home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.announce.security      Debian security announcements I think?      29 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 29 of 29   
   Salvatore Bonaccorso to All   
   [SECURITY] [DSA 6000-1] libcpanel-json-x   
   11 Sep 25 21:50:01   
   
   From: carnil@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-6000-1                   security@debian.org   
   https://www.debian.org/security/                     Salvatore Bonaccorso   
   September 11, 2025                    https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : libcpanel-json-xs-perl   
   CVE ID         : CVE-2025-40929   
      
   Michael Hudak discovered a flaw in libcpanel-json-xs-perl, a module for   
   fast and correct serialising to JSON. An integer buffer overflow causing   
   a segfault when parsing specially crafted JSON, may allow an attacker to   
   mount a denial-of-service attack or cause other unspecified impact.   
      
   For the oldstable distribution (bookworm), this problem has been fixed   
   in version 4.35-1+deb12u1.   
      
   For the stable distribution (trixie), this problem has been fixed in   
   version 4.39-2~deb13u1.   
      
   We recommend that you upgrade your libcpanel-json-xs-perl packages.   
      
   For the detailed security status of libcpanel-json-xs-perl please refer   
   to its security tracker page at:   
   https://security-tracker.debian.org/tracker/libcpanel-json-xs-perl   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjDJWZfFIAAAAAALgAo   
   aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2   
   NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND   
   z0QcGBAAhomvzAkpvE/ZVP/0sKTUzWTxCJlllzjtYE7H4yNw4pUwE8Dvyb/sAtt5   
   aUcqrobxUAvwzZZ31OYGCXeq5INuVlfzBUvoAnQDO370vdMaqqZKP0Vao42hurGb   
   tc9j+/+e02vn9EuGqjM+eGhhHdyZ4OFTBE7BuP1PniaTyFGTvnX/9nYBpVbmg7QT   
   BIzabjHMaal4LvUzzJbfqMZ0bMKJ4oEo3f/NRGJklwnx0FB7iDR/6Rul4kAKKCE+   
   jivrN+DW4Iz0bOAIsNSM+Rxhupd4gK/AOKN4ljH4J2Vr/BJRTgJG+yFfEzp+eKed   
   CE64gKmJTyuze3zTPxTEq3SjBpYES6cttmekN4hz0bZTfTVp+r5dUC0r8yuToEng   
   EZC1NxBPsd7XgvXZWLl6eodKoMY3igPzlPE6bJaK9O5AdfXi7aarKMMtsrw1NFUw   
   euK8WKEkY23+O3maYM7R4TeT3XYaSDlHzJbfhEFFr/vlP/GmI6jQK1oZQpDsEUue   
   0rb5WtvB8nptZgDc0SpJdkEacBrz6IDU3cZNfosNIRgrPnorkpAYHzoHjk4DWwtb   
   ZxLj8NvKxgp62pwkNf0hzCQOIFO4bnazSLC6EgBpKHfPBNU63ny9VTVOofn+orfx   
   l6X1JxrlO4DXxTAM3jvc/rPg1MzH5zkjc2lD94Ptsk6BnJhClPw=   
   =OXGz   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca