
g4Y84ZVL9/xyAo4gNSv0dGJAiA3mMCbWmYDaFtcg5iPkgwrJ5Cn1DC1NlppwTi9B
AwOMLp2Iy4t83/Veg/X677jRDWXQCVPT3Zg3PYKMIz267bTCe9XJgwZDTUv+fHP6
97HXuEswh887K+ZgJy0aK+XfSo5FVP1UUzSQewDLGbBBA3Py8ILk7cO9LIc5bHR5
wo0OLMHNM0oPbjFO57npFO4Zwfv+oj/FUh4ivGfm8YejaeUFKS4=
=yRBO
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds