Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1507 replies to this topic

#1501 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 22 November 2018 - 06:21 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4339-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 21, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ceph
Debian Bug     : 913909

The update for ceph issued as DSA-4339-1 caused a build regression for
the i386 builds. Updated packages are now available to address this
issue. For reference, the original advisory text follows.

Multiple vulnerabilities were discovered in Ceph, a distributed storage
and file system: The cephx authentication protocol was susceptible to
replay attacks and calculated signatures incorrectly, "ceph mon" did not
validate capabilities for pool operations (resulting in potential
corruption or deletion of snapshot images) and a format string
vulnerability in libradosstriper could result in denial of service.

For the stable distribution (stretch), this problem has been fixed in
version 10.2.11-2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1502 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 24 November 2018 - 10:02 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4343-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 23, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : liblivemedia
CVE ID         : CVE-2018-4013

It was discovered that a buffer overflow in liveMedia, a set of C++
libraries for multimedia streaming could result in the execution of
arbitrary code when parsing a malformed RTSP stream.

For the stable distribution (stretch), this problem has been fixed in
version 2016.11.28-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4344-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 24, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : roundcube
CVE ID         : CVE-2018-19206

Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, is prone to a cross-site scripting
vulnerability in handling invalid style tag content.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.3+dfsg.1-4+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1503 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 27 November 2018 - 06:29 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4345-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 27, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2018-14629 CVE-2018-16841 CVE-2018-16851

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2018-14629

    Florian Stuelpner discovered that Samba is vulnerable to
    infinite query recursion caused by CNAME loops, resulting in
    denial of service.

    https://www.samba.or...2018-14629.html

CVE-2018-16841

    Alex MacCuish discovered that a user with a valid certificate or
    smart card can crash the Samba AD DC's KDC when configured to accept
    smart-card authentication.

    https://www.samba.or...2018-16841.html

CVE-2018-16851

    Garming Sam of the Samba Team and Catalyst discovered a NULL pointer
    dereference vulnerability in the Samba AD DC LDAP server allowing a
    user able to read more than 256MB of LDAP entries to crash the Samba
    AD DC's LDAP server.

    https://www.samba.or...2018-16851.html

For the stable distribution (stretch), these problems have been fixed in
version 2:4.5.12+dfsg-2+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1504 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 29 November 2018 - 06:55 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4346-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 27, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service or the
execution of arbitrary code if a malformed Postscript file is processed
(despite the -dSAFER sandbox being enabled).

This update rebases ghostscript for stretch to the upstream version 9.26
which includes additional changes.

For the stable distribution (stretch), these problems have been fixed in
version 9.26~dfsg-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4347-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 29, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : perl
CVE ID         : CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314

Multiple vulnerabilities were discovered in the implementation of the
Perl programming language. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2018-18311

    Jayakrishna Menon and Christophe Hauser discovered an integer
    overflow vulnerability in Perl_my_setenv leading to a heap-based
    buffer overflow with attacker-controlled input.

CVE-2018-18312

    Eiichi Tsukata discovered that a crafted regular expression could
    cause a heap-based buffer overflow write during compilation,
    potentially allowing arbitrary code execution.

CVE-2018-18313

    Eiichi Tsukata discovered that a crafted regular expression could
    cause a heap-based buffer overflow read during compilation which
    leads to information leak.

CVE-2018-18314

    Jakub Wilk discovered that a specially crafted regular expression
    could lead to a heap-based buffer overflow.

For the stable distribution (stretch), these problems have been fixed in
version 5.24.1-3+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1505 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 01 December 2018 - 09:58 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4348-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 30, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737
                 CVE-2018-5407

Several local side channel attacks and a denial of service via large
Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets
Layer toolkit.

For the stable distribution (stretch), these problems have been fixed in
version 1.1.0j-1~deb9u1. Going forward, openssl security updates for
stretch will be based on the 1.1.0x upstream releases.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4349-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 30, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tiff
CVE ID         : CVE-2017-11613 CVE-2017-17095 CVE-2018-5784
                 CVE-2018-7456  CVE-2018-8905  CVE-2018-10963
CVE-2018-17101 CVE-2018-18557 CVE-2018-15209
CVE-2018-16335

Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed.

For the stable distribution (stretch), these problems have been fixed in
version 4.0.8-2+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1506 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 08 December 2018 - 06:40 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4350-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 06, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : policykit-1
CVE ID         : CVE-2018-19788
Debian Bug     : 915332

It was discovered that incorrect processing of very high UIDs in
Policykit, a framework for managing administrative policies and
privileges, could result in authentication bypass.

For the stable distribution (stretch), this problem has been fixed in
version 0.105-18+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4351-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 07, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libphp-phpmailer
CVE ID         : CVE-2018-19296
Debian Bug     : 913912

It was discovered that PHPMailer, a library to send email from PHP
applications, is prone to a PHP object injection vulnerability,
potentially allowing a remote attacker to execute arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 5.2.14+dfsg-2.3+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4352-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
December 07, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
                 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
                 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
                 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
                 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
                 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
                 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17480

    Guang Gong discovered an out-of-bounds write issue in the v8 javascript
    library.

CVE-2018-17481

    Several use-after-free issues were discovered in the pdfium library.

CVE-2018-18335

    A buffer overflow issue was discovered in the skia library.

CVE-2018-18336

    Huyna discovered a use-after-free issue in the pdfium library.

CVE-2018-18337

    cloudfuzzer discovered a use-after-free issue in blink/webkit.

CVE-2018-18338

    Zhe Jin discovered a buffer overflow issue in the canvas renderer.

CVE-2018-18339

    cloudfuzzer discovered a use-after-free issue in the WebAudio
    implementation.

CVE-2018-18340

    A use-after-free issue was discovered in the MediaRecorder implementation.

CVE-2018-18341

    cloudfuzzer discovered a buffer overflow issue in blink/webkit.

CVE-2018-18342

    Guang Gong discovered an out-of-bounds write issue in the v8 javascript
    library.

CVE-2018-18343

    Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18344

    Jann Horn discovered an error in the Extensions implementation.

CVE-2018-18345

    Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
    feature.

CVE-2018-18346

    Luan Herrera discovered an error in the user interface.

CVE-2018-18347

    Luan Herrera discovered an error in the Navigation implementation.

CVE-2018-18348

    Ahmed Elsobky discovered an error in the omnibox implementation.

CVE-2018-18349

    David Erceg discovered a policy enforcement error.

CVE-2018-18350

    Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18351

    Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18352

    Jun Kokatsu discovered an error in Media handling.

CVE-2018-18353

    Wenxu Wu discovered an error in the network authentication implementation.

CVE-2018-18354

    Wenxu Wu discovered an error related to integration with GNOME Shell.

CVE-2018-18355

    evil1m0 discovered a policy enforcement error.

CVE-2018-18356

    Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18357

    evil1m0 discovered a policy enforcement error.

CVE-2018-18358

    Jann Horn discovered a policy enforcement error.

CVE-2018-18359

    cyrilliu discovered an out-of-bounds read issue in the v8 javascript
    library.

Several additional security relevant issues are also fixed in this update
that have not yet received CVE identifiers.

For the stable distribution (stretch), these problems have been fixed in
version 71.0.3578.80-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1507 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 11 December 2018 - 06:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4353-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 10, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.0
CVE ID         : CVE-2018-14851 CVE-2018-14883 CVE-2018-17082
                 CVE-2018-19518 CVE-2018-19935

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: The EXIF module was susceptible to
denial of service/information disclosure when parsing malformed images,
the Apache module allowed cross-site-scripting via the body of a
"Transfer-Encoding: chunked" request and the IMAP extension performed
insufficient input validation which can result in the execution of
arbitrary shell commands in the imap_open() function and denial of
service in the imap_mail() function.

For the stable distribution (stretch), these problems have been fixed in
version 7.0.33-0+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1508 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,714 posts

Posted 15 December 2018 - 06:33 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4354-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 12, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492
                 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or bypass of the same-origin policy.

For the stable distribution (stretch), these problems have been fixed in
version 60.4.0esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users