Article <FjO37-geKz-11@gated-at.bofh.it>

Deutsch English Français Italiano
<FjO37-geKz-11@gated-at.bofh.it>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod
From: Moritz Muehlenhoff <jmm@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5260-1] lava security update
Date: Sun, 23 Oct 2022 20:40:01 +0200
Message-ID: <FjO37-geKz-11@gated-at.bofh.it>
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Sun Oct 23 18:38:37 2022
Old-Return-Path: <jmm@seger.debian.org>
X-Amavis-Spam-Status: No, score=-113.645 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.255,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
	LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3,
	USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100]
	autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date
	:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=BQ1qLTFu5OcA6EYapPtSO3In5OgvLbKtmjOOtCwgT9E=; b=lM
	45i/lwyBk6WhMJG8Tyh5VXYFOdqVuKa+BrMwLHt4sgm8FCBBiFRKZydzcoB1+iTBdC0Rp2l8SqWBJ
	d8sr6hsiNp+PytPrrQjSWJAmLRRwNdsuXYQnNfJw4cKvqHSfcpMWDvG46D6lGRgOtPFaEPK+im+M7
	Y6nHVYdW9v6D1Q266wJwy/FS9kUBlfZo9JS2VIfLkaI4td6tBxa2P5kC/A9WeSwVYWyOLk5Cnp8mW
	xFfhzefk0iNDv+qDoBcGXb0U6MqhdrxILPOl9iYgRGpElqAtPu+gYHfo4d8M9V/dfUPI/Bsk5FUSt
	IJcy6HZx9U9y1QRcrLnoWa4mJbXYnfWQ==;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Priority: urgent
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4159
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/Y1WKFiTNXrwfB0yR@seger.debian.org
Approved: robomod@news.nic.it
Lines: 47
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Sun, 23 Oct 2022 18:38:14 +0000
X-Original-Message-ID: <Y1WKFiTNXrwfB0yR@seger.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5260-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 23, 2022                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lava
CVE ID         : CVE-2022-42902
Debian Bug     : 1021737

Igor Ponomarev discovered that LAVA, a continuous integration system for
deploying operating systems onto physical and virtual hardware for
running tests, used exec() on input passed to the server component.

For the stable distribution (bullseye), this problem has been fixed in
version 2020.12-5+deb11u1.

We recommend that you upgrade your lava packages.

For the detailed security status of lava please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lava

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNViSgACgkQEMKTtsN8
TjbTZQ/+PZMyV4LA6box8yB3VGBSBfh4NSDKqtc0YqmsBhMFbiXAtSqNfxr93GEI
d+e6cHdGJQn73g0gLj/N70922Qz7k+nC7+kjDBul19S84M2gp5O9OWaOgXwZVBS2
BFJQkdGz4yG1bp94GxX/S66q1podS+NWFP6M87OD3eB/XnBUIPYj9K+ItUiSwr3X
NiXvqF1ocItc4yGjtJDM8Dh7avYL0mVLJ+VEZV3x2JVGR2ytTDOQOT9MOiNl5aG+
PziP8nzxUN4XcS5vSjFQjCNrfEJ43vCR5n20KBFMgTA8NlRGqKhElHuel2MC2R4U
reOnw7l6/6b05aaUfXJhi94KZx8/4ZEniL7MF6WyGmCnXp2oRlEM07U+nefTOo2q
PbPfEm4fFYajFVSO7Spq4GbSYdDku1/83zoa1BFOw3UU2YQhYfNFhmcR6cLoqdVw
vjitSbIfysdtvWWXef0q1cdmI5M1GWfiuIOstUQsleOQCBDxqMyGtxoZzvwwDyAt
eZe8dV8iBwgDPYwuii40l0/0npSVEsmwMUCz6K6D0b0AxmGmAf487c64WErQhlRF
9dl/VYzwLtPJNweEUC3y3CwhrdFu1J3w/4Blj0+ynnMgqUENwMFvCTJlitbMy74o
DUY3qu3tGE52FGCODrct5ksPShI9KBAyE7DDlnsapJjV0yuvxZQ=
=b+Kz
-----END PGP SIGNATURE-----