sunrat Posted January 30, 2018 Share Posted January 30, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4099-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2017-17081 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (stretch), this problem has been fixed in version 7:3.2.10-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4100-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2017-9935 CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-18013 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 4.0.8-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4101-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 28, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version (1.12.1+g01b65bf-4+deb8u13. For the stable distribution (stretch), these problems have been fixed in version 2.2.6+g32dac6a-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4094-2 security@debian.org https://www.debian.org/security/ January 30, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : smarty3 CVE ID : CVE-2017-1000480 Debian Bug : 886460 Côme Chilliet from the FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows. It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. For the oldstable distribution (jessie), this problem has been fixed in version 3.1.21-1+deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4102-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. For the oldstable distribution (jessie), these problems have been fixed in version 1:52.6.0-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:52.6.0-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 1, 2018 Share Posted February 1, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4103-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 31, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. CVE-2018-6032 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6033 Juho Nurminen discovered a race condition when opening downloaded files. CVE-2018-6034 Tobias Klein discovered an integer overflow issue. CVE-2018-6035 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6036 UK's National Cyper Security Centre discovered an integer overflow issue. CVE-2018-6037 Paul Stone discovered an issue in the autofill feature. CVE-2018-6038 cloudfuzzer discovered a buffer overflow issue. CVE-2018-6039 Juho Nurminen discovered a cross-site scripting issue in the developer tools. CVE-2018-6040 WenXu Wu discovered a way to bypass the content security policy. CVE-2018-6041 Luan Herrera discovered a URL spoofing issue. CVE-2018-6042 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6043 A character escaping issue was discovered. CVE-2018-6045 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6046 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6047 Masato Kinugawa discovered an information leak issue. CVE-2018-6048 Jun Kokatsu discoverd a way to bypass the referrer policy. CVE-2018-6049 WenXu Wu discovered a user interface spoofing issue. CVE-2018-6050 Jonathan Kew discovered a URL spoofing issue. CVE-2018-6051 Anonio Sanso discovered an information leak issue. CVE-2018-6052 Tanner Emek discovered that the referrer policy implementation was incomplete. CVE-2018-6053 Asset Kabdenov discoved an information leak issue. CVE-2018-6054 Rob Wu discovered a use-after-free issue. For the oldstable distribution (jessie), security support for chromium has been discontinued. For the stable distribution (stretch), these problems have been fixed in version 64.0.3282.119-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 5, 2018 Share Posted February 5, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4104-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : p7zip CVE ID : CVE-2017-17969 Debian Bug : 888297 'landave' discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed. For the oldstable distribution (jessie), this problem has been fixed in version 9.20.1~dfsg.1-4.1+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 16.02+dfsg-3+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 7, 2018 Share Posted February 7, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4105-1 security@debian.org https://www.debian.org/security/ February 06, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mpv CVE ID : CVE-2018-6360 Debian Bug : 888654 It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user. For the stable distribution (stretch), this problem has been fixed in version 0.23.0-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4106-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-6 CVE ID : CVE-2017-10790 CVE-2018-6003 Debian Bug : 867398 Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. For the stable distribution (stretch), these problems have been fixed in version 4.10-1.1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4107-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : django-anymail CVE ID : CVE-2018-6596 Debian Bug : 889450 It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events. For the stable distribution (stretch), this problem has been fixed in version 0.8-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 10, 2018 Share Posted February 10, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4105-2 security@debian.org https://www.debian.org/security/ February 08, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mpv CVE ID : CVE-2018-6360 Debian Bug : 889892 A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows. It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user. For the stable distribution (stretch), this problem has been fixed in version 0.23.0-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4108-1 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst February 09, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mailman CVE ID : CVE-2018-5950 Debian Bug : 888201 Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. For the oldstable distribution (jessie), this problem has been fixed in version 2.1.18-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.1.23-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4109-1 security@debian.org https://www.debian.org/security/ February 09, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-omniauth CVE ID : CVE-2017-18076 Debian Bug : 888523 Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token. For the oldstable distribution (jessie), this problem has been fixed in version 1.2.1-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.3.1-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4110-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 10, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2018-6789 Debian Bug : 890000 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. For the oldstable distribution (jessie), this problem has been fixed in version 4.84.2-2+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 4.89-2+deb9u3. Link to comment Share on other sites More sharing options...
sunrat Posted February 13, 2018 Share Posted February 13, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4111-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 11, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2018-6871 Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document. For the stable distribution (stretch), this problem has been fixed in version 1:5.2.7-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4111-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2018-6871 Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document. For the oldstable distribution (jessie), this problem has been fixed in version 1:4.3.3-2+deb8u10 Link to comment Share on other sites More sharing options...
sunrat Posted February 16, 2018 Share Posted February 16, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4112-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-17563 Jan Beulich discovered that an incorrect reference count overflow check in x86 shadow mode may result in denial of service or privilege escalation. CVE-2017-17564 Jan Beulich discovered that improper x86 shadow mode reference count error handling may result in denial of service or privilege escalation. CVE-2017-17565 Jan Beulich discovered that an incomplete bug check in x86 log-dirty handling may result in denial of service. CVE-2017-17566 Jan Beulich discovered that x86 PV guests may gain access to internally used pages which could result in denial of service or potential privilege escalation. In addition this update ships the "Comet" shim to address the Meltdown class of vulnerabilities for guests with legacy PV kernels. In addition, the package provides the "Xen PTI stage 1" mitigation which is built-in and enabled by default on Intel systems, but can be disabled with `xpti=false' on the hypervisor command line (It does not make sense to use both xpti and the Comet shim.) Please refer to the following URL for more details on how to configure individual mitigation strategies: https://xenbits.xen.org/xsa/advisory-254.html Additional information can also be found in README.pti and README.comet. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4113-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvorbis CVE ID : CVE-2017-14632 CVE-2017-14633 Two vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed. For the stable distribution (stretch), these problems have been fixed in version 1.3.5-4+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4114-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackson-databind CVE ID : CVE-2017-17485 CVE-2018-5968 Debian Bug : 888316 888318 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. For the oldstable distribution (jessie), these problems have been fixed in version 2.4.2-2+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4115-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga CVE ID : CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attribute length is invalid. A configured BGP peer can take advantage of this bug to read memory from the bgpd process or cause a denial of service (daemon crash). https://www.quagga.net/security/Quagga-2018-0543.txt CVE-2018-5379 It was discovered that the Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes, resulting in a denial of service (bgpd daemon crash). https://www.quagga.net/security/Quagga-2018-1114.txt CVE-2018-5380 It was discovered that the Quagga BGP daemon, bgpd, does not properly handle internal BGP code-to-string conversion tables. https://www.quagga.net/security/Quagga-2018-1550.txt CVE-2018-5381 It was discovered that the Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface). https://www.quagga.net/security/Quagga-2018-1975.txt For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2018 Share Posted February 17, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4116-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : plasma-workspace CVE ID : CVE-2018-6791 Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted. For the stable distribution (stretch), this problem has been fixed in version 4:5.8.6-2.1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4117-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gcc-4.9 CVE ID : not applicable This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the oldstable distribution (jessie), this problem has been fixed in version 4.9.2-10+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4118-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat-native CVE ID : CVE-2017-15698 Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If OCSP checks are used, this could result in client certificates that should have been rejected to be accepted. For the oldstable distribution (jessie), this problem has been fixed in version 1.1.32~repack-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.2.12-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 20, 2018 Share Posted February 20, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4119-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav CVE ID : CVE-2017-16803 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12 For the oldstable distribution (jessie), this problem has been fixed in version 6:11.12-1~deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 24, 2018 Share Posted February 24, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4121-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gcc-6 CVE ID : not applicable This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the stable distribution (stretch), this problem has been fixed in version 6.3.0-18+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4120-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez February 22, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-5715 CVE-2017-5754 CVE-2017-13166 CVE-2018-5750 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated in the Linux kernel for the Intel x86-64 architecture by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel on the powerpc/ppc64el architectures by flushing the L1 data cache on exit from kernel mode to user mode (or from hypervisor to kernel). This works on Power7, Power8 and Power9 processors. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 IOCTL handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing . This bug could be exploited by an attacker to overwrite kernel memory from an unprivileged userland process, leading to privilege escalation. CVE-2018-5750 An information leak has been found in the Linux kernel. The acpi_smbus_hc_add() prints a kernel address in the kernel log at every boot, which could be used by an attacker on the system to defeat kernel ASLR. Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated in the Linux kernel architecture by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. For the stable distribution (stretch), these problems have been fixed in version 4.9.82-1+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4122-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squid3 CVE ID : CVE-2018-1000024 CVE-2018-1000027 Debian Bug : 888719 888720 Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote server delivering certain ESI response syntax can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service. This problem is limited to the Squid custom ESI parser. http://www.squid-cache.org/Advisories/SQUID-2018_1.txt CVE-2018-1000027 Louis Dion-Marcil discovered that Squid is prone to a denial of service vulnerability when processing ESI responses or downloading intermediate CA certificates. A remote attacker can take advantage of this flaw to cause a denial of service for all clients accessing the Squid service. http://www.squid-cache.org/Advisories/SQUID-2018_2.txt For the oldstable distribution (jessie), these problems have been fixed in version 3.4.8-6+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 3.5.23-5+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 27, 2018 Share Posted February 27, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 24, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : not yet available Debian Bug : 891154 891153 891152 891150 Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001 For the oldstable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u2. 1 Link to comment Share on other sites More sharing options...
sunrat Posted February 27, 2018 Share Posted February 27, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4124-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lucene-solr CVE ID : CVE-2017-3163 CVE-2017-12629 Two vulnerabilities have been found in Solr, a search server based on Lucene, which could result in the execution of arbitrary code or path traversal. For the oldstable distribution (jessie), these problems have been fixed in version 3.6.2+dfsg-5+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 3.6.2+dfsg-10+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4125-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wavpack CVE ID : CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 Debian Bug : 889274 889276 889559 Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution. For the stable distribution (stretch), these problems have been fixed in version 5.0.0-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4126-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xmltooling CVE ID : CVE-2018-0489 Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt For the oldstable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 1.6.0-4+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 2, 2018 Share Posted March 2, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : simplesamlphp CVE ID : CVE-2017-12867 CVE-2017-12869 CVE-2017-12873 CVE-2017-12874 CVE-2017-18121 CVE-2017-18122 CVE-2018-6519 CVE-2018-6521 Debian Bug : 889286 Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth module, attackers can bypass authentication context restrictions and use any authentication source defined in the config. CVE-2017-12873 Defensive measures have been taken to prevent the administrator from misconfiguring persistent NameIDs to avoid identifier clash. (Affects Debian 8 Jesse only.) CVE-2017-12874 The InfoCard module could accept incorrectly signed XML messages in rare occasions. CVE-2017-18121 The consentAdmin module was vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary Javascript code in the victim's browser. CVE-2017-18122 The (deprecated) SAML 1.1 implementation would regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions was valid, allowing an attacker that could obtain a valid signed assertion from an IdP to impersonate users from that IdP. CVE-2018-6519 Regular expression denial of service when parsing extraordinarily long timestamps. CVE-2018-6521 Change sqlauth module MySQL charset from utf8 to utf8mb to prevent theoretical query truncation that could allow remote attackers to bypass intended access restrictions SSPSA-201802-01 (no CVE yet) Critical signature validation vulnerability. For the oldstable distribution (jessie), these problems have been fixed in version 1.13.1-2+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.14.11-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : trafficserver CVE ID : CVE-2017-5660 CVE-2017-7671 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. For the stable distribution (stretch), these problems have been fixed in version 7.0.0-6+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4129-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freexl CVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438 CVE-2018-7439 Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted March 4, 2018 Share Posted March 4, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4120-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux Debian Bug : 891249 The security update announced as DSA-4120-1 caused regressions on the powerpc kernel architecture (random programs segfault, data corruption). Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 4.9.82-1+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4131-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially privilege escalation. CVE-2018-7542 Ian Jackson discovered that insufficient handling of x86 PVH guests without local APICs may result in guest-to-host denial of service. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4132-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvpx CVE ID : CVE-2017-13194 It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 1.3.0-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.6.1-3+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 10, 2018 Share Posted March 10, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4133-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 07, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : isc-dhcp CVE ID : CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 Debian Bug : 887413 891785 891786 Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaustion of the pool of socket descriptors available to the DHCP server, resulting in denial of service. CVE-2018-5732 Felix Wilhelm of the Google Security Team discovered that the DHCP client is prone to an out-of-bound memory access vulnerability when processing specially constructed DHCP options responses, resulting in potential execution of arbitrary code by a malicious DHCP server. CVE-2018-5733 Felix Wilhelm of the Google Security Team discovered that the DHCP server does not properly handle reference counting when processing client requests. A malicious client can take advantage of this flaw to cause a denial of service (dhcpd crash) by sending large amounts of traffic. For the oldstable distribution (jessie), these problems have been fixed in version 4.3.1-6+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 4.3.5-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4134-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : util-linux CVE ID : CVE-2018-7738 Debian Bug : 892179 Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present. For the stable distribution (stretch), this problem has been fixed in version 2.29.2-1+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 10, 2018 Share Posted March 10, 2018 ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 9: 9.4 released press@debian.org March 10th, 2018 https://www.debian.org/News/2018/20180310 ------------------------------------------------------------------------ The Debian project is pleased to announce the fourth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Link to comment Share on other sites More sharing options...
sunrat Posted March 13, 2018 Share Posted March 13, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4135-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 13, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2018-1050 CVE-2018-1057 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. https://www.samba.org/samba/security/CVE-2018-1050.html CVE-2018-1057 Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users. https://www.samba.org/samba/security/CVE-2018-1057.html https://wiki.samba.org/index.php/CVE-2018-1057 For the oldstable distribution (jessie), CVE-2018-1050 will be addressed in a later update. Unfortunately the changes required to fix CVE-2018-1057 for Debian oldstable are too invasive to be backported. Users using Samba as an AD-compatible domain controller are encouraged to apply the workaround described in the Samba wiki and upgrade to Debian stretch. For the stable distribution (stretch), these problems have been fixed in version 2:4.5.12+dfsg-2+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted March 15, 2018 Share Posted March 15, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4136-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 14, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of the URL contains a "%00" sequence. CVE-2018-1000121 Dario Weisser discovered that curl might dereference a near-NULL address when getting an LDAP URL due to the ldap_get_attribute_ber() fuction returning LDAP_SUCCESS and a NULL pointer. A malicious server might cause libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs to crash. CVE-2018-1000122 OSS-fuzz, assisted by Max Dymond, discovered that curl could be tricked into copying data beyond the end of its heap based buffer when asked to transfer an RTSP URL. For the oldstable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u10. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4137-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvirt CVE ID : CVE-2018-1064 CVE-2018-5748 CVE-2018-6764 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service. CVE-2018-5748 Daniel Berrange and Peter Krempa that the QEMU monitor was suspectible to denial of service by memory exhaustion. This was already fixed in Debian stretch and only affects Debian jessie. CVE-2018-6764 Pedro Sampaio discovered that LXC containes detected the hostname insecurely. This only affects Debian stretch. For the oldstable distribution (jessie), these problems have been fixed in version 1.2.9-9+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 3.0.0-4+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4138-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mbedtls CVE ID : CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 Debian Bug : 890287 890288 Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 2.4.2-1+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted March 16, 2018 Share Posted March 16, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4139-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. For the oldstable distribution (jessie), these problems have been fixed in version 52.7.1esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.7.1esr-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4140-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvorbis CVE ID : CVE-2018-5146 Debian Bug : 893130 Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 1.3.4-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.3.5-4+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4141-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvorbisidec CVE ID : CVE-2018-5147 Debian Bug : 893132 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. For the oldstable distribution (jessie), this problem has been fixed in version 1.0.2+svn18153-1~deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.0.2+svn18153-1+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 18, 2018 Share Posted March 18, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4142-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 17, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : uwsgi CVE ID : CVE-2018-7490 Debian Bug : 891639 Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory. For the oldstable distribution (jessie), this problem has been fixed in version 2.0.7-1+deb8u2. This update additionally includes the fix for CVE-2018-6758 which was aimed to be addressed in the upcoming jessie point release. For the stable distribution (stretch), this problem has been fixed in version 2.0.14+20161117-3+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4143-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2018-5146 CVE-2018-5147 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 52.7.2esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.7.2esr-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4144-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. For the stable distribution (stretch), these problems have been fixed in version 8u162-b12-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 19, 2018 Share Posted March 19, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4145-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gitlab CVE ID : CVE-2017-0915 CVE-2017-0916 CVE-2017-0917 CVE-2017-0918 CVE-2017-0925 CVE-2017-0926 CVE-2018-3710 Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0915 / CVE-2018-3710 Arbitrary code execution in project import. CVE-2017-0916 Command injection via Webhooks. CVE-2017-0917 Cross-site scripting in CI job output. CVE-2017-0918 Insufficient restriction of CI runner for project cache access. CVE-2017-0925 Information disclosure in Services API. CVE-2017-0926 Restrictions for disabled OAuth providers could be bypassed. For the stable distribution (stretch), these problems have been fixed in version 8.13.11+dfsg1-8+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 20, 2018 Share Posted March 20, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : plexus-utils CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. For the oldstable distribution (jessie), this problem has been fixed in version 1:1.5.15-4+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1:1.5.15-4+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 23, 2018 Share Posted March 23, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4147-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 21, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : polarssl CVE ID : CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 Debian Bug : 890287 890288 Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 1.3.9-2.1+deb8u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4148-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kamailio CVE ID : CVE-2018-8828 Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 4.2.0-2+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 4.4.4-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4149-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : plexus-utils2 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. For the oldstable distribution (jessie), this problem has been fixed in version 3.0.15-1+deb8u1. For the stable distribution (stretch), this problem has been prior to the initial release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4150-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 23, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2017-15422 It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 52.1-8+deb8u7. For the stable distribution (stretch), this problem has been fixed in version 57.1-6+deb9u2. Link to comment Share on other sites More sharing options...
sunrat Posted March 26, 2018 Share Posted March 26, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4151-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : librelp CVE ID : CVE-2018-1000140 Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate. Details can be found in the upstream advisory: http://www.rsyslog.com/cve-2018-1000140/ For the oldstable distribution (jessie), this problem has been fixed in version 1.2.7-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.2.12-1+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 27, 2018 Share Posted March 27, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4152-1 security@debian.org https://www.debian.org/security/ Luciano Bello March 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2018-6544 CVE-2018-1000051 Debian Bug : 891245 Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute code in the context in which the application is running. For the oldstable distribution (jessie), these problems have been fixed in version 1.5-1+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1.9a+ds1-4+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4153-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2018-5148 It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 52.7.3esr-1~deb8u1. For the stable distribution (stretch), this problem has been fixed in version 52.7.3esr-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 28, 2018 Share Posted March 28, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4154-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : net-snmp CVE ID : CVE-2015-5621 CVE-2018-1000116 Debian Bug : 788964 894110 A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd. For the oldstable distribution (jessie), these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u1. For the stable distribution (stretch), these problems have been fixed before the initial release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4155-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 28, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. For the oldstable distribution (jessie), these problems have been fixed in version 1:52.7.0-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:52.7.0-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 31, 2018 Share Posted March 31, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4156-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2018-7600 Debian Bug : 894259 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002 For the oldstable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4157-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2017-3738 CVE-2018-0739 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt For the oldstable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u8. The oldstable distribution is not affected by CVE-2017-3738. For the stable distribution (stretch), these problems have been fixed in version 1.1.0f-3+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4158-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl1.0 CVE ID : CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt For the stable distribution (stretch), this problem has been fixed in version 1.0.2l-2+deb9u3. Link to comment Share on other sites More sharing options...
sunrat Posted April 1, 2018 Share Posted April 1, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4159-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : remctl CVE ID : CVE-2018-0493 Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code. The oldstable distribution (jessie) is not affected. For the stable distribution (stretch), this problem has been fixed in version 3.13-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4160-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libevt CVE ID : CVE-2018-8754 It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed. For the stable distribution (stretch), this problem has been fixed in version 20170120-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4161-1 security@debian.org https://www.debian.org/security/ Luciano Bello April 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2018-7536 CVE-2018-7537 James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application. For the oldstable distribution (jessie), these problems have been fixed in version 1.7.11-1+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 1:1.10.7-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4162-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : irssi CVE ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054 Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. For the stable distribution (stretch), these problems have been fixed in version 1.0.7-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted April 3, 2018 Share Posted April 3, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4163-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : beep CVE ID : CVE-2018-0492 It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation. For the oldstable distribution (jessie), this problem has been fixed in version 1.3-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.3-4+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4164-1 security@debian.org https://www.debian.org/security/ Stefan Fritsch April 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used for a Denial of Service attack. CVE-2017-15715 Elar Lang discovered that expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. CVE-2018-1283 When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user could influence their content by using a "Session" header. CVE-2018-1301 Robert Swiecki reported that a specially crafted request could have crashed the Apache HTTP Server, due to an out of bound access after a size limit is reached by reading the HTTP header. CVE-2018-1303 Robert Swiecki reported that a specially crafted HTTP request header could have crashed the Apache HTTP Server if using mod_cache_socache, due to an out of bound read while preparing data to be cached in shared memory. CVE-2018-1312 Nicolas Daniels discovered that when generating an HTTP Digest authentication challenge, the nonce sent by mod_auth_digest to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. For the oldstable distribution (jessie), these problems have been fixed in version 2.4.10-10+deb8u12. For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u4. Link to comment Share on other sites More sharing options...
sunrat Posted April 4, 2018 Share Posted April 4, 2018 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4165-1 security@debian.org https://www.debian.org/security/ Luciano Bello April 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ldap-account-manager CVE ID : CVE-2018-8763 CVE-2018-8764 Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting (XSS) vulnerability might allow an attacker to execute Javascript code in the browser of the victim or to redirect her to a malicious website if the victim clicks on a specially crafted link. CVE-2018-8764 The application leaks the CSRF token in the URL, which can be use by an attacker to perform a Cross-Site Request Forgery attack, in which a victim logged in LDAP Account Manager might performed unwanted actions in the front-end by clicking on a link crafted by the attacker. For the oldstable distribution (jessie), these problems have been fixed in version 4.7.1-1+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 5.5-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4166-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. For the oldstable distribution (jessie), these problems have been fixed in version 7u171-2.6.13-1~deb8u1. Link to comment Share on other sites More sharing options...
Recommended Posts