Debian Security Advisory 4093-1

Debian Security Advisory 4093-1: Posted Jan 22, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4093-1 - Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host.; tags | advisory, arbitrary, protocol; systems | linux, debian; advisories | CVE-2018-5704; SHA-256 | 777db35532db3a19ea95735a3d759ff726c656fed384a35e50a1dc283d2e50bd; Download | Favorite | View

Debian Security Advisory 4093-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4093-1                   security@debian.org
https://www.debian.org/security/                                         
January 21, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openocd
CVE ID         : CVE-2018-5704
Debian Bug     : 887488

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS,
was vulnerable to Cross Protocol Scripting attacks. An attacker could
craft a HTML page that, when visited by a victim running OpenOCD, could
execute arbitrary commands on the victims host.

This fix also sets the OpenOCD default binding to localhost, instead of
every network interfaces. This can be changed with the added "bindto"
command argument.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.8.0-4+deb7u1.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.0-1+deb8u1.

We recommend that you upgrade your openocd packages.

For the detailed security status of openocd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openocd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlplTRkACgkQbsLe9o/+
N3SoCQ//YBD0bq5cBK382flGHmfA5mu7unG6aUxd9+bDCvoKqbZdmgModuh/nBG/
qF/0kUOInDN0gYXFAoXFKKn2aIjOQ3SHc6miyu5XA+I/Ie4TVDtpndajW6rqvrNd
Ylt8fxRexRctY1MXWMB9Jv+uP+8MU/18abMGxFdltBZOLQM6DsKyS0AKlbd08zBu
ykdgg4X9qRm44fPU4KyPCWroAhAfUkRWdg8YFweRLY6uOetkwoUR0MKbw3zZjMyA
3qQ+ejjoC6/vFZ0Nmy3QRHabqLSiR/ierLx/n0ZC4xiGfQBYiPpOyyN8bQtkzGf8
csFvDh77PxUeaA1RC8tlY3cR/vvB+GaODRmxKzQPrsUf0HoWxHTfGT1/MbcKuuxP
s8Vn5Plwg/v7H9KJYOUbNyzNq/xt/sxcZdTXDF049vaagmEwQnM0iXG5D6quLQkS
iXn2qzHw0Xv73yA6msdxu/v5d8i/6ly+qzkf/qUNE1Vc1WTfWw41qb6VxLB6W/3A
fVBIp3Jpykj+QlDFhgYTenuaPim86G8JjvsZDb2x9k0ThJQQs4SD8ikhwoYrhlnm
JsHe/uFjDyLWUZxRumPS16pZMrMjDKO93NiR17R8u/KV1jPWkwq/2D6WSIyJfiT8
sYUEV1rhsYSD82sP6+vpMJF89LOeHpl+YI0SLL91Oixw0RypB9k=
=8CD/
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 4093-1

Debian Security Advisory 4093-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4093-1

Share This

Debian Security Advisory 4093-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems