Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1363 replies to this topic

#1351 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 17 November 2017 - 07:50 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4040-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 17, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2017-11352 CVE-2017-11640 CVE-2017-12431
                 CVE-2017-12640 CVE-2017-12877 CVE-2017-12983
CVE-2017-13134 CVE-2017-13139 CVE-2017-13144
CVE-2017-13758 CVE-2017-13769 CVE-2017-14224
                 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989
CVE-2017-15277 CVE-2017-16546

This update fixes several vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or the execution of
arbitrary code if malformed image files are processed.

For the oldstable distribution (jessie), these problems have been fixed
in version 8:6.8.9.9-5+deb8u11.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1352 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 19 November 2017 - 06:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4041-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 19, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : procmail
CVE ID         : CVE-2017-16844
Debian Bug     : 876511

Jakub Wilk reported a heap-based buffer overflow vulnerability in
procmail's formail utility when processing specially-crafted email
headers. A remote attacker could use this flaw to cause formail to
crash, resulting in a denial of service or data loss.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.22-24+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.22-25+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4042-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 19, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxml-libxml-perl
CVE ID         : CVE-2017-10672
Debian Bug     : 866676

A use-after-free vulnerability was discovered in XML::LibXML, a Perl
interface to the libxml2 library, allowing an attacker to execute
arbitrary code by controlling the arguments to a replaceChild() call.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.0116+dfsg-1+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 2.0128+dfsg-1+deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1353 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 22 November 2017 - 07:58 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4043-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 21, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2017-14746 CVE-2017-15275

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2017-14746

    Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a
    use-after-free vulnerability allowing a client to compromise a SMB
    server via malicious SMB1 requests.

CVE-2017-15275

    Volker Lendecke of SerNet and the Samba team discovered that Samba
    is prone to a heap memory information leak, where server allocated
    heap memory may be returned to the client without being cleared.

For the oldstable distribution (jessie), these problems have been fixed
in version 2:4.2.14+dfsg-0+deb8u9.

For the stable distribution (stretch), these problems have been fixed in
version 2:4.5.12+dfsg-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4044-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
November 21, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : swauth
CVE ID         : CVE-2017-16613
Debian Bug     : 882314

A vulnerability has been discovered in swauth, an authentication system for
Swift, a distributed virtual object store used in Openstack.

The authentication token for an user is saved in clear text to the log file,
which could enable an attacker with access to the logs to bypass the
authentication provided by swauth.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.0-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4045-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 21, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2017-9300 CVE-2017-10699

Several vulnerabilities have been found in VLC, the VideoLAN project's
media player. Processing malformed media files could lead to denial of
service and potentially the execution of arbitrary code.
      
For the oldstable distribution (jessie), these problems have been fixed
in version 2.2.7-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.7-1~deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1354 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 22 November 2017 - 06:22 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4046-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
November 22, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libspring-ldap-java
CVE ID         : CVE-2017-8028

Tobias Schneider discovered that libspring-ldap-java, a Java library
for Spring-based applications using the Lightweight Directory Access
Protocol, would under some circumstances allow authentication with a
correct username but an arbitrary password.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.1.RELEASE-5+deb8u1.

We recommend that you upgrade your libspring-ldap-java packages.

For the detailed security status of libspring-ldap-java please refer to
its security tracker page at:
https://security-tra...pring-ldap-java
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1355 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 23 November 2017 - 06:36 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4047-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 23, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : otrs2
CVE ID         : CVE-2017-15864 CVE-2017-16664

Two vulnerabilities were discovered in the Open Ticket Request System
which could result in disclosure of database credentials or the
execution of arbitrary shell commands by logged-in agents.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.3.18-1+deb8u2.

For the stable distribution (stretch), these problems have been fixed in
version 5.0.16-1+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4048-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 23, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-7
CVE ID         : CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
                 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348
                 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356
                 CVE-2017-10357 CVE-2017-10388

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in impersonation
of Kerberos services, denial of service, sandbox bypass or HTTP header
injection.

For the oldstable distribution (jessie), these problems have been fixed
in version 7u151-2.6.11-2~deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1356 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 27 November 2017 - 06:32 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4049-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 27, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
CVE ID         : CVE-2017-15186 CVE-2017-15672 CVE-2017-16840

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
      
For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.9-1~deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1357 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 30 November 2017 - 12:51 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4050-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 28, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319
                 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592
                 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, information leaks, privilege escalation
or the execution of arbitrary code.

For the oldstable distribution (jessie) a separate update will be
released.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.2+xsa245-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4051-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
November 29, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2017-8816 CVE-2017-8817

Two vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2017-8816

    Alex Nichols discovered a buffer overrun flaw in the NTLM authentication
    code which can be triggered on 32bit systems where an integer overflow
    might occur when calculating the size of a memory allocation.

CVE-2017-8817

    Fuzzing by the OSS-Fuzz project led to the discovery of a read out of
    bounds flaw in the FTP wildcard function in libcurl. A malicious server
    could redirect a libcurl-based client to an URL using a wildcard pattern,
    triggering the out-of-bound read.

For the oldstable distribution (jessie), these problems have been fixed
in version 7.38.0-4+deb8u8.

For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4052-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 29, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bzr
CVE ID         : CVE-2017-14176
Debian Bug     : 874429

Adam Collard discovered that Bazaar, an easy to use distributed version
control system, did not correctly handle maliciously constructed bzr+ssh
URLs, allowing a remote attackers to run an arbitrary shell command.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.6.0+bzr6595-6+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2.7.0+bzr6619-7+deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1358 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 01 December 2017 - 09:39 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4053-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 30, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : exim4
CVE ID         : CVE-2017-16943 CVE-2017-16944
Debian Bug     : 882648 882671

Several vulnerabilities have been discovered in Exim, a mail transport
agent. The Common Vulnerabilities and Exposures project identifies the
following issues:

CVE-2017-16943

    A use-after-free vulnerability was discovered in Exim's routines
    responsible for parsing mail headers. A remote attacker can take
    advantage of this flaw to cause Exim to crash, resulting in a denial
    of service, or potentially for remote code execution.

CVE-2017-16944

    It was discovered that Exim does not properly handle BDAT data
    headers allowing a remote attacker to cause Exim to crash, resulting
    in a denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 4.89-2+deb9u2. Default installations disable advertising the
ESMTP CHUNKING extension and are not affected by these issues.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1359 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 03 December 2017 - 07:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4054-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 03, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tor
CVE ID         : CVE-2017-8819 CVE-2017-8820 CVE-2017-8821 CVE-2017-8822
                 CVE-2017-8823

Multiple vulnerabilities have been found in Tor, a connection-based
low-latency anonymous communication system.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.2.5.16-1.

For the stable distribution (stretch), these problems have been fixed in
version 0.2.9.14-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1360 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 07 December 2017 - 10:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4055-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
December 07, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : heimdal
CVE ID         : CVE-2017-17439
Debian Bug     : 878144

Michael Eder and Thomas Kittel discovered that Heimdal, an
implementation of Kerberos 5 that aims to be compatible with MIT
Kerberos, did not correctly handle ASN.1 data. This would allow an
unauthenticated remote attacker to cause a denial of service (crash of
the KDC daemon) by sending maliciously crafted packets.

For the stable distribution (stretch), this problem has been fixed in
version 7.1.0+dfsg-13+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4056-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
December 07, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nova
CVE ID         : CVE-2017-16239
Debian Bug     : 882009

George Shuklin from servers.com discovered that Nova, a cloud
computing fabric controller, did not correctly enforce its image- or
hosts-filters. This allowed an authenticated user to bypass those
filters by simply rebuilding an instance.

For the stable distribution (stretch), this problem has been fixed in
version 2:14.0.0-4+deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1361 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 08 December 2017 - 06:56 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4057-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 08, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : erlang
CVE ID         : CVE-2017-1000385

It was discovered that the TLS server in Erlang is vulnerable to an
adaptive chosen ciphertext attack against RSA keys.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:17.3-dfsg-4+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 1:19.2.1+dfsg-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4058-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 08, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : optipng
CVE ID         : CVE-2017-16938 CVE-2017-1000229
Debian Bug     : 878839 882032

Two vulnerabilities were discovered in optipng, an advanced PNG
optimizer, which may result in denial of service or the execution of
arbitrary code if a malformed file is processed.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.7.5-1+deb8u2.

For the stable distribution (stretch), these problems have been fixed in
version 0.7.6-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4059-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 08, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxcursor
CVE ID         : CVE-2017-16612
Debian Bug     : 883792

It was discovered that libXcursor, a X cursor management library, is
prone to several heap overflows when parsing malicious files. An
attacker can take advantage of these flaws for arbitrary code execution,
if a user is tricked into processing a specially crafted cursor file.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:1.1.14-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.1.14-1+deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1362 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 09 December 2017 - 07:09 PM

New update versions for Stretch and Jessie. Open the News links for a full list of updated packages.

------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.3 released                          press@debian.org
December 9th, 2017           https://www.debian.o...2017/2017120902
------------------------------------------------------------------------


The Debian project is pleased to announce the third update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 8: 8.10 released                         press@debian.org
December 9th, 2017             https://www.debian.o...s/2017/20171209
------------------------------------------------------------------------


The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1363 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted 10 December 2017 - 08:16 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4060-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 09, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wireshark
CVE ID         : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084
                 CVE-2017-17085

It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA,
NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the
execution of arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.12.1+g01b65bf-4+deb8u12.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.6+g32dac6a-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4061-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 10, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:52.5.0-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:52.5.0-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4062-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 10, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2017-7843

It discovered that the Private Browsing mode in the Mozilla Firefox
web browser allowed to fingerprint a user across multiple sessions
via IndexedDB.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.5.2esr-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 52.5.2esr-1~deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1364 ONLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,372 posts

Posted Today, 07:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4063-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 11, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pdns-recursor
CVE ID         : CVE-2017-15120

Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance
resolving name server was susceptible to denial of service via a crafted
CNAME answer.

The oldstable distribution (jessie) is not affected.

For the stable distribution (stretch), this problem has been fixed in
version 4.0.4-1+deb9u3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
December 12, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
                 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
                 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
                 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
                 CVE-2017-15427

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15407

    Ned Williamson discovered an out-of-bounds write issue.

CVE-2017-15408

    Ke Liu discovered a heap overflow issue in the pdfium library.

CVE-2017-15409

    An out-of-bounds write issue was discovered in the skia library.

CVE-2017-15410

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15411

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15413

    Gaurav Dewan discovered a type confusion issue.

CVE-2017-15415

    Viktor Brange discovered an information disclosure issue.

CVE-2017-15416

    Ned Williamson discovered an out-of-bounds read issue.

CVE-2017-15417

    Max May discovered an information disclosure issue in the skia
    library.

CVE-2017-15418

    Kushal Arvind Shah discovered an uninitialized value in the skia
    library.

CVE-2017-15419

    Jun Kokatsu discoved an information disclosure issue.

CVE-2017-15420

    WenXu Wu discovered a URL spoofing issue.

CVE-2017-15423

    Greg Hudson discovered an issue in the boringssl library.

CVE-2017-15424

    Khalil Zhani discovered a URL spoofing issue.

CVE-2017-15425

    xisigr discovered a URL spoofing issue.

CVE-2017-15426

    WenXu Wu discovered a URL spoofing issue.

CVE-2017-15427

    Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in
version 63.0.3239.84-1~deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

2 user(s) are reading this topic

1 members, 1 guests, 0 anonymous users


    sunrat