Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1452 replies to this topic

#1451 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,588 posts

Posted 14 July 2018 - 07:46 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4244-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 13, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360
                 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365
                 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or attacks on
encrypted emails.

For the stable distribution (stretch), these problems have been fixed in
version 1:52.9.1-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4245-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 14, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2018-5248 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600

This update fixes several vulnerabilities in Imagemagick, a graphical
software suite. Various memory handling problems or incomplete input
sanitising could result in denial of service or the execution of
arbitrary code.
      
For the stable distribution (stretch), these problems have been fixed in
version 8:6.9.7.4+dfsg-11+deb9u5.

------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.5 released                          press@debian.org
July 14th, 2018                https://www.debian.o...s/2018/20180714
------------------------------------------------------------------------


The Debian project is pleased to announce the fifth update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1452 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,588 posts

Posted 15 July 2018 - 10:05 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4246-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 15, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mailman
CVE ID         : CVE-2018-0618

To****sugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered
that mailman, a web-based mailing list manager, is prone to a cross-site
scripting flaw allowing a malicious listowner to inject scripts into the
listinfo page, due to not validated input in the host_name field.

For the stable distribution (stretch), this problem has been fixed in
version 1:2.1.23-1+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1453 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,588 posts

Posted 18 July 2018 - 07:14 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4247-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 16, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-rack-protection
CVE ID         : CVE-2018-1000119

A timing attack was discovered in the function for CSRF token validation
of the "Ruby rack protection" framework.

For the stable distribution (stretch), this problem has been fixed in
version 1.5.3-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4248-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 17, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : blender
CVE ID         : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902
                 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906
                 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081
                 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100
                 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104
                 CVE-2017-12105

Multiple vulnerabilities have been discovered in various parsers of
Blender, a 3D modeller/ renderer. Malformed .blend model files and
malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may
result in the execution of arbitrary code.
        
For the stable distribution (stretch), these problems have been fixed in
version 2.79.b+dfsg0-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4249-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 17, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
CVE ID         : CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001
                 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
      
For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.11-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4250-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
July 18, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2018-12895
Debian Bug     : 902876

A vulnerability was discovered in Wordpress, a web blogging tool. It
allowed remote attackers with specific roles to execute arbitrary
code.

For the stable distribution (stretch), this problem has been fixed in
version 4.7.5+dfsg-2+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4251-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 18, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2018-11529

A use-after-free was discovered in the MP4 demuxer of the VLC media
player, which could result in the execution of arbitrary code if a
malformed media file is played.
      
For the stable distribution (stretch), this problem has been fixed in
version 3.0.3-1-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4252-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 18, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : znc
CVE ID         : CVE-2018-14055 CVE-2018-14056

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which
could result in privilege escalation or denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 1.6.5-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users