Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1428 replies to this topic

#1401 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 19 March 2018 - 07:11 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4145-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 18, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gitlab
CVE ID         : CVE-2017-0915 CVE-2017-0916 CVE-2017-0917 CVE-2017-0918
                 CVE-2017-0925 CVE-2017-0926 CVE-2018-3710

Several vulnerabilities have been discovered in Gitlab, a software
platform to collaborate on code:

CVE-2017-0915 / CVE-2018-3710

    Arbitrary code execution in project import.

CVE-2017-0916

    Command injection via Webhooks.

CVE-2017-0917

    Cross-site scripting in CI job output.

CVE-2017-0918

    Insufficient restriction of CI runner for project cache access.

CVE-2017-0925

    Information disclosure in Services API.

CVE-2017-0926

    Restrictions for disabled OAuth providers could be bypassed.

For the stable distribution (stretch), these problems have been fixed in
version 8.13.11+dfsg1-8+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1402 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 20 March 2018 - 07:01 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4146-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : plexus-utils
CVE ID         : CVE-2017-1000487

Charles Duffy discovered that the Commandline class in the utilities for
the Plexus framework performs insufficient quoting of double-encoded
strings, which could result in the execution of arbitrary shell commands.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:1.5.15-4+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1:1.5.15-4+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1403 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 23 March 2018 - 05:44 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4147-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
March 21, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : polarssl
CVE ID         : CVE-2017-18187 CVE-2018-0487 CVE-2018-0488
Debian Bug     : 890287 890288

Several vulnerabilities were discovered in PolarSSL, a lightweight
crypto and SSL/TLS library, that allowed a remote attacker to either
cause a denial-of-service by application crash, or execute arbitrary
code.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.3.9-2.1+deb8u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4148-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 22, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kamailio
CVE ID         : CVE-2018-8828

Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow
in the Kamailio SIP server which could result in denial of service and
potentially the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 4.2.0-2+deb8u3.

For the stable distribution (stretch), this problem has been fixed in
version 4.4.4-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4149-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 22, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : plexus-utils2
CVE ID         : CVE-2017-1000487

Charles Duffy discovered that the Commandline class in the utilities for
the Plexus framework performs insufficient quoting of double-encoded
strings, which could result in the execution of arbitrary shell commands.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.0.15-1+deb8u1.

For the stable distribution (stretch), this problem has been prior to
the initial release.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4150-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 23, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2017-15422

It was discovered that an integer overflow in the International
Components for Unicode (ICU) library could result in denial of service
and potentially the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.1-8+deb8u7.

For the stable distribution (stretch), this problem has been fixed in
version 57.1-6+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1404 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 26 March 2018 - 07:00 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4151-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 26, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : librelp
CVE ID         : CVE-2018-1000140

Bas van Schaik and Kevin Backhouse discovered a stack-based buffer
overflow vulnerability in librelp, a library providing reliable event
logging over the network, triggered while checking x509 certificates
from a peer. A remote attacker able to connect to rsyslog can take
advantage of this flaw for remote code execution by sending a specially
crafted x509 certificate.

Details can be found in the upstream advisory:
http://www.rsyslog.c...e-2018-1000140/

For the oldstable distribution (jessie), this problem has been fixed
in version 1.2.7-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.12-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1405 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 27 March 2018 - 06:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4152-1                   security@debian.org
https://www.debian.org/security/                            Luciano Bello
March 27, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2018-6544 CVE-2018-1000051
Debian Bug     : 891245

Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book
viewer, which may result in denial of service or remote code execution.
An attacker can craft a PDF document which, when opened in the victim
host, might consume vast amounts of memory, crash the program, or, in
some cases, execute code in the context in which the application is
running.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.5-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.9a+ds1-4+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4153-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 27, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-5148

It was discovered that a use-after-free in the compositor of Firefox
can result in the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.7.3esr-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 52.7.3esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1406 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 28 March 2018 - 06:21 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4154-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : net-snmp
CVE ID         : CVE-2015-5621 CVE-2018-1000116
Debian Bug     : 788964 894110

A heap corruption vulnerability was discovered in net-snmp, a suite of
Simple Network Management Protocol applications, triggered when parsing
the PDU prior to the authentication process. A remote, unauthenticated
attacker can take advantage of this flaw to crash the snmpd process
(causing a denial of service) or, potentially, execute arbitrary code
with the privileges of the user running snmpd.

For the oldstable distribution (jessie), these problems have been fixed
in version 5.7.2.1+dfsg-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed
before the initial release.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4155-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144
                 CVE-2018-5145 CVE-2018-5146

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or information
disclosure.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:52.7.0-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:52.7.0-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1407 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 30 March 2018 - 08:49 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4156-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 29, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : drupal7
CVE ID         : CVE-2018-7600
Debian Bug     : 894259

A remote code execution vulnerability has been found in Drupal, a
fully-featured content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.o...a-core-2018-002

For the oldstable distribution (jessie), this problem has been fixed
in version 7.32-1+deb8u11.

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4157-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 29, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2017-3738 CVE-2018-0739

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2017-3738

    David Benjamin of Google reported an overflow bug in the AVX2
    Montgomery multiplication procedure used in exponentiation with
    1024-bit moduli.

CVE-2018-0739

    It was discovered that constructed ASN.1 types with a recursive
    definition could exceed the stack, potentially leading to a denial
    of service.

Details can be found in the upstream advisory:
https://www.openssl....dv/20180327.txt

For the oldstable distribution (jessie), these problems have been fixed
in version 1.0.1t-1+deb8u8. The oldstable distribution is not affected
by CVE-2017-3738.

For the stable distribution (stretch), these problems have been fixed in
version 1.1.0f-3+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4158-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 29, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl1.0
CVE ID         : CVE-2018-0739

It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.

Details can be found in the upstream advisory:
https://www.openssl....dv/20180327.txt

For the stable distribution (stretch), this problem has been fixed in
version 1.0.2l-2+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1408 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 01 April 2018 - 07:34 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4159-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 01, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : remctl
CVE ID         : CVE-2018-0493

Santosh Ananthakrishnan discovered a use-after-free in remctl, a server
for Kerberos-authenticated command execution. If the command is
configured with the sudo option, this could potentially result in the
execution of arbitrary code.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), this problem has been fixed in
version 3.13-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4160-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 01, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libevt
CVE ID         : CVE-2018-8754

It was discovered that insufficient input sanitising in libevt, a library
to access the Windows Event Log (EVT) format, could result in denial of
service or the execution of arbitrary code if a malformed EVT file is
processed.

For the stable distribution (stretch), this problem has been fixed in
version 20170120-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4161-1                   security@debian.org
https://www.debian.org/security/                            Luciano Bello
April 01, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2018-7536 CVE-2018-7537

James Davis discovered two issues in Django, a high-level Python web
development framework, that can lead to a denial-of-service attack.
An attacker with control on the input of the django.utils.html.urlize()
function or django.utils.text.Truncator's chars() and words() methods
could craft a string that might stuck the execution of the application.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.7.11-1+deb8u3.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.10.7-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4162-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 01, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : irssi
CVE ID         : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208
                 CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053
                 CVE-2018-7054

Multiple vulnerabilities have been discovered in Irssi, a terminal-based
IRC client which can result in denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.7-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1409 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 03 April 2018 - 07:50 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4163-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 02, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : beep
CVE ID         : CVE-2018-0492

It was discovered that a race condition in beep (if configured as setuid
via debconf) allows local privilege escalation.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3-3+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.3-4+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4164-1                   security@debian.org
https://www.debian.org/security/                           Stefan Fritsch
April 03, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : apache2
CVE ID         : CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301
                 CVE-2018-1303 CVE-2018-1312

Several vulnerabilities have been found in the Apache HTTPD server.

CVE-2017-15710

    Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
    configured with AuthLDAPCharsetConfig, could cause an of bound write
    if supplied with a crafted Accept-Language header. This could
    potentially be used for a Denial of Service attack.

CVE-2017-15715

    Elar Lang discovered that expression specified in <FilesMatch> could
    match '$' to a newline character in a malicious filename, rather
    than matching only the end of the filename. This could be exploited
    in environments where uploads of some files are are externally
    blocked, but only by matching the trailing portion of the filename.

CVE-2018-1283

    When mod_session is configured to forward its session data to CGI
    applications (SessionEnv on, not the default), a remote user could
    influence their content by using a "Session" header.

CVE-2018-1301

    Robert Swiecki reported that a specially crafted request could have
    crashed the Apache HTTP Server, due to an out of bound access after
    a size limit is reached by reading the HTTP header.

CVE-2018-1303

    Robert Swiecki reported that a specially crafted HTTP request header
    could have crashed the Apache HTTP Server if using
    mod_cache_socache, due to an out of bound read while preparing data
    to be cached in shared memory.

CVE-2018-1312

    Nicolas Daniels discovered that when generating an HTTP Digest
    authentication challenge, the nonce sent by mod_auth_digest to
    prevent reply attacks was not correctly generated using a
    pseudo-random seed. In a cluster of servers using a common Digest
    authentication configuration, HTTP requests could be replayed across
    servers by an attacker without detection.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.4.10-10+deb8u12.

For the stable distribution (stretch), these problems have been fixed in
version 2.4.25-3+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1410 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 04 April 2018 - 06:43 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4165-1                   security@debian.org
https://www.debian.org/security/                            Luciano Bello
April 03, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ldap-account-manager
CVE ID         : CVE-2018-8763 CVE-2018-8764

Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web
front-end for LDAP directories.

CVE-2018-8763

    The found Reflected Cross Site Scripting (XSS) vulnerability might
    allow an attacker to execute Javascript code in the browser of the
    victim or to redirect her to a malicious website if the victim clicks
    on a specially crafted link.

CVE-2018-8764

    The application leaks the CSRF token in the URL, which can be use by
    an attacker to perform a Cross-Site Request Forgery attack, in which
    a victim logged in LDAP Account Manager might performed unwanted
    actions in the front-end by clicking on a link crafted by the
    attacker.

For the oldstable distribution (jessie), these problems have been fixed
in version 4.7.1-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 5.5-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4166-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 04, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-7
CVE ID         : CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602
                 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633
                 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663
                 CVE-2018-2677 CVE-2018-2678

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, sandbox bypass, execution of arbitrary code, incorrect
LDAP/GSS authentication, insecure use of cryptography or bypass of
deserialisation restrictions.

For the oldstable distribution (jessie), these problems have been fixed
in version 7u171-2.6.13-1~deb8u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1411 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 05 April 2018 - 06:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4167-1                   security@debian.org
https://www.debian.org/security/                            Luciano Bello
April 05, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sharutils
CVE ID         : CVE-2018-1000097
Debian Bug     : 893525

A buffer-overflow vulnerability was discovered in Sharutils, a set of
utilities handle Shell Archives. An attacker with control on the input of
the unshar command, could crash the application or execute arbitrary code
in the its context.

For the oldstable distribution (jessie), this problem has been fixed
in version 4.14-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1:4.15.2-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1412 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 08 April 2018 - 07:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4168-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 08, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squirrelmail
CVE ID         : CVE-2018-8741
Debian Bug     : 893202

Florian Grunow und Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.

For the oldstable distribution (jessie), this problem has been fixed
in version 2:1.4.23~svn20120406-2+deb8u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1413 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 11 April 2018 - 07:11 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4170-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 09, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pjproject
CVE ID         : CVE-2017-16872 CVE-2017-16875 CVE-2018-1000098
                 CVE-2018-1000099

Multiple vulnerabilities have been discovered in the PJSIP/PJProject
multimedia communication which may result in denial of service during
the processing of SIP and SDP messages and ioqueue keys.

For the stable distribution (stretch), these problems have been fixed in
version 2.5.5~dfsg-6+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4169-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
April 11, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pcs
CVE ID         : CVE-2018-1086
Debian Bug     : 895313

Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a
pacemaker command line interface and GUI. The REST interface normally doesn't
allow passing --debug parameter to prevent information leak, but the check
wasn't sufficient.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.155+dfsg-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1414 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 13 April 2018 - 08:13 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4079-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 12, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : poppler
CVE ID         : CVE-2017-9776
Debian Bug     : 890826

It was discovered that the poppler upload for the oldstable distribution
(jessie), released as DSA-4079-1, did not correctly address
CVE-2017-9776 and additionally caused regressions when rendering PDFs
embedding JBIG2 streams. Updated packages are now available to correct
this issue.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.26.5-2+deb8u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4171-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 13, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-loofah
CVE ID         : CVE-2018-8048
Debian Bug     : 893596

The Shopify Application Security Team reported that ruby-loofah, a
general library for manipulating and transforming HTML/XML documents and
fragments, allows non-whitelisted attributes to be present in sanitized
output when input with specially-crafted HTML fragments. This might
allow to mount a code injection attack into a browser consuming
sanitized output.

For the stable distribution (stretch), this problem has been fixed in
version 2.0.3-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1415 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 15 April 2018 - 09:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4172-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 14, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : perl
CVE ID         : CVE-2018-6797 CVE-2018-6798 CVE-2018-6913

Multiple vulnerabilities were discovered in the implementation of the
Perl programming language. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2018-6797

    Brian Carpenter reported that a crafted regular expression
    could cause a heap buffer write overflow, with control over the
    bytes written.

CVE-2018-6798

    Nguyen Duc Manh reported that matching a crafted locale dependent
    regular expression could cause a heap buffer read overflow and
    potentially information disclosure.

CVE-2018-6913

    GwanYeong Kim reported that 'pack()' could cause a heap buffer write
    overflow with a large item count.

For the oldstable distribution (jessie), these problems have been fixed
in version 5.20.2-3+deb8u10. The oldstable distribution (jessie) update
contains only a fix for CVE-2018-6913.

For the stable distribution (stretch), these problems have been fixed in
version 5.24.1-3+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1416 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 17 April 2018 - 06:54 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4173-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 16, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : r-cran-readxl
CVE ID         : CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12110
                 CVE-2017-12111

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R
package to read Excel files (via the integrated libxls library), which
could result in the execution of arbitrary code if a malformed
spreadsheet is processed.

For the stable distribution (stretch), these problems have been fixed in
version 0.1.1-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4174-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
April 17, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : corosync
CVE ID         : CVE-2018-1084
Debian Bug     : 895653

The Citrix Security Response Team discovered that corosync, a cluster
engine implementation, allowed an unauthenticated user to cause a
denial-of-service by application crash.

For the stable distribution (stretch), this problem has been fixed in
version 2.4.2-3+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1417 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 19 April 2018 - 08:16 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4175-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 18, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freeplane
CVE ID         : CVE-2018-1000069
Debian Bug     : 893663

Wojciech Regula discovered an XML External Entity vulnerability in the
XML Parser of the mindmap loader in freeplane, a Java program for
working with mind maps, resulting in potential information disclosure if
a malicious mind map file is opened.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.12-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.5.18-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1418 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 21 April 2018 - 07:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4176-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 20, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-5.5
CVE ID         : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773
                 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818
                 CVE-2018-2819

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.60, which includes additional changes. Please see the MySQL
5.5 Release Notes and Oracle's Critical Patch Update advisory for
further details:

https://dev.mysql.co...ews-5-5-60.html
http://www.oracle.co...18-3678067.html

For the oldstable distribution (jessie), these problems have been fixed
in version 5.5.60-0+deb8u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4177-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 20, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libsdl2-image
CVE ID         : CVE-2017-2887  CVE-2017-12122 CVE-2017-14440 CVE-2017-14441
                 CVE-2017-14442 CVE-2017-14448 CVE-2017-14449 CVE-2017-14450
                 CVE-2018-3837  CVE-2018-3838  CVE-2018-3839

Multiple vulnerabilities have been discovered in the image loading
library for Simple DirectMedia Layer 2, which could result in denial of
service or the execution of arbitrary code if malformed image files are
opened.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.0.0+dfsg-3+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 2.0.1+dfsg-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4178-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 20, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2018-10119 CVE-2018-10120

Two vulnerabilities were discovered in LibreOffice's code to parse
MS Word and Structured Storage files, which could result in denial of
service and potentially the execution of arbitrary code if a malformed
file is opened.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:4.3.3-2+deb8u11.

For the stable distribution (stretch), these problems have been fixed in
version 1:5.2.7-1+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1419 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 24 April 2018 - 09:20 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4179-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
April 24, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux-tools

This update doesn't fix a vulnerability in linux-tools, but provides
support for building Linux kernel modules with the "retpoline"
mitigation for CVE-2017-5715 (Spectre variant 2).

This update also includes bug fixes from the upstream Linux 3.16 stable
branch up to and including 3.16.56.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.16.56-1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1420 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 26 April 2018 - 08:53 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4180-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 25, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : drupal7
CVE ID         : CVE-2018-7602
Debian Bug     : 896701

A remote code execution vulnerability has been found in Drupal, a
fully-featured content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.o...a-core-2018-004

For the oldstable distribution (jessie), this problem has been fixed
in version 7.32-1+deb8u12.

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1421 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 28 April 2018 - 10:40 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4182-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061
                 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
                 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069
                 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073
                 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077
                 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081
                 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086
                 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090
                 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094
                 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098
                 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102
                 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106
                 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110
                 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114
                 CVE-2018-6116 CVE-2018-6117

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-6056

    lokihardt discovered an error in the v8 javascript library.

CVE-2018-6057

    Gal Beniamini discovered errors related to shared memory permissions.

CVE-2018-6060

    Omair discovered a use-after-free issue in blink/webkit.

CVE-2018-6061

    Guang Gong discovered a race condition in the v8 javascript library.

CVE-2018-6062

    A heap overflow issue was discovered in the v8 javascript library.

CVE-2018-6063

    Gal Beniamini discovered errors related to shared memory permissions.

CVE-2018-6064

    lokihardt discovered a type confusion error in the v8 javascript
    library.

CVE-2018-6065

    Mark Brand discovered an integer overflow issue in the v8 javascript
    library.

CVE-2018-6066

    Masato Kinugawa discovered a way to bypass the Same Origin Policy.

CVE-2018-6067

    Ned Williamson discovered a buffer overflow issue in the skia library.

CVE-2018-6068

    Luan Herrera discovered object lifecycle issues.

CVE-2018-6069

    Wanglu and Yangkang discovered a stack overflow issue in the skia
    library.

CVE-2018-6070

    Rob Wu discovered a way to bypass the Content Security Policy.

CVE-2018-6071

    A heap overflow issue was discovered in the skia library.

CVE-2018-6072

    Atte Kettunen discovered an integer overflow issue in the pdfium
    library.

CVE-2018-6073

    Omair discover a heap overflow issue in the WebGL implementation.

CVE-2018-6074

    Abdulrahman Alqabandi discovered a way to cause a downloaded web page
    to not contain a Mark of the Web.

CVE-2018-6075

    Inti De Ceukelaire discovered a way to bypass the Same Origin Policy.

CVE-2018-6076

    Mateusz Krzeszowiec discovered that URL fragment identifiers could be
    handled incorrectly.

CVE-2018-6077

    Khalil Zhani discovered a timing issue.

CVE-2018-6078

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6079

    Ivars discovered an information disclosure issue.

CVE-2018-6080

    Gal Beniamini discovered an information disclosure issue.

CVE-2018-6081

    Rob Wu discovered a cross-site scripting issue.

CVE-2018-6082

    WenXu Wu discovered a way to bypass blocked ports.

CVE-2018-6083

    Jun Kokatsu discovered that AppManifests could be handled incorrectly.

CVE-2018-6085

    Ned Williamson discovered a use-after-free issue.

CVE-2018-6086

    Ned Williamson discovered a use-after-free issue.

CVE-2018-6087

    A use-after-free issue was discovered in the WebAssembly implementation.

CVE-2018-6088

    A use-after-free issue was discovered in the pdfium library.

CVE-2018-6089

    Rob Wu discovered a way to bypass the Same Origin Policy.

CVE-2018-6090

    ZhanJia Song discovered a heap overflow issue in the skia library.

CVE-2018-6091

    Jun Kokatsu discovered that plugins could be handled incorrectly.

CVE-2018-6092

    Natalie Silvanovich discovered an integer overflow issue in the
    WebAssembly implementation.

CVE-2018-6093

    Jun Kokatsu discovered a way to bypass the Same Origin Policy.

CVE-2018-6094

    Chris Rohlf discovered a regression in garbage collection hardening.

CVE-2018-6095

    Abdulrahman Alqabandi discovered files could be uploaded without user
    interaction.

CVE-2018-6096

    WenXu Wu discovered a user interface spoofing issue.

CVE-2018-6097

    xisigr discovered a user interface spoofing issue.

CVE-2018-6098

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6099

    Jun Kokatsu discovered a way to bypass the Cross Origin Resource
    Sharing mechanism.

CVE-2018-6100

    Lnyas Zhang dsicovered a URL spoofing issue.

CVE-2018-6101

    Rob Wu discovered an issue in the developer tools remote debugging
    protocol.

CVE-2018-6102

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6103

    Khalil Zhani discovered a user interface spoofing issue.

CVE-2018-6104

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6105

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6106

    lokihardt discovered that v8 promises could be handled incorrectly.

CVE-2018-6107

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6108

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6109

    Dominik Weber discovered a way to misuse the FileAPI feature.

CVE-2018-6110

    Wenxiang Qian discovered that local plain text files could be handled
    incorrectly.

CVE-2018-6111

    Khalil Zhani discovered a use-after-free issue in the developer tools.

CVE-2018-6112

    Khalil Zhani discovered incorrect handling of URLs in the developer
    tools.

CVE-2018-6113

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6114

    Lnyas Zhang discovered a way to bypass the Content Security Policy.

CVE-2018-6116

    Chengdu Security Response Center discovered an error when memory
    is low.

CVE-2018-6117

    Spencer Dailey discovered an error in form autofill settings.

For the oldstable distribution (jessie), security support for chromium
has been discontinued.

For the stable distribution (stretch), these problems have been fixed in
version 66.0.3359.117-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4181-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : roundcube
CVE ID         : CVE-2018-9846
Debian Bug     : 895184

Andrea Basile discovered that the 'archive' plugin in roundcube, a
skinnable AJAX based webmail solution for IMAP servers, does not
properly sanitize a user-controlled parameter, allowing a remote
attacker to inject arbitrary IMAP commands and perform malicious
actions.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.3+dfsg.1-4+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4183-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tor
CVE ID         : CVE-2018-0490

It has been discovered that Tor, a connection-based low-latency
anonymous communication system, contains a protocol-list handling bug
that could be used to remotely crash directory authorities with a
null-pointer exception (TROVE-2018-001).

For the stable distribution (stretch), this problem has been fixed in
version 0.2.9.15-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4184-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sdl-image1.2
CVE ID         : CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441
                 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837
                 CVE-2018-3838 CVE-2018-3839
Debian Bug     : 878267

Multiple vulnerabilities have been discovered in the image loading
library for Simple DirectMedia Layer 1.2, which could result in denial
of service or the execution of arbitrary code if malformed image files
are opened.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.2.12-5+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1.2.12-5+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4185-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-8
CVE ID         : CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796
                 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800
CVE-2018-2814 CVE-2018-2815

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, sandbox bypass, execution of arbitrary code or bypass of JAR
signature validation.

For the stable distribution (stretch), these problems have been fixed in
version 8u171-b11-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4186-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 28, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gunicorn
CVE ID         : CVE-2018-1000164

It was discovered that gunicorn, an event-based HTTP/WSGI server was
susceptible to HTTP Response splitting.

For the oldstable distribution (jessie), this problem has been fixed
in version 19.0-1+deb8u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1422 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 01 May 2018 - 08:21 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4187-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753
                 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911
                 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017
                 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241
                 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332
                 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927
                 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757
                 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004
                 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2015-9016

    Ming Lei reported a race condition in the multiqueue block layer
    (blk-mq).  On a system with a driver using blk-mq (mtip32xx,
    null_blk, or virtio_blk), a local user might be able to use this
    for denial of service or possibly for privilege escalation.

CVE-2017-0861

    Robb Glasser reported a potential use-after-free in the ALSA (sound)
    PCM core.  We believe this was not possible in practice.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-13166

    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
    code has been found. Memory protections ensuring user-provided
    buffers always point to userland memory were disabled, allowing
    destination addresses to be in kernel space. On a 64-bit kernel a
    local user with access to a suitable video device can exploit this
    to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

    Al Viro reported that the Bluetooth HIDP implementation could
    dereference a pointer before performing the necessary type check.
    A local user could use this to cause a denial of service.

CVE-2017-16526

    Andrey Konovalov reported that the UWB subsystem may dereference
    an invalid pointer in an error case.  A local user might be able
    to use this for denial of service.

CVE-2017-16911

    Secunia Research reported that the USB/IP vhci_hcd driver exposed
    kernel heap addresses to local users.  This information could aid the
    exploitation of other vulnerabilities.

CVE-2017-16912

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to an out-of-bounds read.  A remote user able to connect to the
    USB/IP server could use this for denial of service.

CVE-2017-16913

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to excessive memory allocation.  A remote user able to connect to
    the USB/IP server could use this for denial of service.

CVE-2017-16914

    Secunia Research reported that the USB/IP stub driver failed to
    check for an invalid combination of fields in a received packet,
    leading to a null pointer dereference.  A remote user able to
    connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
    failed to validate TCP header lengths, potentially leading to a
    use-after-free.  If this module is loaded, it could be used by a
    remote attacker for denial of service or possibly for code
    execution.

CVE-2017-18203

    Hou Tao reported that there was a race condition in creation and
    deletion of device-mapper (DM) devices.  A local user could
    potentially use this for denial of service.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18232

    Jason Yan reported a race condition in the SAS (Serial-Attached
    SCSI) subsystem, between probing and destroying a port.  This
    could lead to a deadlock.  A physically present attacker could
    use this to cause a denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-5332

    Mohamed Ghannam reported that the RDS protocol did not
    sufficiently validate RDMA requests, leading to an out-of-bounds
    write.  A local attacker on a system with the rds module loaded
    could use this for denial of service or possibly for privilege
    escalation.

CVE-2018-5333

    Mohamed Ghannam reported that the RDS protocol did not properly
    handle an error case, leading to a null pointer dereference.  A
    local attacker on a system with the rds module loaded could
    possibly use this for denial of service.

CVE-2018-5750

    Wang Qize reported that the ACPI sbshc driver logged a kernel heap
    address.  This information could aid the exploitation of other
    vulnerabilities.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-6927

    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
    not check for negative parameter values, which might lead to a
    denial of service or other security impact.

CVE-2018-7492

    The syzkaller tool found that the RDS protocol was lacking a null
    pointer check.  A local attacker on a system with the rds module
    loaded could use this for denial of service.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-1000004

    Luo Quan reported a race condition in the ALSA (sound) sequencer
    core, between multiple ioctl operations.  This could lead to a
    deadlock or use-after-free.  A local user with access to a
    sequencer device could use this for denial of service or possibly
    for privilege escalation.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.56-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4188-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193
                 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224
                 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066
                 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108
                 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740
                 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781
                 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-17975

    Tuba Yavuz reported a use-after-free flaw in the USBTV007
    audio-video grabber driver. A local user could use this for denial
    of service by triggering failure of audio registration.

CVE-2017-18193

    Yunlei He reported that the f2fs implementation does not properly
    handle extent trees, allowing a local user to cause a denial of
    service via an application with multiple threads.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18218

    Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet
    driver. A local user could use this for denial of service.

CVE-2017-18222

    It was reported that the Hisilicon Network Subsystem (HNS) driver
    implementation does not properly handle ethtool private flags. A
    local user could use this for denial of service or possibly have
    other impact.

CVE-2017-18224

    Alex Chen reported that the OCFS2 filesystem omits the use of a
    semaphore and consequently has a race condition for access to the
    extent tree during read operations in DIRECT mode. A local user
    could use this for denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2017-18257

    It was reported that the f2fs implementation is prone to an infinite
    loop caused by an integer overflow in the __get_data_block()
    function. A local user can use this for denial of service via
    crafted use of the open and fallocate system calls with an
    FS_IOC_FIEMAP ioctl.

CVE-2018-1065

    The syzkaller tool found a NULL pointer dereference flaw in the
    netfilter subsystem when handling certain malformed iptables
    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
    capability (in any user namespace) could use this to cause a denial
    of service. Debian disables unprivileged user namespaces by default.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-1093

    Wen Xu reported that a crafted ext4 filesystem image could trigger
    an out-of-bounds read in the ext4_valid_block_bitmap() function. A
    local user able to mount arbitrary filesystems could use this for
    denial of service.

CVE-2018-1108

    Jann Horn reported that crng_ready() does not properly handle the
    crng_init variable states and the RNG could be treated as
    cryptographically safe too early after system boot.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-7480

    Hou Tao discovered a double-free flaw in the blkcg_init_queue()
    function in block/blk-cgroup.c. A local user could use this to cause
    a denial of service or have other impact.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8087

    A memory leak flaw was found in the hwsim_new_radio_nl() function in
    the simulated radio testing tool driver for mac80211, allowing a
    local user to cause a denial of service.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-10323

    Wen Xu reported a NULL pointer dereference flaw in the
    xfs_bmapi_write() function triggered when mounting and operating a
    crafted xfs filesystem image. A local user able to mount arbitrary
    filesystems could use this for denial of service.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the stable distribution (stretch), these problems have been fixed in
version 4.9.88-1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1423 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 03 May 2018 - 09:19 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4189-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 02, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quassel
CVE ID         : CVE-2018-1000178 CVE-2018-1000179

Two vulnerabilities were found in the Quassel IRC client, which could
result in the execution of arbitrary code or denial of service.

Note that you need to restart the 'quasselcore' service after upgrading
the Quassel packages.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:0.10.0-2.3+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1:0.12.4-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4190-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 03, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jackson-databind
CVE ID         : CVE-2018-7489
Debian Bug     : 891614

It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, improperly validated user input prior to
deserializing because of an incomplete fix for CVE-2017-7525.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.4.2-2+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 2.8.6-1+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4191-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 03, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : redmine
CVE ID         : CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571
                 CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575
                 CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026
Debian Bug     : 882544 882545 882547 882548 887307

Multiple vulnerabilities were discovered in Redmine, a project
management web application. They could lead to remote code execution,
information disclosure or cross-site scripting attacks.

For the stable distribution (stretch), these problems have been fixed in
version 3.3.1-4+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1424 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 06 May 2018 - 07:30 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4192-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 04, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libmad
CVE ID         : CVE-2017-8372 CVE-2017-8373 CVE-2017-8374

Several vulnerabilities were discovered in MAD, an MPEG audio decoder
library, which could result in denial of service if a malformed audio
file is processed.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.15.1b-8+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 0.15.1b-8+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4193-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 05, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2018-10100 CVE-2018-10101 CVE-2018-10102
Debian Bug     : 895034

Several vulnerabilities were discovered in wordpress, a web blogging
tool, which could allow remote attackers to compromise a site via
cross-site scripting, bypass restrictions or unsafe redirects. More
information can be found in the upstream advisory at
https://wordpress.or...enance-release/

For the oldstable distribution (jessie), these problems have been fixed
in version 4.1+dfsg-1+deb8u17.

For the stable distribution (stretch), these problems have been fixed in
version 4.7.5+dfsg-2+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4194-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 06, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lucene-solr
CVE ID         : CVE-2018-1308

An XML external entity expansion vulnerability was discovered in the
DataImportHandler of Solr, a search server based on Lucene, which could
result in information disclosure.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.6.2+dfsg-5+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 3.6.2+dfsg-10+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1425 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,507 posts

Posted 08 May 2018 - 08:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4195-1                   security@debian.org
https://www.debian.o... Salvatore Bonaccorso
May 08, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wget
CVE ID         : CVE-2018-0494
Debian Bug     : 898076

Harry Sintonen discovered that wget, a network utility to retrieve files
from the web, does not properly handle '\r\n' from continuation lines
while parsing the Set-Cookie HTTP header. A malicious web server could
use this flaw to inject arbitrary cookies to the cookie jar file, adding
new or replacing existing cookie values.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.16-1+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 1.18-5+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4196-1                   security@debian.org
https://www.debian.o... Salvatore Bonaccorso
May 08, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2018-1087 CVE-2018-8897
Debian Bug     : 897427 897599 898067 898100

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial of service.

CVE-2018-1087

    Andy Lutomirski discovered that the KVM implementation did not
    properly handle #DB exceptions while deferred by MOV SS/POP SS,
    allowing an unprivileged KVM guest user to crash the guest or
    potentially escalate their privileges.

CVE-2018-8897

    Nick Peterson of Everdox Tech LLC discovered that #DB exceptions
    that are deferred by MOV SS or POP SS are not properly handled,
    allowing an unprivileged user to crash the kernel and cause a denial
    of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.56-1+deb8u1. This update includes various fixes for
regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427,
#898067 and #898100).

For the stable distribution (stretch), these problems have been fixed in
version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1
is temporarily reverted due to various regression, cf. #897599.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users