sunrat Posted September 13, 2017 Share Posted September 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3971-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tcpdump CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Debian Bug : 867718 873804 873805 873806 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.9.2-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 4.9.2-1~deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.9.2-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 4.9.2-1 or earlier versions. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3972-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bluez CVE ID : CVE-2017-1000250 Debian Bug : 875633 An information disclosure vulnerability was discovered in the Service Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys. For the oldstable distribution (jessie), this problem has been fixed in version 5.23-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 5.43-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 14, 2017 Share Posted September 14, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3973-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress-shibboleth CVE ID : CVE-2017-14313 Debian Bug : 874416 A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress. For the oldstable distribution (jessie), this problem has been fixed in version 1.4-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.4-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 15, 2017 Share Posted September 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3974-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond September 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2017-7674 CVE-2017-7675 Debian Bug : 802312 Two issues were discovered in the Tomcat servlet and JSP engine. CVE-2017-7674 Rick Riemer discovered that the Cross-Origin Resource Sharing filter did not add a Vary header indicating possible different responses, which could lead to cache poisoning. CVE-2017-7675 (stretch only) Markus Dörschmidt found that the HTTP/2 implementation bypassed some security checks, thus allowing an attacker to conduct directory traversal attacks by using specially crafted URLs. For the oldstable distribution (jessie), these problems have been fixed in version 8.0.14-1+deb8u11. For the stable distribution (stretch), these problems have been fixed in version 8.5.14-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3975-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs25 CVE ID : CVE-2017-14482 Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients). For the stable distribution (stretch), this problem has been fixed in version 25.1+1-4+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 17, 2017 Share Posted September 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3976-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 17, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freexl CVE ID : CVE-2017-2923 CVE-2017-2924 Debian Bug : 875690 875691 Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened. For the oldstable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.4-1. Link to comment Share on other sites More sharing options...
sunrat Posted September 19, 2017 Share Posted September 19, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3977-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : newsbeuter CVE ID : CVE-2017-14500 Debian Bug : 876004 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbeuter. For the oldstable distribution (jessie), this problem has been fixed in version 2.8-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.9-5+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 2.9-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3978-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gdk-pixbuf CVE ID : CVE-2017-2862 Debian Bug : 874552 Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. For the oldstable distribution (jessie), this problem has been fixed in version 2.31.1-2+deb8u6. For the stable distribution (stretch), this problem has been fixed in version 2.36.5-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3979-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyjwt CVE ID : CVE-2017-11424 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. For the oldstable distribution (jessie), this problem has been fixed in version 0.2.1-1+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.4.2-1+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 20, 2017 Share Posted September 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3980-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2017-9798 Debian Bug : 876109 Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.10-10+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 2.4.25-3+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600 CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380 Debian Bug : 866511 875881 Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest. CVE-2017-7558 (stretch only) Stefano Brivio of Red Hat discovered that the SCTP subsystem is prone to a data leak vulnerability due to an out-of-bounds read flaw, allowing to leak up to 100 uninitialized bytes to userspace. CVE-2017-10661 (jessie only) Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially execute arbitrary code. CVE-2017-11600 Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. CVE-2017-12134 / #866511 / XSA-229 Jan H. Schoenherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: echo 2 > /sys/block/nvme0n1/queue/nomerges CVE-2017-12146 (stretch only) Adrian Salido of Google reported a race condition in access to the "driver_override" attribute for platform devices in sysfs. If unprivileged users are permitted to access this attribute, this might allow them to gain privileges. CVE-2017-12153 bo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability (in any user namespace with a wifi device) can use this to cause a denial of service. CVE-2017-12154 Jim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service. CVE-2017-14106 Andrey Konovalov discovered that a user-triggerable division by zero in the tcp_disconnect() function could result in local denial of service. CVE-2017-14140 Otto Ebeling reported that the move_pages() system call performed insufficient validation of the UIDs of the calling and target processes, resulting in a partial ASLR bypass. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set. CVE-2017-14156 "sohu0106" reported an information leak in the atyfb video driver. A local user with access to a framebuffer device handled by this driver could use this to obtain sensitive information. CVE-2017-14340 Richard Wareing discovered that the XFS implementation allows the creation of files with the "realtime" flag on a filesystem with no realtime device, which can result in a crash (oops). A local user with access to an XFS filesystem that does not have a realtime device can use this for denial of service. CVE-2017-14489 ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not properly validate the length of a netlink message, leading to memory corruption. A local user with permission to manage iSCSI devices can use this for denial of service or possibly to execute arbitrary code. CVE-2017-14497 (stretch only) Benjamin Poirier of SUSE reported that vnet headers are not properly handled within the tpacket_rcv() function in the raw packet (af_packet) feature. A local user with the CAP_NET_RAW capability can take advantage of this flaw to cause a denial of service (buffer overflow, and disk and memory corruption) or have other impact. CVE-2017-1000111 Andrey Konovalov of Google reported a race condition in the raw packet (af_packet) feature. Local users with the CAP_NET_RAW capability can use this for denial of service or possibly to execute arbitrary code. CVE-2017-1000112 Andrey Konovalov of Google reported a race condition flaw in the UDP Fragmentation Offload (UFO) code. A local user can use this flaw for denial of service or possibly to execute arbitrary code. CVE-2017-1000251 / #875881 Armis Labs discovered that the Bluetooth subsystem does not properly validate L2CAP configuration responses, leading to a stack buffer overflow. This is one of several vulnerabilities dubbed "Blueborne". A nearby attacker can use this to cause a denial of service or possibly to execute arbitrary code on a system with Bluetooth enabled. CVE-2017-1000252 (stretch only) Jan H. Schoenherr of Amazon reported that the KVM implementation for Intel x86 processors did not correctly validate interrupt injection requests. A local user with permission to use KVM could use this for denial of service. CVE-2017-1000370 The Qualys Research Labs reported that a large argument or environment list can result in ASLR bypass for 32-bit PIE binaries. CVE-2017-1000371 The Qualys Research Labs reported that a large argument orenvironment list can result in a stack/heap clash for 32-bit PIE binaries. CVE-2017-1000380 Alexander Potapenko of Google reported a race condition in the ALSA (sound) timer driver, leading to an information leak. A local user with permission to access sound devices could use this to obtain sensitive information. Debian disables unprivileged user namespaces by default, but if they are enabled (via the kernel.unprivileged_userns_clone sysctl) then CVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited by any local user. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.43-2+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 4.9.30-2+deb9u5. Link to comment Share on other sites More sharing options...
sunrat Posted September 22, 2017 Share Posted September 22, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2017-12837 CVE-2017-12883 Debian Bug : 875596 875597 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier. CVE-2017-12883 Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak. For the oldstable distribution (jessie), these problems have been fixed in version 5.20.2-3+deb8u9. For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u2. For the testing distribution (buster), these problems have been fixed in version 5.26.0-8. For the unstable distribution (sid), these problems have been fixed in version 5.26.0-8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3983-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encryption when following DFS redirects, which could allow a man-in-the-middle attacker to read or modify connections which were meant to be encrypted. CVE-2017-12163 Yihan Lian and Zhibin Hu discovered that insufficient range checks in the processing of SMB1 write requests could result in disclosure of server memory. For the oldstable distribution (jessie), these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u8. For the stable distribution (stretch), these problems have been fixed in version 2:4.5.8+dfsg-2+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted September 26, 2017 Share Posted September 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3984-1 security@debian.org https://www.debian.org/security/ Florian Weimer September 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has not been configured (however, the git-cvs package needs to be installed). In addition to fixing the actual bug, this update removes the cvsserver subcommand from git-shell by default. Refer to the updated documentation for instructions how to reenable in case this CVS functionality is still needed. For the oldstable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 1:2.11.0-3+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 1:2.14.2-1. Link to comment Share on other sites More sharing options...
sunrat Posted September 29, 2017 Share Posted September 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3985-1 security@debian.org https://www.debian.org/security/ Michael Gilbert September 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. CVE-2017-5113 A buffer overflow issue was discovered in the skia library. CVE-2017-5114 Ke Liu discovered a memory issue in the pdfium library. CVE-2017-5115 Marco Giovannini discovered a type confusion issue in the v8 javascript library. CVE-2017-5116 Guang Gong discovered a type confusion issue in the v8 javascript library. CVE-2017-5117 Tobias Klein discovered an uninitialized value in the skia library. CVE-2017-5118 WenXu Wu discovered a way to bypass the Content Security Policy. CVE-2017-5119 Another uninitialized value was discovered in the skia library. CVE-2017-5120 Xiaoyin Liu discovered a way downgrade HTTPS connections during redirection. CVE-2017-5121 Jordan Rabet discovered an out-of-bounds memory access in the v8 javascript library. CVE-2017-5122 Choongwoo Han discovered an out-of-bounds memory access in the v8 javascript library. For the stable distribution (stretch), these problems have been fixed in version 61.0.3163.100-1~deb9u1. For the testing distribution (buster), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 61.0.3163.100-1. Link to comment Share on other sites More sharing options...
sunrat Posted September 30, 2017 Share Posted September 30, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3986-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ghostscript CVE ID : CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2017-11714 Debian Bug : 869907 869910 869913 869915 869916 869917 869977 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed. For the oldstable distribution (jessie), these problems have been fixed in version 9.06~dfsg-2+deb8u6. For the stable distribution (stretch), these problems have been fixed in version 9.20~dfsg-3.2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3987-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware protection feature. For the oldstable distribution (jessie), these problems have been fixed in version 52.4.0esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.4.0esr-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3988-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libidn2-0 CVE ID : CVE-2017-14062 Debian Bug : 873902 An integer overflow vulnerability was discovered in decode_digit() in libidn2-0, the GNU library for Internationalized Domain Names (IDNs), allowing a remote attacker to cause a denial of service against an application using the library (application crash). For the oldstable distribution (jessie), this problem has been fixed in version 0.10-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 0.16-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 2.0.2-4. For the unstable distribution (sid), this problem has been fixed in version 2.0.2-4. Link to comment Share on other sites More sharing options...
sunrat Posted October 6, 2017 Share Posted October 6, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3989-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dnsmasq CVE ID : CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 2.72-3+deb8u2. For the stable distribution (stretch), these problems have been fixed in version 2.76-5+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3990-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk CVE ID : CVE-2017-14603 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details. For the oldstable distribution (jessie), this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1:13.14.1~dfsg-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3991-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2017-9375 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167 Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-12809 Denial of service in the CDROM device drive emulation. CVE-2017-13672 Denial of service in VGA display emulation. CVE-2017-13711 Denial of service in SLIRP networking support. CVE-2017-14167 Incorrect validation of multiboot headers could result in the execution of arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3992-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 06, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 Debian Bug : 871554 871555 877671 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP(S) server can take advantage of this flaw by redirecting a client using the cURL library to a crafted TFTP URL and trick it to send private memory contents to a remote server over UDP. CVE-2017-1000101 Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw in the globbing function that parses the numerical range, leading to an out-of-bounds read when parsing a specially crafted URL. CVE-2017-1000254 Max Dymond reported that cURL contains an out-of-bounds read flaw in the FTP PWD response parser. A malicious server can take advantage of this flaw to effectively prevent a client using the cURL library to work with it, causing a denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u6. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3993-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 06, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : CVE-2017-0380 It was discovered that the Tor onion service could leak sensitive information to log files if the "SafeLogging" option is set to "0". The oldstable distribution (jessie) is not affected. For the stable distribution (stretch), this problem has been fixed in version 0.2.9.12-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 8, 2017 Share Posted October 8, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3994-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nautilus CVE ID : CVE-2017-14604 Debian Bug : 860268 Christian Boxdörfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user would then trust it and open the file, and Nautilus would in turn execute the malicious content. Nautilus protection of only trusting .desktop files with executable permission can be bypassed by shipping the .desktop file inside a tarball. For the oldstable distribution (jessie), this problem has not been fixed yet. For the stable distribution (stretch), this problem has been fixed in version 3.22.3-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 3.26.0-1. For the unstable distribution (sid), this problem has been fixed in version 3.26.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 11, 2017 Share Posted October 11, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3995-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxfont CVE ID : CVE-2017-13720 CVE-2017-13722 Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure. For the oldstable distribution (jessie), these problems have been fixed in version 1:1.5.1-1+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:2.0.1-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3996-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-14767 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed. For the stable distribution (stretch), these problems have been fixed in version 7:3.2.8-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3997-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2017-14718 CVE-2017-14719 CVE-2017-14720 CVE-2017-14721 CVE-2017-14722 CVE-2017-14723 CVE-2017-14724 CVE-2017-14725 CVE-2017-14726 CVE-2017-14990 Debian Bug : 876274 877629 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. For the oldstable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u15. For the stable distribution (stretch), these problems have been fixed in version 4.7.5+dfsg-2+deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.8.2+dfsg-2. For the unstable distribution (sid), these problems have been fixed in version 4.8.2+dfsg-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3998-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2017-7805 Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 2:3.26-1+debu8u3. For the stable distribution (stretch), this problem has been fixed in version 2:3.26.2-1.1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 2:3.33-1. For the unstable distribution (sid), this problem has been fixed in version 2:3.33-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 16, 2017 Share Posted October 16, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3999-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wpa CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. More information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake CVE-2017-13078: reinstallation of the group key in the Four-way handshake CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake CVE-2017-13080: reinstallation of the group key in the Group Key handshake CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. Link to comment Share on other sites More sharing options...
sunrat Posted October 19, 2017 Share Posted October 19, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4000-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 2:1.16.4-1+deb8u2. For the stable distribution (stretch), these problems have been fixed in version 2:1.19.2-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4001-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : yadifa CVE ID : CVE-2017-14339 Debian Bug : 876315 It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop. For the stable distribution (stretch), this problem has been fixed in version 2.2.3-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Debian Bug : 878402 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html For the oldstable distribution (jessie), these problems have been fixed in version 5.5.58-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4003-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvirt CVE ID : CVE-2017-1000256 Debian Bug : 878799 Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify (and related) parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned off and ignoring any errors while validating the server certificate. More informations in https://security.libvirt.org/2017/0002.html . For the stable distribution (stretch), this problem has been fixed in version 3.0.0-4+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 3.8.0-3. Link to comment Share on other sites More sharing options...
sunrat Posted October 20, 2017 Share Posted October 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4004-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackson-databind CVE ID : CVE-2017-7525 Debian Bug : 870848 Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.8.6-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4005-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjfx CVE ID : CVE-2017-10086 CVE-2017-10114 Two unspecified vulnerabilities were discovered in OpenJFX, a rich client application platform for Java. For the stable distribution (stretch), these problems have been fixed in version 8u141-b14-3~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted October 25, 2017 Share Posted October 25, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4006-1 security@debian.org https://www.debian.org/security/ October 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Debian Bug : 877379 879055 Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code. CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687 WangLin discovered that a crafted .xps file can crash MuPDF and potentially execute arbitrary code in several ways, since the application makes unchecked assumptions on the entry format. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file. For the stable distribution (stretch), these problems have been fixed in version 1.9a+ds1-4+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted October 29, 2017 Share Posted October 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4007-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini October 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2017-1000257 Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read. For the oldstable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u7. For the stable distribution (stretch), this problem has been fixed in version 7.52.1-5+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 7.56.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4008-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wget CVE ID : CVE-2017-13089 CVE-2017-13090 Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server. For the oldstable distribution (jessie), these problems have been fixed in version 1.16-1+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1.18-5+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted October 30, 2017 Share Posted October 30, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4009-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shadowsocks-libev CVE ID : CVE-2017-15924 Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. For the stable distribution (stretch), this problem has been fixed in version 2.6.3+ds-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git-annex CVE ID : CVE-2017-12976 Debian Bug : 873088 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. For the oldstable distribution (jessie), this problem has been fixed in version 5.20141125+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 6.20170101-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4011-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga CVE ID : CVE-2017-16227 Debian Bug : 879474 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. For the oldstable distribution (jessie), this problem has been fixed in version 0.99.23.1-1+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1.1.1-3+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 1, 2017 Share Posted November 1, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4013-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjpeg2 CVE ID : CVE-2016-1628 CVE-2016-5152 CVE-2016-5157 CVE-2016-9118 CVE-2016-10504 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14151 CVE-2017-14152 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-2+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 2.1.2-1.1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4014-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 1:52.4.0-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:52.4.0-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 3, 2017 Share Posted November 3, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4015-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection. For the stable distribution (stretch), these problems have been fixed in version 8u151-b12-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4016-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : irssi CVE ID : CVE-2017-10965 CVE-2017-10966 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 Debian Bug : 867598 879521 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with invalid time stamps. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-10966 Brian 'geeknik' Carpenter of Geeknik Labs discovered that Irssi is susceptible to a use-after-free flaw triggered while updating the internal nick list. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-15227 Joseph Bisch discovered that while waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-15228 Hanno Boeck reported that Irssi does not properly handle installing themes with unterminated colour formatting sequences, leading to a denial of service if a user is tricked into installing a specially crafted theme. CVE-2017-15721 Joseph Bisch discovered that Irssi does not properly handle incorrectly formatted DCC CTCP messages. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-15722 Joseph Bisch discovered that Irssi does not properly verify Safe channel IDs. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-15723 Joseph Bisch reported that Irssi does not properly handle overlong nicks or targets resulting in a NULL pointer dereference when splitting the message and leading to a denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 0.8.17-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966 were already fixed in an earlier point release. Link to comment Share on other sites More sharing options...
sunrat Posted November 4, 2017 Share Posted November 4, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4017-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl1.0 CVE ID : CVE-2017-3735 CVE-2017-3736 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt For the stable distribution (stretch), these problems have been fixed in version 1.0.2l-2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.2m-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4018-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2017-3735 CVE-2017-3736 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt For the oldstable distribution (jessie), CVE-2017-3735 has been fixed in version 1.0.1t-1+deb8u7. The oldstable distribution is not affected by CVE-2017-3736. For the stable distribution (stretch), these problems have been fixed in version 1.1.0f-3+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.1.0g-1. Link to comment Share on other sites More sharing options...
sunrat Posted November 6, 2017 Share Posted November 6, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4019-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434 CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 Debian Bug : 870526 870491 870116 870111 870109 870106 870119 870105 870065 870014 869210 870067 870012 869834 869830 869827 868950 869728 869712 869715 869713 867778 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed. For the stable distribution (stretch), this problem has been fixed in version 8:6.9.7.4+dfsg-11+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted November 7, 2017 Share Posted November 7, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4020-1 security@debian.org https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release (jessie), Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release (stretch), Debian 9. An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time. CVE-2017-5124 A cross-site scripting issue was discovered in MHTML. CVE-2017-5125 A heap overflow issue was discovered in the skia library. CVE-2017-5126 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5127 Luat Nguyen discovered another use-after-free issue in the pdfium library. CVE-2017-5128 Omair discovered a heap overflow issue in the WebGL implementation. CVE-2017-5129 Omair discovered a use-after-free issue in the WebAudio implementation. CVE-2017-5131 An out-of-bounds write issue was discovered in the skia library. CVE-2017-5132 Guarav Dewan discovered an error in the WebAssembly implementation. CVE-2017-5133 Aleksandar Nikolic discovered an out-of-bounds write issue in the skia library. CVE-2017-15386 WenXu Wu discovered a user interface spoofing issue. CVE-2017-15387 Jun Kokatsu discovered a way to bypass the content security policy. CVE-2017-15388 Kushal Arvind Shah discovered an out-of-bounds read issue in the skia library. CVE-2017-15389 xisigr discovered a URL spoofing issue. CVE-2017-15390 Haosheng Wang discovered a URL spoofing issue. CVE-2017-15391 Joao Lucas Melo Brasio discovered a way for an extension to bypass its limitations. CVE-2017-15392 Xiaoyin Liu discovered an error the implementation of registry keys. CVE-2017-15393 Svyat Mitin discovered an issue in the devtools. CVE-2017-15394 Sam discovered a URL spoofing issue. CVE-2017-15395 Johannes Bergman discovered a null pointer dereference issue. CVE-2017-15396 Yuan Deng discovered a stack overflow issue in the v8 javascript library. For the oldstable distribution (jessie), security support for chromium has been discontinued. For the stable distribution (stretch), these problems have been fixed in version 62.0.3202.75-1~deb9u1. For the testing distribution (buster), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 62.0.3202.75-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4021-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2017-14635 It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics. For the oldstable distribution (jessie), this problem has been fixed in version 3.3.18-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 5.0.16-1+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted November 8, 2017 Share Posted November 8, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : slurm-llnl CVE ID : CVE-2017-15566 Debian Bug : 880530 Ryan Day discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use. For the stable distribution (stretch), this problem has been fixed in version 16.05.9-1+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 17.02.9-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4024-1 security@debian.org https://www.debian.org/security/ Michael Gilbert November 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-15398 CVE-2017-15399 Several vulnerabilities have been discovered in the chromium browser. CVE-2017-15398 Ned Williamson discovered a stack overflow issue. CVE-2017-15399 Zhao Qixun discovered a use-after-free issue in the v8 javascript library. For the oldstable distribution (jessie), security support for chromium has been discontinued. For the stable distribution (stretch), these problems have been fixed in version 62.0.3202.89-1~deb9u1. For the testing distribution (buster), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 62.0.3202.89-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4022-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2017-12607 CVE-2017-12608 Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For the oldstable distribution (jessie), these problems have been fixed in version 1:4.3.3-2+deb8u9. These vulnerabilities were fixed in Libreoffice 5.0.2, so the version in the stable distribution (stretch) is not affected. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4025-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpam4j CVE ID : CVE-2017-12197 It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in. For the oldstable distribution (jessie), this problem has been fixed in version 1.4-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.4-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 10, 2017 Share Posted November 10, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4026-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bchunk CVE ID : CVE-2017-15953 CVE-2017-15954 CVE-2017-15955 Debian Bug : 880116 Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2017-16651 A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube's configuration files. For the stable distribution (stretch), this problem has been fixed in version 1.2.3+dfsg.1-4+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1.3.3+dfsg.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4027-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2017-15098 A vulnerabilitiy has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions. For the oldstable distribution (jessie), this problem has been fixed in version 9.4.15-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4028-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2017-15098 CVE-2017-15099 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE" statements. For the stable distribution (stretch), these problems have been fixed in version 9.6.6-0+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4029-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-common CVE ID : CVE-2017-8806 It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files. For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 181+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 security@debian.org https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2017-15587 Debian Bug : 879055 It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file. For the oldstable distribution (jessie), this problem has been fixed in version 1.5-1+deb8u3. For the stable distribution (stretch), this problem have been fixed in version 1.9a+ds1-4+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted November 13, 2017 Share Posted November 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.3 CVE ID : CVE-2017-0898 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 Debian Bug : 875928 875931 875936 879231 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in heap memory corruption or information disclosure from the heap. CVE-2017-0903 Max Justicz reported that RubyGems is prone to an unsafe object deserialization vulnerability. When parsed by an application which processes gems, a specially crafted YAML formatted gem specification can lead to remote code execution. CVE-2017-10784 Yusuke Endoh discovered an escape sequence injection vulnerability in the Basic authentication of WEBrick. An attacker can take advantage of this flaw to inject malicious escape sequences to the WEBrick log and potentially execute control characters on the victim's terminal emulator when reading logs. CVE-2017-14033 asac reported a buffer underrun vulnerability in the OpenSSL extension. A remote attacker can take advantage of this flaw to cause the Ruby interpreter to crash leading to a denial of service. For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4032-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-12983 CVE-2017-13134 CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989 CVE-2017-15277 Debian Bug : 873134 873099 878508 878507 876097 878527 876488 878562 878578 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed. For the stable distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u3. Link to comment Share on other sites More sharing options...
sunrat Posted November 15, 2017 Share Posted November 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4033-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : konversation CVE ID : CVE-2017-15923 Debian Bug : 881586 Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat (IRC) client for KDE, could crash when parsing certain IRC color formatting codes. For the oldstable distribution (jessie), this problem has been fixed in version 1.5-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.6.2-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 15, 2017 Share Posted November 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4034-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : varnish CVE ID : CVE-2017-8807 Debian Bug : 881808 'shamger' and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service. See https://varnish-cache.org/security/VSV00002.html for details. For the stable distribution (stretch), this problem has been fixed in version 5.0.0-7+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4035-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. For the oldstable distribution (jessie), these problems have been fixed in version 52.5.0esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.5.0esr-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4036-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815 Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work: CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. CVE-2017-8809 Reflected file download in API. CVE-2017-8810 On private wikis the login form didn't distinguish between login failure due to bad username and bad password. CVE-2017-8811 It was possible to mangle HTML via raw message parameter expansion. CVE-2017-8812 id attributes in headlines allowed raw '>'. CVE-2017-8814 Language converter could be tricked into replacing text inside tags. CVE-2017-8815 Unsafe attribute injection via glossary rules in language converter. For the stable distribution (stretch), these problems have been fixed in version 1:1.27.4-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 17, 2017 Share Posted November 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackson-databind CVE ID : CVE-2017-15095 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.8.6-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4038-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shibboleth-sp2 CVE ID : CVE-2017-16852 Debian Bug : 881857 Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.6.0+dfsg1-4+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4039-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : opensaml2 CVE ID : CVE-2017-16853 Debian Bug : 881856 Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.6.0-4+deb9u1. Link to comment Share on other sites More sharing options...
Recommended Posts