[SECURITY] [DSA 5568-1] fastdds security update

2023-11-2719:20:37

lists.debian.org

vulnerability

memory management

version 2.9.1

debian

fastdds

fixed

security update

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

Debian Security Advisory DSA-5568-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 27, 2023 https://www.debian.org/security/faq

Package : fastdds
CVE ID : CVE-2023-42459
Debian Bug : 1054163

It was discovered that incorrect memory management in Fast DDS, a C++
implementation of the DDS (Data Distribution Service) might result in
denial of service.

The oldstable distribution (bullseye) is not affected.

For the stable distribution (bookworm), this problem has been fixed in
version 2.9.1+ds-1+deb12u2.

We recommend that you upgrade your fastdds packages.

For the detailed security status of fastdds please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fastdds

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian12mips64ellibfastrtps2.9-dbgsym< 2.9.1+ds-1+deb12u2libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_mips64el.deb
Debian12ppc64elfastdds-tools< 2.9.1+ds-1+deb12u2fastdds-tools_2.9.1+ds-1+deb12u2_ppc64el.deb
Debian12armhflibfastrtps2.9-dbgsym< 2.9.1+ds-1+deb12u2libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_armhf.deb
Debian12armellibfastrtps-dev< 2.9.1+ds-1+deb12u2libfastrtps-dev_2.9.1+ds-1+deb12u2_armel.deb
Debian12armelfastdds-tools< 2.9.1+ds-1+deb12u2fastdds-tools_2.9.1+ds-1+deb12u2_armel.deb
Debian12mips64ellibfastrtps2.9< 2.9.1+ds-1+deb12u2libfastrtps2.9_2.9.1+ds-1+deb12u2_mips64el.deb
Debian12mipsellibfastrtps-dev< 2.9.1+ds-1+deb12u2libfastrtps-dev_2.9.1+ds-1+deb12u2_mipsel.deb
Debian12i386fastdds-tools< 2.9.1+ds-1+deb12u2fastdds-tools_2.9.1+ds-1+deb12u2_i386.deb
Debian12armhflibfastrtps-dev< 2.9.1+ds-1+deb12u2libfastrtps-dev_2.9.1+ds-1+deb12u2_armhf.deb
Debian12ppc64ellibfastrtps2.9-dbgsym< 2.9.1+ds-1+deb12u2libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	mips64el	libfastrtps2.9-dbgsym	< 2.9.1+ds-1+deb12u2	libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_mips64el.deb
Debian	12	ppc64el	fastdds-tools	< 2.9.1+ds-1+deb12u2	fastdds-tools_2.9.1+ds-1+deb12u2_ppc64el.deb
Debian	12	armhf	libfastrtps2.9-dbgsym	< 2.9.1+ds-1+deb12u2	libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_armhf.deb
Debian	12	armel	libfastrtps-dev	< 2.9.1+ds-1+deb12u2	libfastrtps-dev_2.9.1+ds-1+deb12u2_armel.deb
Debian	12	armel	fastdds-tools	< 2.9.1+ds-1+deb12u2	fastdds-tools_2.9.1+ds-1+deb12u2_armel.deb
Debian	12	mips64el	libfastrtps2.9	< 2.9.1+ds-1+deb12u2	libfastrtps2.9_2.9.1+ds-1+deb12u2_mips64el.deb
Debian	12	mipsel	libfastrtps-dev	< 2.9.1+ds-1+deb12u2	libfastrtps-dev_2.9.1+ds-1+deb12u2_mipsel.deb
Debian	12	i386	fastdds-tools	< 2.9.1+ds-1+deb12u2	fastdds-tools_2.9.1+ds-1+deb12u2_i386.deb
Debian	12	armhf	libfastrtps-dev	< 2.9.1+ds-1+deb12u2	libfastrtps-dev_2.9.1+ds-1+deb12u2_armhf.deb
Debian	12	ppc64el	libfastrtps2.9-dbgsym	< 2.9.1+ds-1+deb12u2	libfastrtps2.9-dbgsym_2.9.1+ds-1+deb12u2_ppc64el.deb