Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1429 replies to this topic

#1426 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,508 posts

Posted 09 May 2018 - 07:49 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4197-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wavpack
CVE ID         : CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539
                 CVE-2018-10540

Multiple vulnerabilities were discovered in the wavpack audio codec which
could result in denial of service or the execution of arbitrary code if
malformed media files are processed.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), these problems have been fixed in
version 5.0.0-2+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4198-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : prosody
CVE ID         : CVE-2017-18265
Debian Bug     : 875829

Albert Dengg discovered that incorrect parsing of <stream:error> messages
in the Prosody Jabber/XMPP server may result in denial of service.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.12-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1427 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,508 posts

Posted 12 May 2018 - 08:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4199-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 10, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157
                 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178
                 CVE-2018-5183

Several security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors and other implementation errors
may lead to the execution of arbitrary code or denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 52.8.0esr-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 52.8.0esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1428 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,508 posts

Posted 14 May 2018 - 07:44 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4200-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 14, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kwallet-pam
CVE ID         : CVE-2018-10380

Fabian Vogt discovered that incorrect permission handling in the PAM
module of the KDE Wallet could allow an unprivileged local user to gain
ownership of arbitrary files.

For the stable distribution (stretch), this problem has been fixed in
version 5.8.4-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1429 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,508 posts

Posted 16 May 2018 - 08:31 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4201-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 15, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981
                 CVE-2018-10982

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-8897

    Andy Lutomirski and Nick Peterson discovered that incorrect handling
    of debug exceptions could result in privilege escalation.

CVE-2018-10471

    An error was discovered in the mitigations against Meltdown which
    could result in denial of service.

CVE-2018-10472

    Anthony Perard discovered that incorrect parsing of CDROM images
    can result in information disclosure.

CVE-2018-10981

    Jan Beulich discovered that malformed device models could result
    in denial of service.

CVE-2018-10982

    Roger Pau Monne discovered that incorrect handling of high precision
    event timers could result in denial of service and potentially
    privilege escalation.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4202-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
May 16, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2018-1000301
Debian Bug     : 898856

OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer
library, could be tricked into reading data beyond the end of a heap
based buffer when parsing invalid headers in an RTSP response.

For the oldstable distribution (jessie), this problem has been fixed
in version 7.38.0-4+deb8u11.

For the stable distribution (stretch), this problem has been fixed in
version 7.52.1-5+deb9u6.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1430 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,508 posts

Posted Yesterday, 09:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4203-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 17, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2017-17670

Hans Jerry Illikainen discovered a type conversion vulnerability in the
MP4 demuxer of the VLC media player, which could result in the execution
of arbitrary code if a malformed media file is played.

This update upgrades VLC in stretch to the new 3.x release series (as
security fixes couldn't be sensibly backported to the 2.x series). In
addition two packages needed to be rebuild to ensure compatibility with
VLC 3; phonon-backend-vlc (0.9.0-2+deb9u1) and goldencheetah
(4.0.0~DEV1607-2+deb9u1).

VLC in jessie cannot be migrated to version 3 due to incompatible
library changes with reverse dependencies and is thus now declared
end-of-life for jessie. We recommend to upgrade to stretch or pick a
different media player if that's not an option.

For the stable distribution (stretch), this problem has been fixed in
version 3.0.2-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4204-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 18, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639
                 CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248
Debian Bug     : 867748 869827 869834 870012 870065 885125 885340 886588

This update fixes several vulnerabilities in imagemagick, a graphical
software suite. Various memory handling problems or issues about
incomplete input sanitizing would result in denial of service or
memory disclosure.

For the oldstable distribution (jessie), these problems have been fixed
in version 8:6.8.9.9-5+deb8u12.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4205-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 18, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

This is an advance notice that regular security support for Debian
GNU/Linux 8 (code name "jessie") will be terminated on the 17th of
June.

As with previous releases additional LTS support will be provided for
a reduced set of architectures and packages, a separate announcement
will be available in due time.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4206-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 21, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gitlab
CVE ID         : CVE-2017-0920 CVE-2018-8971

Several vulnerabilities have been discovered in Gitlab, a software
platform to collaborate on code:
    
CVE-2017-0920

    It was discovered that missing validation of merge requests allowed
    users to see names to private projects, resulting in information
    disclosure.

CVE-2018-8971

    It was discovered that the Auth0 integration was implemented
    incorrectly.

For the stable distribution (stretch), these problems have been fixed in
version 8.13.11+dfsg1-8+deb9u2. The fix for CVE-2018-8971 also requires
ruby-omniauth-auth0 to be upgraded to version 2.0.0-0+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users