Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1428 replies to this topic

#1426 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 09 May 2018 - 07:49 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4197-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wavpack
CVE ID         : CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539
                 CVE-2018-10540

Multiple vulnerabilities were discovered in the wavpack audio codec which
could result in denial of service or the execution of arbitrary code if
malformed media files are processed.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), these problems have been fixed in
version 5.0.0-2+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4198-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : prosody
CVE ID         : CVE-2017-18265
Debian Bug     : 875829

Albert Dengg discovered that incorrect parsing of <stream:error> messages
in the Prosody Jabber/XMPP server may result in denial of service.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.12-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1427 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 12 May 2018 - 08:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4199-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 10, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157
                 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178
                 CVE-2018-5183

Several security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors and other implementation errors
may lead to the execution of arbitrary code or denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 52.8.0esr-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 52.8.0esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1428 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 14 May 2018 - 07:44 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4200-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 14, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kwallet-pam
CVE ID         : CVE-2018-10380

Fabian Vogt discovered that incorrect permission handling in the PAM
module of the KDE Wallet could allow an unprivileged local user to gain
ownership of arbitrary files.

For the stable distribution (stretch), this problem has been fixed in
version 5.8.4-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1429 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 16 May 2018 - 08:31 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4201-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 15, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981
                 CVE-2018-10982

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-8897

    Andy Lutomirski and Nick Peterson discovered that incorrect handling
    of debug exceptions could result in privilege escalation.

CVE-2018-10471

    An error was discovered in the mitigations against Meltdown which
    could result in denial of service.

CVE-2018-10472

    Anthony Perard discovered that incorrect parsing of CDROM images
    can result in information disclosure.

CVE-2018-10981

    Jan Beulich discovered that malformed device models could result
    in denial of service.

CVE-2018-10982

    Roger Pau Monne discovered that incorrect handling of high precision
    event timers could result in denial of service and potentially
    privilege escalation.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4202-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
May 16, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2018-1000301
Debian Bug     : 898856

OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer
library, could be tricked into reading data beyond the end of a heap
based buffer when parsing invalid headers in an RTSP response.

For the oldstable distribution (jessie), this problem has been fixed
in version 7.38.0-4+deb8u11.

For the stable distribution (stretch), this problem has been fixed in
version 7.52.1-5+deb9u6.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users