[SECURITY] [DLA 2064-1] ldm security update

2020-01-1015:06:58

lists.debian.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Package : ldm
Version : 2:2.2.15-2+deb8u1
CVE ID : CVE-2019-20373
Debian Bug : #948538

It was discovered that a hook script of ldm, the display manager
for the Linux Terminal Server Project incorrectly parsed responses
from an SSH server which could result in local root privilege
escalation.

For Debian 8 "Jessie", this issue has been fixed in ldm version
2:2.2.15-2+deb8u1.

We recommend that you upgrade your ldm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian10armhfldm< 2:2.18.06-1+deb10u1ldm_2:2.18.06-1+deb10u1_armhf.deb
Debian10allldm< 2:2.18.06-1+deb10u1ldm_2:2.18.06-1+deb10u1_all.deb
Debian10mipsldm< 2:2.18.06-1+deb10u1ldm_2:2.18.06-1+deb10u1_mips.deb
Debian10amd64ldm< 2:2.18.06-1+deb10u1ldm_2:2.18.06-1+deb10u1_amd64.deb
Debian9amd64ldm-dbgsym< 2:2.2.18-2+deb9u1ldm-dbgsym_2:2.2.18-2+deb9u1_amd64.deb
Debian9allldm-server< 2:2.2.18-2+deb9u1ldm-server_2:2.2.18-2+deb9u1_all.deb
Debian10armelldm-dbgsym< 2:2.18.06-1+deb10u1ldm-dbgsym_2:2.18.06-1+deb10u1_armel.deb
Debian8allldm-server< 2:2.2.15-2+deb8u1ldm-server_2:2.2.15-2+deb8u1_all.deb
Debian9i386ldm-dbgsym< 2:2.2.18-2+deb9u1ldm-dbgsym_2:2.2.18-2+deb9u1_i386.deb
Debian9arm64ldm-dbgsym< 2:2.2.18-2+deb9u1ldm-dbgsym_2:2.2.18-2+deb9u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	ldm	< 2:2.18.06-1+deb10u1	ldm_2:2.18.06-1+deb10u1_armhf.deb
Debian	10	all	ldm	< 2:2.18.06-1+deb10u1	ldm_2:2.18.06-1+deb10u1_all.deb
Debian	10	mips	ldm	< 2:2.18.06-1+deb10u1	ldm_2:2.18.06-1+deb10u1_mips.deb
Debian	10	amd64	ldm	< 2:2.18.06-1+deb10u1	ldm_2:2.18.06-1+deb10u1_amd64.deb
Debian	9	amd64	ldm-dbgsym	< 2:2.2.18-2+deb9u1	ldm-dbgsym_2:2.2.18-2+deb9u1_amd64.deb
Debian	9	all	ldm-server	< 2:2.2.18-2+deb9u1	ldm-server_2:2.2.18-2+deb9u1_all.deb
Debian	10	armel	ldm-dbgsym	< 2:2.18.06-1+deb10u1	ldm-dbgsym_2:2.18.06-1+deb10u1_armel.deb
Debian	8	all	ldm-server	< 2:2.2.15-2+deb8u1	ldm-server_2:2.2.15-2+deb8u1_all.deb
Debian	9	i386	ldm-dbgsym	< 2:2.2.18-2+deb9u1	ldm-dbgsym_2:2.2.18-2+deb9u1_i386.deb
Debian	9	arm64	ldm-dbgsym	< 2:2.2.18-2+deb9u1	ldm-dbgsym_2:2.2.18-2+deb9u1_arm64.deb