-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1012
                          iodine security update
                               23 June 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iodine
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Linux variants
                   OS X
                   BSD variants
                   Windows
Impact/Access:     Unauthorised Access -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-4168  

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2964

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running iodine check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2964-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
June 21, 2014                          http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : iodine
CVE ID         : CVE-2014-4168
Debian Bug     : 751834

Oscar Reparaz discovered an authentication bypass vulnerability in
iodine, a tool for tunneling IPv4 data through a DNS server. A remote
attacker could provoke a server to accept the rest of the setup or
also network traffic by exploiting this flaw.

For the stable distribution (wheezy), this problem has been fixed in
version 0.6.0~rc1-12+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 0.6.0~rc1-19.

For the unstable distribution (sid), this problem has been fixed in
version 0.6.0~rc1-19.

We recommend that you upgrade your iodine packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTpRRYAAoJEAVMuPMTQ89EX7oP/28EAYBKa3LxEaGXzasuhita
vAWi8n+3fV18XMwpfk8XpQhWatXgxLqZzaB1+tt7YG7lGPQofwQm5O7EnOfFmiFd
rgHmhoTEx1bJIk/qSGFuQnuHNrvAWmQyXjPo/ZofetP+54osTPtTCILzRclJ0Dcr
Ju8Mlt4fNbIPYEBGCNdB4E1obpwrP7DewanHg8Ca6UrFiuXkCRHWysLpzpM1OA9p
EkZYAa64cKbeYAYsWh6fsdBOiinOOrorXFgxTRCL7bWy7NTF8jXukhD8G4ITN/kR
n+lUTx+MT/pRk53M6EnLnS9aEgyLCXytMxCod4yE57y+/G59q18mdO7jci1cMhKF
H9Wc7xvY2STaLRtPxt7RED6V1Lbth6STp638dfO96TBwb8eCLSRu15Up7BTsTTIp
cF57PreTSOFyBzonvH0Cs5zXEkSYVpkW+PBvC5K0jpJ56Hs1bxqHapvEtC89E7Zc
BQ9OVp4Bys48Bu23HHg+O9xUu5sPJXHD/HVjCiCK9BLucsnJIS6ZfwBeDv4rSfZu
WiG3Z0YFE4T1LuYteI9c72asPgu2Sa720i+Tqzpi4dULLkevHNPM8Dxtwo6fAHKn
jiTw+FFrcjpyzklQ5wyLx1aDLDbDx2RkTkXtzTMz3GOxAakGznQ/OaBfQyiP1+cj
AV7auTYO0B4jy2fVP3Hp
=cOY7
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU6d3YBLndAQH1ShLAQL0xxAAoIIKU1Awwkp1kp4Tps7d4oU+oOZVgoIV
gPgoyigf5sL5z5FoTheyVAuhIb/Uh+g22DoSfHIHzR5oFp+VjBgc1PyW2hZm50p1
6zQgxuX8RXUmBMdeRgNf9VtyXNCWhIsleb5qw7KstRL2pURtX/X3StDwK9fT0DA5
7U1QF/SvGgcVP3pCZtii3MYnY+e8tbrEQFLBrnd9Xq93D1SGF2IOUSU6nM+v8bYl
2iaXelT4QK2L8ze+jYIh5hNdWv/BBP2syaufx/sNd7en/r365vIK2g2zYFtZoqlD
ihDzOtvjdluRVSWXB7zCuqyURCc3aHulSrpGwLhDhMeW4rn+73QarfodL0qtw/SM
h4o4pUADXDxntKIavmX0zpB4NNPSMx+Br3Ceds+NE4MAFBhN9+ikJ0qb9My3o8Hi
icDkTqf2cDKbth5Kj8UNyqs+Vqg7PSYTKIxwOfQRVcfeZRhS7dS0z1DWFdXiW7n5
psCw3xjFtStsuPOHNU9UshdpRJc153UfV5E8L0tS4b3BLI34hEaGlDSAdHwr8p3x
LxWqdi76fjpbqgHkuwLrny0LvHvZTFhVpDW5uIOXBIWYY+0UyCsiBdZLcfXD6ryb
V9xLW+m8HfuVBvwnVRKJHTzy35jsz+Fq65xxFJOSKMM0qw0pEMtsl3WlsRkMNmbw
dIbJrPwmbbU=
=PtPj
-----END PGP SIGNATURE-----