Lucene search

DebianDEBIAN:DLA-2445-1:FB62C

HistoryNov 10, 2020 - 6:25 p.m.

[SECURITY] [DLA 2445-1] libmaxminddb security update

2020-11-1018:25:00

lists.debian.org

libmaxminddb

security update

cve-2020-28241

buffer over-read fix

debian 9 stretch

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Debian LTS Advisory DLA-2445-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
November 10, 2020 https://wiki.debian.org/LTS

Package : libmaxminddb
Version : 1.2.0-1+deb9u1
CVE ID : CVE-2020-28241
Debian Bug : 973878

A heap-based buffer over-read has been found in libmaxminddb, an IP geolocation
database library. This could be exploited when the mmdblookup tool is used to
open a specially crafted database file.

For Debian 9 stretch, this problem has been fixed in version
1.2.0-1+deb9u1.

We recommend that you upgrade your libmaxminddb packages.

For the detailed security status of libmaxminddb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmaxminddb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian10arm64mmdb-bin-dbgsym< 1.3.2-1+deb10u1mmdb-bin-dbgsym_1.3.2-1+deb10u1_arm64.deb
Debian9i386mmdb-bin< 1.2.0-1+deb9u1mmdb-bin_1.2.0-1+deb9u1_i386.deb
Debian10ppc64elmmdb-bin< 1.3.2-1+deb10u1mmdb-bin_1.3.2-1+deb10u1_ppc64el.deb
Debian10i386libmaxminddb0-dbgsym< 1.3.2-1+deb10u1libmaxminddb0-dbgsym_1.3.2-1+deb10u1_i386.deb
Debian10armhflibmaxminddb-dev< 1.3.2-1+deb10u1libmaxminddb-dev_1.3.2-1+deb10u1_armhf.deb
Debian9arm64mmdb-bin< 1.2.0-1+deb9u1mmdb-bin_1.2.0-1+deb9u1_arm64.deb
Debian10i386libmaxminddb-dev< 1.3.2-1+deb10u1libmaxminddb-dev_1.3.2-1+deb10u1_i386.deb
Debian9armellibmaxminddb0< 1.2.0-1+deb9u1libmaxminddb0_1.2.0-1+deb9u1_armel.deb
Debian9armelmmdb-bin< 1.2.0-1+deb9u1mmdb-bin_1.2.0-1+deb9u1_armel.deb
Debian10mipsellibmaxminddb0< 1.3.2-1+deb10u1libmaxminddb0_1.3.2-1+deb10u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	mmdb-bin-dbgsym	< 1.3.2-1+deb10u1	mmdb-bin-dbgsym_1.3.2-1+deb10u1_arm64.deb
Debian	9	i386	mmdb-bin	< 1.2.0-1+deb9u1	mmdb-bin_1.2.0-1+deb9u1_i386.deb
Debian	10	ppc64el	mmdb-bin	< 1.3.2-1+deb10u1	mmdb-bin_1.3.2-1+deb10u1_ppc64el.deb
Debian	10	i386	libmaxminddb0-dbgsym	< 1.3.2-1+deb10u1	libmaxminddb0-dbgsym_1.3.2-1+deb10u1_i386.deb
Debian	10	armhf	libmaxminddb-dev	< 1.3.2-1+deb10u1	libmaxminddb-dev_1.3.2-1+deb10u1_armhf.deb
Debian	9	arm64	mmdb-bin	< 1.2.0-1+deb9u1	mmdb-bin_1.2.0-1+deb9u1_arm64.deb
Debian	10	i386	libmaxminddb-dev	< 1.3.2-1+deb10u1	libmaxminddb-dev_1.3.2-1+deb10u1_i386.deb
Debian	9	armel	libmaxminddb0	< 1.2.0-1+deb9u1	libmaxminddb0_1.2.0-1+deb9u1_armel.deb
Debian	9	armel	mmdb-bin	< 1.2.0-1+deb9u1	mmdb-bin_1.2.0-1+deb9u1_armel.deb
Debian	10	mipsel	libmaxminddb0	< 1.3.2-1+deb10u1	libmaxminddb0_1.3.2-1+deb10u1_mipsel.deb