Debian Security Advisory 4312-1

Debian Security Advisory 4312-1: Posted Oct 9, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4312-1 - Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2018-16738, CVE-2018-16758; SHA-256 | 12f934845282e1117b3a4712f22ac0003bea74a7179d6bb6b6059f907a674e9e; Download | Favorite | View

Debian Security Advisory 4312-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4312-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 08, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tinc
CVE ID         : CVE-2018-16738 CVE-2018-16758

Several vulnerabilities were discovered in tinc, a Virtual Private
Network (VPN) daemon. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2018-16738

    Michael Yonli discovered a flaw in the implementation of the
    authentication protocol that could allow a remote attacker to
    establish an authenticated, one-way connection with another node.

CVE-2018-16758

    Michael Yonli discovered that a man-in-the-middle that has
    intercepted a TCP connection might be able to disable encryption of
    UDP packets sent by a node.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.31-1+deb9u1.

We recommend that you upgrade your tinc packages.

For the detailed security status of tinc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/tinc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlu7kBdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S4fg/+JoS522AqBOO+Oqs9ePNh8OAVeQTfJL8ITyRqphrkxaprJPxc6Kfubqqs
bYRhiLTSfRvNB/BzP69f1dp6nKoB7MDS/mTDgT5IvmhzS8bAjbY7VvXInSB7CMdd
mLKwqNKpgfIZSIBA/PeCzdcjwPTZA447/LgleTzjFI2I6XrUkk7pUIpGpWu2KpgI
aXKcuLcPA1bDPuaek7URMTew2x5u3fy0oM2dPzeFk3rcPAOk/W5nu+StbEWdxNGY
IoaLNcDWt5HuFaL8Y52HJgAllcxLTWh0jcmmh3D1P8x90ilv6+FsBow9LFMGSc5s
XsC934NszQ6QiyCxpR8GAZ+8kttWC53dE/w+0Rgm5RNyzU9GOOyHE5VO3moL0cVN
83fmAdSXg4S7TbOSugLPbz3+k1Cr/ibrzM9FlwQudmvlnopsGX4asrSyt1aVYF/I
hAv8OVLNE8md12BDZuvq+bghXDZASMfLizCk3NFkaffjex20zmrcuo3/nn2Sv8AH
9grUjeZ1cFLeKixl6e4rWw4vQBNxhHZntWDCyiUrkdaSGX63I3Jx1viCS0sj8sa9
Zr/BksW5+5aV/K7orc2Ir6I7L2jxoMw0fudnflG4CeiMV8Q1Wxu9KdfcPuiQqGqT
ANgQzOf5g7oOtxGxnmndWbP6al7bv9YeaEbw2xuyi6sRMo2624o=
=o+91
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4312-1

Debian Security Advisory 4312-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4312-1

Share This

Debian Security Advisory 4312-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems