Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1478 replies to this topic

#1476 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,660 posts

Posted 19 September 2018 - 06:45 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
September 19, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser

Two vulnerabilities have been discovered in the chromium web browser.
Kevin Cheung discovered an error in the WebAssembly implementation and
evil1m0 discovered a URL spoofing issue.

For the stable distribution (stretch), this problem has been fixed in
version 69.0.3497.92-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1477 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,660 posts

Posted 21 September 2018 - 07:54 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4298-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 20, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : hylafax
CVE ID         : CVE-2018-17141

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing
input sanitising in the Hylafax fax software could potentially result in
the execution of arbitrary code via a malformed fax message.

For the stable distribution (stretch), this problem has been fixed in
version 3:6.0.6-7+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4299-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
September 21, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : texlive-bin
CVE            : not yet available

Nick Roessler from the University of Pennsylvania has found a buffer overflow
in texlive-bin, the executables for TexLive, the popular distribution of TeX
document production system.

This buffer overflow can be used for arbitrary code execution by crafting a
special type1 font (.pfb) and provide it to users running pdf(la)tex, dvips or
luatex in a way that the font is loaded.

For the stable distribution (stretch), this problem has been fixed in
version 2016.20160513.41080.dfsg-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1478 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,660 posts

Posted 22 September 2018 - 08:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4300-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 22, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libarchive-zip-perl
CVE ID         : CVE-2018-10860
Debian Bug     : 902882

It was discovered that Archive::Zip, a perl module for manipulation of
ZIP archives, is prone to a directory traversal vulnerability. An
attacker able to provide a specially crafted archive for processing can
take advantage of this flaw to overwrite arbitrary files during archive
extraction.

For the stable distribution (stretch), this problem has been fixed in
version 1.59-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4301-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 22, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2018-0503 CVE-2018-0504 CVE-2018-0505

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which result in incorrectly
configured rate limits, information disclosure in Special:Redirect/logid
and bypass of an account lock.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.5-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1479 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,660 posts

Posted 23 September 2018 - 07:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4302-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openafs
CVE ID         : CVE-2018-16947 CVE-2018-16948 CVE-2018-16949
Debian Bug     : 908616

Several vulnerabilities were discovered in openafs, an implementation of
the distributed filesystem AFS. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2018-16947

    Jeffrey Altman reported that the backup tape controller (butc)
    process does accept incoming RPCs but does not require (or allow
    for) authentication of those RPCs, allowing an unauthenticated
    attacker to perform volume operations with administrator
    credentials.

    https://openafs.org/...SA-2018-001.txt

CVE-2018-16948

    Mark Vitale reported that several RPC server routines do not fully
    initialize output variables, leaking memory contents (from both
    the stack and the heap) to the remote caller for
    otherwise-successful RPCs.

    https://openafs.org/...SA-2018-002.txt

CVE-2018-16949

    Mark Vitale reported that an unauthenticated attacker can consume
    large amounts of server memory and network bandwidth via
    specially crafted requests, resulting in denial of service to
    legitimate clients.

    https://openafs.org/...SA-2018-003.txt

For the stable distribution (stretch), these problems have been fixed in
version 1.6.20-2+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4303-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : okular
CVE ID         : CVE-2018-1000801

Joran Herve discovered that the Okular document viewer was susceptible
to directory traversal via malformed .okular files (annotated document
archives), which could result in the creation of arbitrary files.

For the stable distribution (stretch), this problem has been fixed in
version 4:16.08.2-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4304-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-12383 CVE-2018-12385

Two security issues have been found in the Mozilla Firefox web browser,
which could potentially result in the execution of arbitrary code and
local information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 60.2.1esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users