Jump to content

Bruno
 Share

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4167-1 security@debian.org

https://www.debian.org/security/ Luciano Bello

April 05, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sharutils

CVE ID : CVE-2018-1000097

Debian Bug : 893525

 

A buffer-overflow vulnerability was discovered in Sharutils, a set of

utilities handle Shell Archives. An attacker with control on the input of

the unshar command, could crash the application or execute arbitrary code

in the its context.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 4.14-2+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 1:4.15.2-2+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4168-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squirrelmail

CVE ID : CVE-2018-8741

Debian Bug : 893202

 

Florian Grunow und Birk Kauer of ERNW discovered a path traversal

vulnerability in SquirrelMail, a webmail application, allowing an

authenticated remote attacker to retrieve or delete arbitrary files

via mail attachment.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 2:1.4.23~svn20120406-2+deb8u2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4170-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 09, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pjproject

CVE ID : CVE-2017-16872 CVE-2017-16875 CVE-2018-1000098

CVE-2018-1000099

 

Multiple vulnerabilities have been discovered in the PJSIP/PJProject

multimedia communication which may result in denial of service during

the processing of SIP and SDP messages and ioqueue keys.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.5.5~dfsg-6+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4169-1 security@debian.org

https://www.debian.org/security/ Yves-Alexis Perez

April 11, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pcs

CVE ID : CVE-2018-1086

Debian Bug : 895313

 

Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a

pacemaker command line interface and GUI. The REST interface normally doesn't

allow passing --debug parameter to prevent information leak, but the check

wasn't sufficient.

 

For the stable distribution (stretch), this problem has been fixed in

version 0.9.155+dfsg-2+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4079-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 12, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : poppler

CVE ID : CVE-2017-9776

Debian Bug : 890826

 

It was discovered that the poppler upload for the oldstable distribution

(jessie), released as DSA-4079-1, did not correctly address

CVE-2017-9776 and additionally caused regressions when rendering PDFs

embedding JBIG2 streams. Updated packages are now available to correct

this issue.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 0.26.5-2+deb8u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4171-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 13, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby-loofah

CVE ID : CVE-2018-8048

Debian Bug : 893596

 

The Shopify Application Security Team reported that ruby-loofah, a

general library for manipulating and transforming HTML/XML documents and

fragments, allows non-whitelisted attributes to be present in sanitized

output when input with specially-crafted HTML fragments. This might

allow to mount a code injection attack into a browser consuming

sanitized output.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.0.3-2+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4172-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 14, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : perl

CVE ID : CVE-2018-6797 CVE-2018-6798 CVE-2018-6913

 

Multiple vulnerabilities were discovered in the implementation of the

Perl programming language. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2018-6797

 

Brian Carpenter reported that a crafted regular expression

could cause a heap buffer write overflow, with control over the

bytes written.

 

CVE-2018-6798

 

Nguyen Duc Manh reported that matching a crafted locale dependent

regular expression could cause a heap buffer read overflow and

potentially information disclosure.

 

CVE-2018-6913

 

GwanYeong Kim reported that 'pack()' could cause a heap buffer write

overflow with a large item count.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 5.20.2-3+deb8u10. The oldstable distribution (jessie) update

contains only a fix for CVE-2018-6913.

 

For the stable distribution (stretch), these problems have been fixed in

version 5.24.1-3+deb9u3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4173-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 16, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : r-cran-readxl

CVE ID : CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12110

CVE-2017-12111

 

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R

package to read Excel files (via the integrated libxls library), which

could result in the execution of arbitrary code if a malformed

spreadsheet is processed.

 

For the stable distribution (stretch), these problems have been fixed in

version 0.1.1-1+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4174-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

April 17, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : corosync

CVE ID : CVE-2018-1084

Debian Bug : 895653

 

The Citrix Security Response Team discovered that corosync, a cluster

engine implementation, allowed an unauthenticated user to cause a

denial-of-service by application crash.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.4.2-3+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4175-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 18, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freeplane

CVE ID : CVE-2018-1000069

Debian Bug : 893663

 

Wojciech Regula discovered an XML External Entity vulnerability in the

XML Parser of the mindmap loader in freeplane, a Java program for

working with mind maps, resulting in potential information disclosure if

a malicious mind map file is opened.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.3.12-1+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.5.18-1+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4176-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 20, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.5

CVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773

CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818

CVE-2018-2819

 

Several issues have been discovered in the MySQL database server. The

vulnerabilities are addressed by upgrading MySQL to the new upstream

version 5.5.60, which includes additional changes. Please see the MySQL

5.5 Release Notes and Oracle's Critical Patch Update advisory for

further details:

 

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

 

For the oldstable distribution (jessie), these problems have been fixed

in version 5.5.60-0+deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4177-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 20, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libsdl2-image

CVE ID : CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441

CVE-2017-14442 CVE-2017-14448 CVE-2017-14449 CVE-2017-14450

CVE-2018-3837 CVE-2018-3838 CVE-2018-3839

 

Multiple vulnerabilities have been discovered in the image loading

library for Simple DirectMedia Layer 2, which could result in denial of

service or the execution of arbitrary code if malformed image files are

opened.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2.0.0+dfsg-3+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.0.1+dfsg-2+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4178-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 20, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libreoffice

CVE ID : CVE-2018-10119 CVE-2018-10120

 

Two vulnerabilities were discovered in LibreOffice's code to parse

MS Word and Structured Storage files, which could result in denial of

service and potentially the execution of arbitrary code if a malformed

file is opened.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1:4.3.3-2+deb8u11.

 

For the stable distribution (stretch), these problems have been fixed in

version 1:5.2.7-1+deb9u4.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4179-1 security@debian.org

https://www.debian.org/security/ Ben Hutchings

April 24, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux-tools

 

This update doesn't fix a vulnerability in linux-tools, but provides

support for building Linux kernel modules with the "retpoline"

mitigation for CVE-2017-5715 (Spectre variant 2).

 

This update also includes bug fixes from the upstream Linux 3.16 stable

branch up to and including 3.16.56.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.16.56-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4180-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 25, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : CVE-2018-7602

Debian Bug : 896701

 

A remote code execution vulnerability has been found in Drupal, a

fully-featured content management framework. For additional information,

please refer to the upstream advisory at

https://www.drupal.org/sa-core-2018-004

 

For the oldstable distribution (jessie), this problem has been fixed

in version 7.32-1+deb8u12.

 

For the stable distribution (stretch), this problem has been fixed in

version 7.52-2+deb9u4.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4182-1 security@debian.org

https://www.debian.org/security/ Michael Gilbert

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061

CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065

CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069

CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073

CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077

CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081

CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086

CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090

CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094

CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098

CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102

CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106

CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110

CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114

CVE-2018-6116 CVE-2018-6117

 

Several vulnerabilities have been discovered in the chromium web browser.

 

CVE-2018-6056

 

lokihardt discovered an error in the v8 javascript library.

 

CVE-2018-6057

 

Gal Beniamini discovered errors related to shared memory permissions.

 

CVE-2018-6060

 

Omair discovered a use-after-free issue in blink/webkit.

 

CVE-2018-6061

 

Guang Gong discovered a race condition in the v8 javascript library.

 

CVE-2018-6062

 

A heap overflow issue was discovered in the v8 javascript library.

 

CVE-2018-6063

 

Gal Beniamini discovered errors related to shared memory permissions.

 

CVE-2018-6064

 

lokihardt discovered a type confusion error in the v8 javascript

library.

 

CVE-2018-6065

 

Mark Brand discovered an integer overflow issue in the v8 javascript

library.

 

CVE-2018-6066

 

Masato Kinugawa discovered a way to bypass the Same Origin Policy.

 

CVE-2018-6067

 

Ned Williamson discovered a buffer overflow issue in the skia library.

 

CVE-2018-6068

 

Luan Herrera discovered object lifecycle issues.

 

CVE-2018-6069

 

Wanglu and Yangkang discovered a stack overflow issue in the skia

library.

 

CVE-2018-6070

 

Rob Wu discovered a way to bypass the Content Security Policy.

 

CVE-2018-6071

 

A heap overflow issue was discovered in the skia library.

 

CVE-2018-6072

 

Atte Kettunen discovered an integer overflow issue in the pdfium

library.

 

CVE-2018-6073

 

Omair discover a heap overflow issue in the WebGL implementation.

 

CVE-2018-6074

 

Abdulrahman Alqabandi discovered a way to cause a downloaded web page

to not contain a Mark of the Web.

 

CVE-2018-6075

 

Inti De Ceukelaire discovered a way to bypass the Same Origin Policy.

 

CVE-2018-6076

 

Mateusz Krzeszowiec discovered that URL fragment identifiers could be

handled incorrectly.

 

CVE-2018-6077

 

Khalil Zhani discovered a timing issue.

 

CVE-2018-6078

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6079

 

Ivars discovered an information disclosure issue.

 

CVE-2018-6080

 

Gal Beniamini discovered an information disclosure issue.

 

CVE-2018-6081

 

Rob Wu discovered a cross-site scripting issue.

 

CVE-2018-6082

 

WenXu Wu discovered a way to bypass blocked ports.

 

CVE-2018-6083

 

Jun Kokatsu discovered that AppManifests could be handled incorrectly.

 

CVE-2018-6085

 

Ned Williamson discovered a use-after-free issue.

 

CVE-2018-6086

 

Ned Williamson discovered a use-after-free issue.

 

CVE-2018-6087

 

A use-after-free issue was discovered in the WebAssembly implementation.

 

CVE-2018-6088

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2018-6089

 

Rob Wu discovered a way to bypass the Same Origin Policy.

 

CVE-2018-6090

 

ZhanJia Song discovered a heap overflow issue in the skia library.

 

CVE-2018-6091

 

Jun Kokatsu discovered that plugins could be handled incorrectly.

 

CVE-2018-6092

 

Natalie Silvanovich discovered an integer overflow issue in the

WebAssembly implementation.

 

CVE-2018-6093

 

Jun Kokatsu discovered a way to bypass the Same Origin Policy.

 

CVE-2018-6094

 

Chris Rohlf discovered a regression in garbage collection hardening.

 

CVE-2018-6095

 

Abdulrahman Alqabandi discovered files could be uploaded without user

interaction.

 

CVE-2018-6096

 

WenXu Wu discovered a user interface spoofing issue.

 

CVE-2018-6097

 

xisigr discovered a user interface spoofing issue.

 

CVE-2018-6098

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6099

 

Jun Kokatsu discovered a way to bypass the Cross Origin Resource

Sharing mechanism.

 

CVE-2018-6100

 

Lnyas Zhang dsicovered a URL spoofing issue.

 

CVE-2018-6101

 

Rob Wu discovered an issue in the developer tools remote debugging

protocol.

 

CVE-2018-6102

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6103

 

Khalil Zhani discovered a user interface spoofing issue.

 

CVE-2018-6104

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6105

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6106

 

lokihardt discovered that v8 promises could be handled incorrectly.

 

CVE-2018-6107

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6108

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6109

 

Dominik Weber discovered a way to misuse the FileAPI feature.

 

CVE-2018-6110

 

Wenxiang Qian discovered that local plain text files could be handled

incorrectly.

 

CVE-2018-6111

 

Khalil Zhani discovered a use-after-free issue in the developer tools.

 

CVE-2018-6112

 

Khalil Zhani discovered incorrect handling of URLs in the developer

tools.

 

CVE-2018-6113

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2018-6114

 

Lnyas Zhang discovered a way to bypass the Content Security Policy.

 

CVE-2018-6116

 

Chengdu Security Response Center discovered an error when memory

is low.

 

CVE-2018-6117

 

Spencer Dailey discovered an error in form autofill settings.

 

For the oldstable distribution (jessie), security support for chromium

has been discontinued.

 

For the stable distribution (stretch), these problems have been fixed in

version 66.0.3359.117-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4181-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : roundcube

CVE ID : CVE-2018-9846

Debian Bug : 895184

 

Andrea Basile discovered that the 'archive' plugin in roundcube, a

skinnable AJAX based webmail solution for IMAP servers, does not

properly sanitize a user-controlled parameter, allowing a remote

attacker to inject arbitrary IMAP commands and perform malicious

actions.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.2.3+dfsg.1-4+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4183-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

CVE ID : CVE-2018-0490

 

It has been discovered that Tor, a connection-based low-latency

anonymous communication system, contains a protocol-list handling bug

that could be used to remotely crash directory authorities with a

null-pointer exception (TROVE-2018-001).

 

For the stable distribution (stretch), this problem has been fixed in

version 0.2.9.15-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4184-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sdl-image1.2

CVE ID : CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441

CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837

CVE-2018-3838 CVE-2018-3839

Debian Bug : 878267

 

Multiple vulnerabilities have been discovered in the image loading

library for Simple DirectMedia Layer 1.2, which could result in denial

of service or the execution of arbitrary code if malformed image files

are opened.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1.2.12-5+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 1.2.12-5+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4185-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-8

CVE ID : CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796

CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800

CVE-2018-2814 CVE-2018-2815

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in denial of

service, sandbox bypass, execution of arbitrary code or bypass of JAR

signature validation.

 

For the stable distribution (stretch), these problems have been fixed in

version 8u171-b11-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4186-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 28, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gunicorn

CVE ID : CVE-2018-1000164

 

It was discovered that gunicorn, an event-based HTTP/WSGI server was

susceptible to HTTP Response splitting.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 19.0-1+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4187-1 security@debian.org

https://www.debian.org/security/ Ben Hutchings

May 01, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753

CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911

CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017

CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241

CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332

CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927

CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757

CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004

CVE-2018-1000199

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

 

CVE-2015-9016

 

Ming Lei reported a race condition in the multiqueue block layer

(blk-mq). On a system with a driver using blk-mq (mtip32xx,

null_blk, or virtio_blk), a local user might be able to use this

for denial of service or possibly for privilege escalation.

 

CVE-2017-0861

 

Robb Glasser reported a potential use-after-free in the ALSA (sound)

PCM core. We believe this was not possible in practice.

 

CVE-2017-5715

 

Multiple researchers have discovered a vulnerability in various

processors supporting speculative execution, enabling an attacker

controlling an unprivileged process to read memory from arbitrary

addresses, including from the kernel and all other processes

running on the system.

 

This specific attack has been named Spectre variant 2 (branch

target injection) and is mitigated for the x86 architecture (amd64

and i386) by using the "retpoline" compiler feature which allows

indirect branches to be isolated from speculative execution.

 

CVE-2017-5753

 

Multiple researchers have discovered a vulnerability in various

processors supporting speculative execution, enabling an attacker

controlling an unprivileged process to read memory from arbitrary

addresses, including from the kernel and all other processes

running on the system.

 

This specific attack has been named Spectre variant 1

(bounds-check bypass) and is mitigated by identifying vulnerable

code sections (array bounds checking followed by array access) and

replacing the array access with the speculation-safe

array_index_nospec() function.

 

More use sites will be added over time.

 

CVE-2017-13166

 

A bug in the 32-bit compatibility layer of the v4l2 ioctl handling

code has been found. Memory protections ensuring user-provided

buffers always point to userland memory were disabled, allowing

destination addresses to be in kernel space. On a 64-bit kernel a

local user with access to a suitable video device can exploit this

to overwrite kernel memory, leading to privilege escalation.

 

CVE-2017-13220

 

Al Viro reported that the Bluetooth HIDP implementation could

dereference a pointer before performing the necessary type check.

A local user could use this to cause a denial of service.

 

CVE-2017-16526

 

Andrey Konovalov reported that the UWB subsystem may dereference

an invalid pointer in an error case. A local user might be able

to use this for denial of service.

 

CVE-2017-16911

 

Secunia Research reported that the USB/IP vhci_hcd driver exposed

kernel heap addresses to local users. This information could aid the

exploitation of other vulnerabilities.

 

CVE-2017-16912

 

Secunia Research reported that the USB/IP stub driver failed to

perform a range check on a received packet header field, leading

to an out-of-bounds read. A remote user able to connect to the

USB/IP server could use this for denial of service.

 

CVE-2017-16913

 

Secunia Research reported that the USB/IP stub driver failed to

perform a range check on a received packet header field, leading

to excessive memory allocation. A remote user able to connect to

the USB/IP server could use this for denial of service.

 

CVE-2017-16914

 

Secunia Research reported that the USB/IP stub driver failed to

check for an invalid combination of fields in a received packet,

leading to a null pointer dereference. A remote user able to

connect to the USB/IP server could use this for denial of service.

 

CVE-2017-18017

 

Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module

failed to validate TCP header lengths, potentially leading to a

use-after-free. If this module is loaded, it could be used by a

remote attacker for denial of service or possibly for code

execution.

 

CVE-2017-18203

 

Hou Tao reported that there was a race condition in creation and

deletion of device-mapper (DM) devices. A local user could

potentially use this for denial of service.

 

CVE-2017-18216

 

Alex Chen reported that the OCFS2 filesystem failed to hold a

necessary lock during nodemanager sysfs file operations,

potentially leading to a null pointer dereference. A local user

could use this for denial of service.

 

CVE-2017-18232

 

Jason Yan reported a race condition in the SAS (Serial-Attached

SCSI) subsystem, between probing and destroying a port. This

could lead to a deadlock. A physically present attacker could

use this to cause a denial of service.

 

CVE-2017-18241

 

Yunlei He reported that the f2fs implementation does not properly

initialise its state if the "noflush_merge" mount option is used.

A local user with access to a filesystem mounted with this option

could use this to cause a denial of service.

 

CVE-2018-1066

 

Dan Aloni reported to Red Hat that the CIFS client implementation

would dereference a null pointer if the server sent an invalid

response during NTLMSSP setup negotiation. This could be used

by a malicious server for denial of service.

 

CVE-2018-1068

 

The syzkaller tool found that the 32-bit compatibility layer of

ebtables did not sufficiently validate offset values. On a 64-bit

kernel, a local user with the CAP_NET_ADMIN capability (in any user

namespace) could use this to overwrite kernel memory, possibly

leading to privilege escalation. Debian disables unprivileged user

namespaces by default.

 

CVE-2018-1092

 

Wen Xu reported that a crafted ext4 filesystem image would

trigger a null dereference when mounted. A local user able

to mount arbitrary filesystems could use this for denial of

service.

 

CVE-2018-5332

 

Mohamed Ghannam reported that the RDS protocol did not

sufficiently validate RDMA requests, leading to an out-of-bounds

write. A local attacker on a system with the rds module loaded

could use this for denial of service or possibly for privilege

escalation.

 

CVE-2018-5333

 

Mohamed Ghannam reported that the RDS protocol did not properly

handle an error case, leading to a null pointer dereference. A

local attacker on a system with the rds module loaded could

possibly use this for denial of service.

 

CVE-2018-5750

 

Wang Qize reported that the ACPI sbshc driver logged a kernel heap

address. This information could aid the exploitation of other

vulnerabilities.

 

CVE-2018-5803

 

Alexey Kodanev reported that the SCTP protocol did not range-check

the length of chunks to be created. A local or remote user could

use this to cause a denial of service.

 

CVE-2018-6927

 

Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did

not check for negative parameter values, which might lead to a

denial of service or other security impact.

 

CVE-2018-7492

 

The syzkaller tool found that the RDS protocol was lacking a null

pointer check. A local attacker on a system with the rds module

loaded could use this for denial of service.

 

CVE-2018-7566

 

Fan LongFei reported a race condition in the ALSA (sound)

sequencer core, between write and ioctl operations. This could

lead to an out-of-bounds access or use-after-free. A local user

with access to a sequencer device could use this for denial of

service or possibly for privilege escalation.

 

CVE-2018-7740

 

Nic Losby reported that the hugetlbfs filesystem's mmap operation

did not properly range-check the file offset. A local user with

access to files on a hugetlbfs filesystem could use this to cause

a denial of service.

 

CVE-2018-7757

 

Jason Yan reported a memory leak in the SAS (Serial-Attached

SCSI) subsystem. A local user on a system with SAS devices

could use this to cause a denial of service.

 

CVE-2018-7995

 

Seunghun Han reported a race condition in the x86 MCE

(Machine Check Exception) driver. This is unlikely to have

any security impact.

 

CVE-2018-8781

 

Eyal Itkin reported that the udl (DisplayLink) driver's mmap

operation did not properly range-check the file offset. A local

user with access to a udl framebuffer device could exploit this to

overwrite kernel memory, leading to privilege escalation.

 

CVE-2018-8822

 

Dr Silvio Cesare of InfoSect reported that the ncpfs client

implementation did not validate reply lengths from the server. An

ncpfs server could use this to cause a denial of service or

remote code execution in the client.

 

CVE-2018-1000004

 

Luo Quan reported a race condition in the ALSA (sound) sequencer

core, between multiple ioctl operations. This could lead to a

deadlock or use-after-free. A local user with access to a

sequencer device could use this for denial of service or possibly

for privilege escalation.

 

CVE-2018-1000199

 

Andy Lutomirski discovered that the ptrace subsystem did not

sufficiently validate hardware breakpoint settings. Local users

can use this to cause a denial of service, or possibly for

privilege escalation, on x86 (amd64 and i386) and possibly other

architectures.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 3.16.56-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4188-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 01, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193

CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224

CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066

CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108

CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740

CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781

CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

 

CVE-2017-5715

 

Multiple researchers have discovered a vulnerability in various

processors supporting speculative execution, enabling an attacker

controlling an unprivileged process to read memory from arbitrary

addresses, including from the kernel and all other processes

running on the system.

 

This specific attack has been named Spectre variant 2 (branch

target injection) and is mitigated for the x86 architecture (amd64

and i386) by using the "retpoline" compiler feature which allows

indirect branches to be isolated from speculative execution.

 

CVE-2017-5753

 

Multiple researchers have discovered a vulnerability in various

processors supporting speculative execution, enabling an attacker

controlling an unprivileged process to read memory from arbitrary

addresses, including from the kernel and all other processes

running on the system.

 

This specific attack has been named Spectre variant 1

(bounds-check bypass) and is mitigated by identifying vulnerable

code sections (array bounds checking followed by array access) and

replacing the array access with the speculation-safe

array_index_nospec() function.

 

More use sites will be added over time.

 

CVE-2017-17975

 

Tuba Yavuz reported a use-after-free flaw in the USBTV007

audio-video grabber driver. A local user could use this for denial

of service by triggering failure of audio registration.

 

CVE-2017-18193

 

Yunlei He reported that the f2fs implementation does not properly

handle extent trees, allowing a local user to cause a denial of

service via an application with multiple threads.

 

CVE-2017-18216

 

Alex Chen reported that the OCFS2 filesystem failed to hold a

necessary lock during nodemanager sysfs file operations,

potentially leading to a null pointer dereference. A local user

could use this for denial of service.

 

CVE-2017-18218

 

Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet

driver. A local user could use this for denial of service.

 

CVE-2017-18222

 

It was reported that the Hisilicon Network Subsystem (HNS) driver

implementation does not properly handle ethtool private flags. A

local user could use this for denial of service or possibly have

other impact.

 

CVE-2017-18224

 

Alex Chen reported that the OCFS2 filesystem omits the use of a

semaphore and consequently has a race condition for access to the

extent tree during read operations in DIRECT mode. A local user

could use this for denial of service.

 

CVE-2017-18241

 

Yunlei He reported that the f2fs implementation does not properly

initialise its state if the "noflush_merge" mount option is used.

A local user with access to a filesystem mounted with this option

could use this to cause a denial of service.

 

CVE-2017-18257

 

It was reported that the f2fs implementation is prone to an infinite

loop caused by an integer overflow in the __get_data_block()

function. A local user can use this for denial of service via

crafted use of the open and fallocate system calls with an

FS_IOC_FIEMAP ioctl.

 

CVE-2018-1065

 

The syzkaller tool found a NULL pointer dereference flaw in the

netfilter subsystem when handling certain malformed iptables

rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN

capability (in any user namespace) could use this to cause a denial

of service. Debian disables unprivileged user namespaces by default.

 

CVE-2018-1066

 

Dan Aloni reported to Red Hat that the CIFS client implementation

would dereference a null pointer if the server sent an invalid

response during NTLMSSP setup negotiation. This could be used

by a malicious server for denial of service.

 

CVE-2018-1068

 

The syzkaller tool found that the 32-bit compatibility layer of

ebtables did not sufficiently validate offset values. On a 64-bit

kernel, a local user with the CAP_NET_ADMIN capability (in any user

namespace) could use this to overwrite kernel memory, possibly

leading to privilege escalation. Debian disables unprivileged user

namespaces by default.

 

CVE-2018-1092

 

Wen Xu reported that a crafted ext4 filesystem image would

trigger a null dereference when mounted. A local user able

to mount arbitrary filesystems could use this for denial of

service.

 

CVE-2018-1093

 

Wen Xu reported that a crafted ext4 filesystem image could trigger

an out-of-bounds read in the ext4_valid_block_bitmap() function. A

local user able to mount arbitrary filesystems could use this for

denial of service.

 

CVE-2018-1108

 

Jann Horn reported that crng_ready() does not properly handle the

crng_init variable states and the RNG could be treated as

cryptographically safe too early after system boot.

 

CVE-2018-5803

 

Alexey Kodanev reported that the SCTP protocol did not range-check

the length of chunks to be created. A local or remote user could

use this to cause a denial of service.

 

CVE-2018-7480

 

Hou Tao discovered a double-free flaw in the blkcg_init_queue()

function in block/blk-cgroup.c. A local user could use this to cause

a denial of service or have other impact.

 

CVE-2018-7566

 

Fan LongFei reported a race condition in the ALSA (sound)

sequencer core, between write and ioctl operations. This could

lead to an out-of-bounds access or use-after-free. A local user

with access to a sequencer device could use this for denial of

service or possibly for privilege escalation.

 

CVE-2018-7740

 

Nic Losby reported that the hugetlbfs filesystem's mmap operation

did not properly range-check the file offset. A local user with

access to files on a hugetlbfs filesystem could use this to cause

a denial of service.

 

CVE-2018-7757

 

Jason Yan reported a memory leak in the SAS (Serial-Attached

SCSI) subsystem. A local user on a system with SAS devices

could use this to cause a denial of service.

 

CVE-2018-7995

 

Seunghun Han reported a race condition in the x86 MCE

(Machine Check Exception) driver. This is unlikely to have

any security impact.

 

CVE-2018-8087

 

A memory leak flaw was found in the hwsim_new_radio_nl() function in

the simulated radio testing tool driver for mac80211, allowing a

local user to cause a denial of service.

 

CVE-2018-8781

 

Eyal Itkin reported that the udl (DisplayLink) driver's mmap

operation did not properly range-check the file offset. A local

user with access to a udl framebuffer device could exploit this to

overwrite kernel memory, leading to privilege escalation.

 

CVE-2018-8822

 

Dr Silvio Cesare of InfoSect reported that the ncpfs client

implementation did not validate reply lengths from the server. An

ncpfs server could use this to cause a denial of service or

remote code execution in the client.

 

CVE-2018-10323

 

Wen Xu reported a NULL pointer dereference flaw in the

xfs_bmapi_write() function triggered when mounting and operating a

crafted xfs filesystem image. A local user able to mount arbitrary

filesystems could use this for denial of service.

 

CVE-2018-1000199

 

Andy Lutomirski discovered that the ptrace subsystem did not

sufficiently validate hardware breakpoint settings. Local users

can use this to cause a denial of service, or possibly for

privilege escalation, on x86 (amd64 and i386) and possibly other

architectures.

 

For the stable distribution (stretch), these problems have been fixed in

version 4.9.88-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4189-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 02, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : quassel

CVE ID : CVE-2018-1000178 CVE-2018-1000179

 

Two vulnerabilities were found in the Quassel IRC client, which could

result in the execution of arbitrary code or denial of service.

 

Note that you need to restart the 'quasselcore' service after upgrading

the Quassel packages.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1:0.10.0-2.3+deb8u4.

 

For the stable distribution (stretch), these problems have been fixed in

version 1:0.12.4-2+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4190-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 03, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jackson-databind

CVE ID : CVE-2018-7489

Debian Bug : 891614

 

It was discovered that jackson-databind, a Java library used to parse

JSON and other data formats, improperly validated user input prior to

deserializing because of an incomplete fix for CVE-2017-7525.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 2.4.2-2+deb8u4.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.8.6-1+deb9u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4191-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 03, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : redmine

CVE ID : CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571

CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575

CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026

Debian Bug : 882544 882545 882547 882548 887307

 

Multiple vulnerabilities were discovered in Redmine, a project

management web application. They could lead to remote code execution,

information disclosure or cross-site scripting attacks.

 

For the stable distribution (stretch), these problems have been fixed in

version 3.3.1-4+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4192-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 04, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libmad

CVE ID : CVE-2017-8372 CVE-2017-8373 CVE-2017-8374

 

Several vulnerabilities were discovered in MAD, an MPEG audio decoder

library, which could result in denial of service if a malformed audio

file is processed.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 0.15.1b-8+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 0.15.1b-8+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4193-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 05, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2018-10100 CVE-2018-10101 CVE-2018-10102

Debian Bug : 895034

 

Several vulnerabilities were discovered in wordpress, a web blogging

tool, which could allow remote attackers to compromise a site via

cross-site scripting, bypass restrictions or unsafe redirects. More

information can be found in the upstream advisory at

https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/

 

For the oldstable distribution (jessie), these problems have been fixed

in version 4.1+dfsg-1+deb8u17.

 

For the stable distribution (stretch), these problems have been fixed in

version 4.7.5+dfsg-2+deb9u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4194-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 06, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : lucene-solr

CVE ID : CVE-2018-1308

 

An XML external entity expansion vulnerability was discovered in the

DataImportHandler of Solr, a search server based on Lucene, which could

result in information disclosure.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.6.2+dfsg-5+deb8u2.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.6.2+dfsg-10+deb9u2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4195-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wget

CVE ID : CVE-2018-0494

Debian Bug : 898076

 

Harry Sintonen discovered that wget, a network utility to retrieve files

from the web, does not properly handle '\r\n' from continuation lines

while parsing the Set-Cookie HTTP header. A malicious web server could

use this flaw to inject arbitrary cookies to the cookie jar file, adding

new or replacing existing cookie values.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.16-1+deb8u5.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.18-5+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4196-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2018-1087 CVE-2018-8897

Debian Bug : 897427 897599 898067 898100

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation or denial of service.

 

CVE-2018-1087

 

Andy Lutomirski discovered that the KVM implementation did not

properly handle #DB exceptions while deferred by MOV SS/POP SS,

allowing an unprivileged KVM guest user to crash the guest or

potentially escalate their privileges.

 

CVE-2018-8897

 

Nick Peterson of Everdox Tech LLC discovered that #DB exceptions

that are deferred by MOV SS or POP SS are not properly handled,

allowing an unprivileged user to crash the kernel and cause a denial

of service.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 3.16.56-1+deb8u1. This update includes various fixes for

regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427,

#898067 and #898100).

 

For the stable distribution (stretch), these problems have been fixed in

version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1

is temporarily reverted due to various regression, cf. #897599.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4197-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 09, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wavpack

CVE ID : CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539

CVE-2018-10540

 

Multiple vulnerabilities were discovered in the wavpack audio codec which

could result in denial of service or the execution of arbitrary code if

malformed media files are processed.

 

The oldstable distribution (jessie) is not affected.

 

For the stable distribution (stretch), these problems have been fixed in

version 5.0.0-2+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4198-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 09, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : prosody

CVE ID : CVE-2017-18265

Debian Bug : 875829

 

Albert Dengg discovered that incorrect parsing of <stream:error> messages

in the Prosody Jabber/XMPP server may result in denial of service.

 

The oldstable distribution (jessie) is not affected.

 

For the stable distribution (stretch), this problem has been fixed in

version 0.9.12-2+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4199-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 10, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157

CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178

CVE-2018-5183

 

Several security issues have been found in the Mozilla Firefox web

browser: Multiple memory safety errors and other implementation errors

may lead to the execution of arbitrary code or denial of service.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 52.8.0esr-1~deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 52.8.0esr-1~deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4200-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 14, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : kwallet-pam

CVE ID : CVE-2018-10380

 

Fabian Vogt discovered that incorrect permission handling in the PAM

module of the KDE Wallet could allow an unprivileged local user to gain

ownership of arbitrary files.

 

For the stable distribution (stretch), this problem has been fixed in

version 5.8.4-1+deb9u2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4201-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 15, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981

CVE-2018-10982

 

Multiple vulnerabilities have been discovered in the Xen hypervisor:

 

CVE-2018-8897

 

Andy Lutomirski and Nick Peterson discovered that incorrect handling

of debug exceptions could result in privilege escalation.

 

CVE-2018-10471

 

An error was discovered in the mitigations against Meltdown which

could result in denial of service.

 

CVE-2018-10472

 

Anthony Perard discovered that incorrect parsing of CDROM images

can result in information disclosure.

 

CVE-2018-10981

 

Jan Beulich discovered that malformed device models could result

in denial of service.

 

CVE-2018-10982

 

Roger Pau Monne discovered that incorrect handling of high precision

event timers could result in denial of service and potentially

privilege escalation.

 

For the stable distribution (stretch), these problems have been fixed in

version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4202-1 security@debian.org

https://www.debian.org/security/ Alessandro Ghedini

May 16, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2018-1000301

Debian Bug : 898856

 

OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer

library, could be tricked into reading data beyond the end of a heap

based buffer when parsing invalid headers in an RTSP response.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 7.38.0-4+deb8u11.

 

For the stable distribution (stretch), this problem has been fixed in

version 7.52.1-5+deb9u6.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4203-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 17, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vlc

CVE ID : CVE-2017-17670

 

Hans Jerry Illikainen discovered a type conversion vulnerability in the

MP4 demuxer of the VLC media player, which could result in the execution

of arbitrary code if a malformed media file is played.

 

This update upgrades VLC in stretch to the new 3.x release series (as

security fixes couldn't be sensibly backported to the 2.x series). In

addition two packages needed to be rebuild to ensure compatibility with

VLC 3; phonon-backend-vlc (0.9.0-2+deb9u1) and goldencheetah

(4.0.0~DEV1607-2+deb9u1).

 

VLC in jessie cannot be migrated to version 3 due to incompatible

library changes with reverse dependencies and is thus now declared

end-of-life for jessie. We recommend to upgrade to stretch or pick a

different media player if that's not an option.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.0.2-0+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4204-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 18, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : imagemagick

CVE ID : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639

CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248

Debian Bug : 867748 869827 869834 870012 870065 885125 885340 886588

 

This update fixes several vulnerabilities in imagemagick, a graphical

software suite. Various memory handling problems or issues about

incomplete input sanitizing would result in denial of service or

memory disclosure.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 8:6.8.9.9-5+deb8u12.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4205-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 18, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

This is an advance notice that regular security support for Debian

GNU/Linux 8 (code name "jessie") will be terminated on the 17th of

June.

 

As with previous releases additional LTS support will be provided for

a reduced set of architectures and packages, a separate announcement

will be available in due time.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4206-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 21, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gitlab

CVE ID : CVE-2017-0920 CVE-2018-8971

 

Several vulnerabilities have been discovered in Gitlab, a software

platform to collaborate on code:

 

CVE-2017-0920

 

It was discovered that missing validation of merge requests allowed

users to see names to private projects, resulting in information

disclosure.

 

CVE-2018-8971

 

It was discovered that the Auth0 integration was implemented

incorrectly.

 

For the stable distribution (stretch), these problems have been fixed in

version 8.13.11+dfsg1-8+deb9u2. The fix for CVE-2018-8971 also requires

ruby-omniauth-auth0 to be upgraded to version 2.0.0-0+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4207-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 22, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : packagekit

CVE ID : CVE-2018-1106

Debian Bug : 896703

 

Matthias Gerstner discovered that PackageKit, a DBus abstraction layer

for simple software management tasks, contains an authentication bypass

flaw allowing users without privileges to install local packages.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.1.5-2+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4208-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 22, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : procps

CVE ID : CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125

CVE-2018-1126

Debian Bug : 899170

 

The Qualys Research Labs discovered multiple vulnerabilities in procps,

a set of command line and full screen utilities for browsing procfs. The

Common Vulnerabilities and Exposures project identifies the following

problems:

 

CVE-2018-1122

 

top read its configuration from the current working directory if no

$HOME was configured. If top were started from a directory writable

by the attacker (such as /tmp) this could result in local privilege

escalation.

 

CVE-2018-1123

 

Denial of service against the ps invocation of another user.

 

CVE-2018-1124

 

An integer overflow in the file2strvec() function of libprocps could

result in local privilege escalation.

 

CVE-2018-1125

 

A stack-based buffer overflow in pgrep could result in denial

of service for a user using pgrep for inspecting a specially

crafted process.

 

CVE-2018-1126

 

Incorrect integer size parameters used in wrappers for standard C

allocators could cause integer truncation and lead to integer

overflow issues.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2:3.3.9-9+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 2:3.3.12-3+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4209-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 25, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : thunderbird

CVE ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159

CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170

CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185

 

Multiple security issues have been found in Thunderbird, which may lead

to the execution of arbitrary code, denial of service or attacks on

encrypted emails.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1:52.8.0-1~deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 1:52.8.0-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4210-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 25, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2018-3639

 

This update provides mitigations for the Spectre v4 variant in x86-based

micro processors. On Intel CPUs this requires updated microcode which

is currently not released publicly (but your hardware vendor may have

issued an update). For servers with AMD CPUs no microcode update is

needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html

for further information.

 

For the stable distribution (stretch), this problem has been fixed in

version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4211-1 security@debian.org

https://www.debian.org/security/ Luciano Bello

May 25, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xdg-utils

CVE ID : CVE-2017-18266

Debian Bug : 898317

 

Gabriel Corona discovered that xdg-utils, a set of tools for desktop

environment integration, is vulnerable to argument injection attacks. If

the environment variable BROWSER in the victim host has a "%s" and the

victim opens a link crafted by an attacker with xdg-open, the malicious

party could manipulate the parameters used by the browser when opened.

This manipulation could set, for example, a proxy to which the network

traffic could be intercepted for that particular execution.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.1.0~rc1+git20111210-7.4+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.1.1-1+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4206-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 26, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gitlab

Debian Bug : 900066

 

The gitlab security update announced as DSA-4206-1 caused regressions

when creating merge requests (returning 500 Internal Server Errors) due

to an issue in the patch to address CVE-2017-0920. Updated packages are

now available to correct this issue.

 

For the stable distribution (stretch), this problem has been fixed in

version 8.13.11+dfsg1-8+deb9u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4212-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 29, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : git

CVE ID : CVE-2018-11235

 

Etienne Stalmans discovered that git, a fast, scalable, distributed

revision control system, is prone to an arbitrary code execution

vulnerability exploitable via specially crafted submodule names in a

.gitmodules file.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1:2.1.4-2.1+deb8u6.

 

For the stable distribution (stretch), this problem has been fixed in

version 1:2.11.0-3+deb9u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4213-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 29, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124

CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381

CVE-2017-18043 CVE-2018-5683 CVE-2018-7550

Debian Bug : 877890 880832 880836 882136 883399 883625 884806 886532

887392 892041

 

Several vulnerabilities were discovered in qemu, a fast processor

emulator.

 

CVE-2017-15038

 

Tuomas Tynkkynen discovered an information leak in 9pfs.

 

CVE-2017-15119

 

Eric Blake discovered that the NBD server insufficiently restricts

large option requests, resulting in denial of service.

 

CVE-2017-15124

 

Daniel Berrange discovered that the integrated VNC server

insufficiently restricted memory allocation, which could result in

denial of service.

 

CVE-2017-15268

 

A memory leak in websockets support may result in denial of service.

 

CVE-2017-15289

 

Guoxiang Niu discovered an OOB write in the emulated Cirrus graphics

adaptor which could result in denial of service.

 

CVE-2017-16845

 

Cyrille Chatras discovered an information leak in PS/2 mouse and

keyboard emulation which could be exploited during instance

migration.

 

CVE-2017-17381

 

Dengzhan Heyuandong Bijunhua and Liweichao discovered that an

implementation error in the virtio vring implementation could result

in denial of service.

 

CVE-2017-18043

 

Eric Blake discovered an integer overflow in an internally used

macro which could result in denial of service.

 

CVE-2018-5683

 

Jiang Xin and Lin ZheCheng discovered an OOB memory access in the

emulated VGA adaptor which could result in denial of service.

 

CVE-2018-7550

 

Cyrille Chatras discovered that an OOB memory write when using

multiboot could result in the execution of arbitrary code.

 

This update also backports a number of mitigations against the Spectre

v2 vulnerability affecting modern CPUs (CVE-2017-5715). For additional

information please refer to

https://www.qemu.org/2018/01/04/spectre/

 

For the stable distribution (stretch), these problems have been fixed in

version 1:2.8+dfsg-6+deb9u4.

Link to comment
Share on other sites

------------------------------------------------------------------------

The Debian Project https://www.debian.org/

Debian 7 Long Term Support reaching end-of-life press@debian.org

June 1st, 2018 https://www.debian.org/News/2018/20180601

------------------------------------------------------------------------

 

 

The Debian Long Term Support (LTS) Team hereby announces that Debian 7

"Wheezy" support has reached its end-of-life on May 31, 2018, five years

after its initial release on May 4, 2013.

 

Debian will not provide further security updates for Debian 7. A subset

of Wheezy packages will be supported by external parties. Detailed

information can be found at Extended LTS [1].

 

1: https://wiki.debian.org/LTS/Extended

 

The LTS Team will prepare the transition to Debian 8 "Jessie", which is

the current oldstable release. The LTS team will take over support from

the Security Team on June 17, 2018.

 

Debian 8 will also receive Long Term Support for five years after its

initial release with support ending on June 30, 2020. The supported

architectures include amd64, i386, armel and armhf.

 

For further information about using Jessie LTS and upgrading from Wheezy

LTS, please refer to LTS/Using [2].

 

2: https://wiki.debian.org/LTS/Using

 

Debian and its LTS Team would like to thank all contributing users,

developers and sponsors who are making it possible to extend the life of

previous stable releases, and who have made this LTS a success.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4214-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 01, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : zookeeper

CVE ID : CVE-2018-8012

 

It was discovered that Zookeeper, a service for maintaining configuration

information, enforced no authentication/authorisation when a server

attempts to join a Zookeeper quorum.

 

This update backports authentication support. Additional configuration

steps are needed, please see

https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication

for additional information.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.4.9-3+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.4.9-3+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4215-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 02, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : batik

CVE ID : CVE-2017-5662 CVE-2018-8013

Debian Bug : 860566 899374

 

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a

toolkit for processing SVG images, did not properly validate its

input. This would allow an attacker to cause a denial-of-service,

mount cross-site scripting attacks, or access restricted files on the

server.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1.7+dfsg-5+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 1.8-4+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4216-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 02, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : prosody

CVE ID : CVE-2018-10847

Debian Bug : 900524

 

It was discovered that Prosody, a lightweight Jabber/XMPP server, does

not properly validate client-provided parameters during XMPP stream

restarts, allowing authenticated users to override the realm associated

with their session, potentially bypassing security policies and allowing

impersonation.

 

Details can be found in the upstream advisory at

https://prosody.im/security/advisory_20180531/

 

For the oldstable distribution (jessie), this problem has been fixed

in version 0.9.7-2+deb8u4.

 

For the stable distribution (stretch), this problem has been fixed in

version 0.9.12-2+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4191-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 03, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : redmine

Debian Bug : 900283

 

The redmine security update announced as DSA-4191-1 caused regressions

with multi-value fields while doing queries on project issues due to an

bug in the patch to address CVE-2017-15569. Updated packages are now

available to correct this issue.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.3.1-4+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4217-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 03, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2018-9273 CVE-2018-7320 CVE-2018-7334 CVE-2018-7335

CVE-2018-7419 CVE-2018-9261 CVE-2018-9264 CVE-2018-11358

CVE-2018-11360 CVE-2018-11362

 

It was discovered that Wireshark, a network protocol analyzer, contained

several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC,

IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial

of service or the execution of arbitrary code.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1.12.1+g01b65bf-4+deb8u14.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.2.6+g32dac6a-2+deb9u3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4218-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 06, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : memcached

CVE ID : CVE-2017-9951 CVE-2018-1000115 CVE-2018-1000127

Debian Bug : 868701 894404

 

Several vulnerabilities were discovered in memcached, a high-performance

memory object caching system. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2017-9951

 

Daniel Shapira reported a heap-based buffer over-read in memcached

(resulting from an incomplete fix for CVE-2016-8705) triggered by

specially crafted requests to add/set a key and allowing a remote

attacker to cause a denial of service.

 

CVE-2018-1000115

 

It was reported that memcached listens to UDP by default. A remote

attacker can take advantage of it to use the memcached service as a

DDoS amplifier.

 

Default installations of memcached in Debian are not affected by

this issue as the installation defaults to listen only on localhost.

This update disables the UDP port by default. Listening on the UDP

can be re-enabled in the /etc/memcached.conf (cf.

/usr/share/doc/memcached/NEWS.Debian.gz).

 

CVE-2018-1000127

 

An integer overflow was reported in memcached, resulting in resource

leaks, data corruption, deadlocks or crashes.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1.4.21-1.1+deb8u2.

 

For the stable distribution (stretch), these problems have been fixed in

version 1.4.33-1+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4219-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jruby

CVE ID : CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076

CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079

Debian Bug : 895778

 

Several vulnerabilities were discovered in jruby, a Java

implementation of the Ruby programming language. They would allow an

attacker to use specially crafted gem files to mount cross-site

scripting attacks, cause denial of service through an infinite loop,

write arbitrary files, or run malicious code.

 

For the stable distribution (stretch), these problems have been fixed in

version 1.7.26-1+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4220-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2018-6126

 

Ivan Fratric discovered a buffer overflow in the Skia graphics library

used by Firefox, which could result in the execution of arbitrary code.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 52.8.1esr-1~deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 52.8.1esr-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4221-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libvncserver

CVE ID : CVE-2018-7225

 

Alexander Peslyak discovered that insufficient input sanitising of RFB

packets in LibVNCServer could result in the disclosure of memory

contents.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 0.9.9+dfsg2-6.1+deb8u3.

 

For the stable distribution (stretch), this problem has been fixed in

version 0.9.11+dfsg-1+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4222-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnupg2

CVE ID : CVE-2018-12020

 

Marcus Brinkmann discovered that GnuGPG performed insufficient

sanitisation of file names displayed in status messages, which could be

abused to fake the verification status of a signed email.

 

Details can be found in the upstream advisory at

https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

 

For the oldstable distribution (jessie), this problem has been fixed

in version 2.0.26-6+deb8u2.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.1.18-8~deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4223-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnupg1

CVE ID : CVE-2018-12020

Debian Bug : 901088

 

Marcus Brinkmann discovered that GnuGPG performed insufficient

sanitisation of file names displayed in status messages, which could be

abused to fake the verification status of a signed email.

 

Details can be found in the upstream advisory at

https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

 

For the stable distribution (stretch), this problem has been fixed in

version 1.4.21-4+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4224-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 08, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnupg

CVE ID : CVE-2018-12020

 

Marcus Brinkmann discovered that GnuGPG performed insufficient

sanitisation of file names displayed in status messages, which could be

abused to fake the verification status of a signed email.

 

Details can be found in the upstream advisory at

https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.4.18-7+deb8u5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4225-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 10, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796

CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800

CVE-2018-2814 CVE-2018-2815

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in denial of

service, sandbox bypass, execution of arbitrary code or bypass of JAR

signature validation.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 7u181-2.6.14-1~deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4226-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 12, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : perl

CVE ID : CVE-2018-12015

Debian Bug : 900834

 

Jakub Wilk discovered a directory traversal flaw in the Archive::Tar

module, allowing an attacker to overwrite any file writable by the

extracting user via a specially crafted tar archive.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 5.20.2-3+deb8u11.

 

For the stable distribution (stretch), this problem has been fixed in

version 5.24.1-3+deb9u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4227-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 12, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : plexus-archiver

CVE ID : CVE-2018-1002200

Debian Bug : 900953

 

Danny Grander discovered a directory traversal flaw in plexus-archiver,

an Archiver plugin for the Plexus compiler system, allowing an attacker

to overwrite any file writable by the extracting user via a specially

crafted Zip archive.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.2-1+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.2-1+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4228-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 14, 2018 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : spip

CVE ID : CVE-2017-15736

Debian Bug : 879954

 

Several vulnerabilities were found in SPIP, a website engine for

publishing, resulting in cross-site scripting and PHP injection.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.0.17-2+deb8u4.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.1.4-4~deb9u1.

Link to comment
Share on other sites

 Share

×
×
  • Create New...