debian NEW UPDATES Debian

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4447-2 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

Jun 20, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : intel-microcode

CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

CVE-2019-11091

 

DSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as

mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.

 

This update provides additional support for some Sandybridge server

and Core-X CPUs which were not covered in the original May microcode

release. For a list of specific CPU models now supported please refer

to the entries listed under CPUID 206D6 and 206D7 at

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

 

For the stable distribution (stretch), these problems have been fixed in

version 3.20190618.1~deb9u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4468-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 21, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php-horde-form

CVE ID : CVE-2019-9858

Debian Bug : 930321

 

A path traversal vulnerability due to an unsanitized POST parameter was

discovered in php-horde-form, a package providing form rendering,

validation, and other functionality for the Horde Application Framework.

An attacker can take advantage of this flaw for remote code execution.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.0.15-1+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4469-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 22, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libvirt

CVE ID : CVE-2019-10161 CVE-2019-10167

 

Two vulnerabilities were discovered in Libvirt, a virtualisation

abstraction library, allowing an API client with read-only permissions

to execute arbitrary commands via the virConnectGetDomainCapabilities

API, or read or execute arbitrary files via the

virDomainSaveImageGetXMLDesc API.

 

Additionally the libvirt's cpu map was updated to make addressing

CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,

CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting

the md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU

models without having to fall back to host-passthrough.

 

For the stable distribution (stretch), these problems have been fixed in

version 3.0.0-4+deb9u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4467-2 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 23, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vim

CVE ID : CVE-2019-12735

 

The update for vim released as DSA 4467-1 introduced a regression which

broke syntax highlighting in some circumstances. Updated vim packages

are now available to correct this issue.

 

For the stable distribution (stretch), this problem has been fixed in

version 8.0.0197-4+deb9u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4470-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 23, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pdns

CVE ID : CVE-2019-10162 CVE-2019-10163

 

Two vulnerabilities have been discovered in pdns, an authoritative DNS

server which may result in denial of service via malformed zone records

and excessive NOTIFY packets in a master/slave setup.

 

For the stable distribution (stretch), these problems have been fixed in

version 4.0.3-1+deb9u5.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4471-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 24, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : thunderbird

CVE ID : CVE-2019-11707 CVE-2019-11708

 

Multiple security issues have been found in Thunderbird which may lead

to the execution of arbitrary code if malformed email messages are read.

 

For the stable distribution (stretch), these problems have been fixed in

version 1:60.7.2-1~deb9u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4472-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 28, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : expat

CVE ID : CVE-2018-20843

Debian Bug : 931031

 

It was discovered that Expat, an XML parsing C library, did not properly

handled XML input including XML names that contain a large number of

colons, potentially resulting in denial of service.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.2.0-2+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4473-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 28, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rdesktop

Debian Bug : 930387

 

Multiple security issues were found in the rdesktop RDP client, which

could result in denial of service and the execution of arbitrary code.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.8.6-2~deb9u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4474-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 01, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2019-11708

 

A sandbox escape was found in the Mozilla Firefox web browser, which

could potentially result in the execution of arbitrary code if

combined with additional vulnerabilities.

 

For the stable distribution (stretch), this problem has been fixed in

version 60.7.2esr-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4475-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 01, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2019-1543

 

Joran Dirk Greef discovered that overly long nonces used with

ChaCha20-Poly1305 were incorrectly processed and could result in nonce

reuse. This doesn't affect OpenSSL-internal uses of ChaCha20-Poly1305

such as TLS.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.1.0k-1~deb9u1. This DSA also upgrades openssl1.0 (which

itself is not affected by CVE-2019-1543) to 1.0.2s-1~deb9u1

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4476-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 05, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-django

CVE ID : CVE-2019-6975 CVE-2019-12308 CVE-2019-12781

 

Three security issues were found in Django, a Python web development

framework, which could result in denial of service, incomplete

sanitisation of clickable links or missing redirects of HTTP requests

to HTTPS.

 

For the stable distribution (stretch), these problems have been fixed in

version 1:1.10.7-2+deb9u5.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4477-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 08, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : zeromq3

CVE ID : CVE-2019-13132

 

Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a

lightweight messaging kernel library. A remote, unauthenticated client

connecting to an application using the libzmq library, running with a

socket listening with CURVE encryption/authentication enabled, can take

advantage of this flaw to cause a denial of service or the execution of

arbitrary code.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 4.2.1-4+deb9u2.

 

For the stable distribution (buster), this problem has been fixed in

version 4.3.1-4+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4478-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 10, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dosbox

CVE ID : CVE-2019-7165 CVE-2019-12594

 

Two vulnerabilities were discovered in the DOSBox emulator, which could

result in the execution of arbitrary code on the host running DOSBox

when running a malicious executable in the emulator.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 0.74-4.2+deb9u2.

 

For the stable distribution (buster), these problems have been fixed in

version 0.74-2-3+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4479-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 11, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712

CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730

CVE-2019-11719 CVE-2019-11729

 

Multiple security issues have been found in the Mozilla Firefox web

browser, which could potentially result in the execution of arbitrary

code, cross-site scripting, spoofing, information disclosure, denial of

service or cross-site request forgery.

 

 

For the oldstable distribution (stretch), these problems have been fixed

in version 60.8.0esr-1~deb9u1.

 

For the stable distribution (buster), these problems have been fixed in

version 60.8.0esr-1~deb10u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4480-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 11, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : redis

CVE ID : CVE-2019-10192 CVE-2019-10193

 

Multiple vulnerabilities were discovered in the HyperLogLog implementation

of Redis, a persistent key-value database, which could result in denial

of service or potentially the execution of arbitrary code.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 3:3.2.6-3+deb9u3.

 

For the stable distribution (buster), these problems have been fixed in

version 5:5.0.3-4+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4481-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 13, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby-mini-magick

CVE ID : CVE-2019-13574

Debian Bug : 931932

 

Harsh Jaiswal discovered a remote shell execution vulnerability in

ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick

or GraphicsMagick, exploitable when using MiniMagick::Image.open with

specially crafted URLs coming from unsanitized user input.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 4.5.1-1+deb9u1.

 

For the stable distribution (buster), this problem has been fixed in

version 4.9.2-1+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4482-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 14, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : thunderbird

CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712

CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730

 

Multiple security issues have been found in Thunderbird which could

potentially result in the execution of arbitrary code, cross-site

scripting, spoofing, information disclosure, denial of service or

cross-site request forgery.

 

CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in

buster Thunderbird uses the system-wide copy of NSS which will be updated

separately.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1:60.8.0-1~deb9u1.

 

For the stable distribution (buster), these problems have been fixed in

version 1:60.8.0-1~deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4483-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 16, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libreoffice

CVE ID : CVE-2019-9848 CVE-2019-9849

 

Two security issues have been discovered in LibreOffice:

 

CVE-2019-9848

 

Nils Emmerich discovered that malicious documents could execute

arbitrary Python code via LibreLogo.

 

CVE-2019-9849

 

Matei Badanoiu discovered that the stealth mode did not apply to

bullet graphics.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1:5.2.7-1+deb9u9.

 

For the stable distribution (buster), these problems have been fixed in

version 1:6.1.5-3+deb10u2.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4484-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 20, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2019-13272

 

Jann Horn discovered that the ptrace subsystem in the Linux kernel

mishandles the management of the credentials of a process that wants to

create a ptrace relationship, allowing a local user to obtain root

privileges under certain scenarios.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 4.9.168-1+deb9u4.

 

For the stable distribution (buster), this problem has been fixed in

version 4.19.37-5+deb10u1. This update includes as well a patch for a

regression introduced by the original fix for CVE-2019-11478 (#930904).

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4485-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 21, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-8

CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786

CVE-2019-2816 CVE-2019-2842

 

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

resulting in information disclosure, denial of service or bypass of

sandbox restrictions. In addition the implementation of elliptic curve

cryptography was modernised.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 8u222-b10-1~deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4486-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 21, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-11

CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786

CVE-2019-2816 CVE-2019-2818 CVE-2019-2821

 

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

resulting in information disclosure, denial of service or bypass of

sandbox restrictions. In addition the implementation of elliptic curve

cryptography was modernised.

 

For the stable distribution (buster), these problems have been fixed in

version 11.0.4+11-1~deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4487-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

July 23, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : neovim

CVE ID : CVE-2019-12735

 

User "Arminius" discovered a vulnerability in Vim, an enhanced version of the

standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an

extensible editor focused on modern code and features:

 

Editors typically provide a way to embed editor configuration commands (aka

modelines) which are executed once a file is opened, while harmful commands

are filtered by a sandbox mechanism. It was discovered that the "source"

command (used to include and execute another file) was not filtered, allowing

shell command execution with a carefully crafted file opened in Neovim.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 0.1.7-4+deb9u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4488-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 25, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : exim4

CVE ID : CVE-2019-13917

 

Jeremy Harris discovered that Exim, a mail transport agent, does not

properly handle the ${sort } expansion. This flaw can be exploited by a

remote attacker to execute programs with root privileges in non-default

(and unusual) configurations where ${sort } expansion is used for items

that can be controlled by an attacker.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 4.89-2+deb9u5.

 

For the stable distribution (buster), this problem has been fixed in

version 4.92-8+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4489-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 27, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : patch

CVE ID : CVE-2019-13636 CVE-2019-13638

Debian Bug : 932401 933140

 

Imre Rad discovered several vulnerabilities in GNU patch, leading to

shell command injection or escape from the working directory and access

and overwrite files, if specially crafted patch files are processed.

 

This update includes a bugfix for a regression introduced by the patch

to address CVE-2018-1000156 when applying an ed-style patch (#933140).

 

For the oldstable distribution (stretch), these problems have been fixed

in version 2.7.5-1+deb9u2.

 

For the stable distribution (buster), these problems have been fixed in

version 2.7.6-3+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4490-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

August 01, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : subversion

CVE ID : CVE-2018-11782 CVE-2019-0203

 

Several vulnerabilities were discovered in Subversion, a version control

system. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2018-11782

 

Ace Olszowka reported that the Subversion's svnserve server process

may exit when a well-formed read-only request produces a particular

answer, leading to a denial of service.

 

CVE-2019-0203

 

Tomas Bortoli reported that the Subversion's svnserve server process

may exit when a client sends certain sequences of protocol commands.

If the server is configured with anonymous access enabled this could

lead to a remote unauthenticated denial of service.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1.9.5-1+deb9u4.

 

For the stable distribution (buster), these problems have been fixed in

version 1.10.4-1+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4491-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 04, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : proftpd-dfsg

CVE ID : CVE-2019-12815

Debian Bug : 932453

 

Tobias Maedel discovered that the mod_copy module of ProFTPD, a

FTP/SFTP/FTPS server, performed incomplete permission validation for

the CPFR/CPTO commands.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 1.3.5b-4+deb9u1.

 

For the stable distribution (buster), this problem has been fixed in

version 1.3.6-4+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4492-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 08, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-9.6

CVE ID : CVE-2019-10208

 

A issue has been discovered in the PostgreSQL database system, which

could result in privilege escalation.

 

For additional information please refer to the upstream announcement at

https://www.postgresql.org/about/news/1960/

 

For the oldstable distribution (stretch), these problems have been fixed

in version 9.6.15-0+deb9u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4493-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 08, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-11

CVE ID : CVE-2019-10208 CVE-2019-10209

 

Two security issues have been discovered in the PostgreSQL database

system, which could result in privilege escalation, denial of service or

memory disclosure.

 

For additional information please refer to the upstream announcement at

https://www.postgresql.org/about/news/1960/

 

For the stable distribution (buster), these problems have been fixed in

version 11.5-1+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4497-1 security@debian.org

https://www.debian.org/security/ Ben Hutchings

August 13, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856

CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207

CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648

CVE-2019-14283 CVE-2019-14284

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

 

CVE-2015-8553

 

Jan Beulich discovered that CVE-2015-2150 was not completely

addressed. If a PCI physical function is passed through to a

Xen guest, the guest is able to access its memory and I/O

regions before enabling decoding of those regions. This could

result in a denial-of-service (unexpected NMI) on the host.

 

The fix for this is incompatible with qemu versions before 2.5.

 

(CVE ID not yet assigned)

 

Denis Andzakovic reported a missing type check in the IPv4 multicast

routing implementation. A user with the CAP_NET_ADMIN capability (in

any user namespace) could use this for denial-of-service (memory

corruption or crash) or possibly for privilege escalation.

 

CVE-2018-5995

 

ADLab of VenusTech discovered that the kernel logged the virtual

addresses assigned to per-CPU data, which could make it easier to

exploit other vulnerabilities.

 

CVE-2018-20836

 

chenxiang reported a race condition in libsas, the kernel

subsystem supporting Serial Attached SCSI (SAS) devices, which

could lead to a use-after-free. It is not clear how this might be

exploited.

 

CVE-2018-20856

 

Xiao Jin reported a potential double-free in the block subsystem,

in case an error occurs while initialising the I/O scheduler for a

block device. It is not clear how this might be exploited.

 

CVE-2019-1125

 

It was discovered that most x86 processors could speculatively

skip a conditional SWAPGS instruction used when entering the

kernel from user mode, and/or could speculatively execute it when

it should be skipped. This is a subtype of Spectre variant 1,

which could allow local users to obtain sensitive information from

the kernel or other processes. It has been mitigated by using

memory barriers to limit speculative execution. Systems using an

i386 kernel are not affected as the kernel does not use SWAPGS.

 

CVE-2019-3882

 

It was found that the vfio implementation did not limit the number

of DMA mappings to device memory. A local user granted ownership

of a vfio device could use this to cause a denial of service

(out-of-memory condition).

 

CVE-2019-3900

 

It was discovered that vhost drivers did not properly control the

amount of work done to service requests from guest VMs. A

malicious guest could use this to cause a denial-of-service

(unbounded CPU usage) on the host.

 

CVE-2019-10207

 

The syzkaller tool found a potential null dereference in various

drivers for UART-attached Bluetooth adapters. A local user with

access to a pty device or other suitable tty device could use this

for denial-of-service (BUG/oops).

 

CVE-2019-10638

 

Amit Klein and Benny Pinkas discovered that the generation of IP

packet IDs used a weak hash function, "jhash". This could enable

tracking individual computers as they communicate with different

remote servers and from different networks. The "siphash"

function is now used instead.

 

CVE-2019-10639

 

Amit Klein and Benny Pinkas discovered that the generation of IP

packet IDs used a weak hash function that incorporated a kernel

virtual address. This hash function is no longer used for IP IDs,

although it is still used for other purposes in the network stack.

 

CVE-2019-13631

 

It was discovered that the gtco driver for USB input tablets could

overrun a stack buffer with constant data while parsing the device's

descriptor. A physically present user with a specially

constructed USB device could use this to cause a denial-of-service

(BUG/oops), or possibly for privilege escalation.

 

CVE-2019-13648

 

Praveen Pandey reported that on PowerPC (ppc64el) systems without

Transactional Memory , the kernel would still attempt to

restore TM state passed to the sigreturn() system call. A local

user could use this for denial-of-service (oops).

 

CVE-2019-14283

 

The syzkaller tool found a missing bounds check in the floppy disk

driver. A local user with access to a floppy disk device, with a

disk present, could use this to read kernel memory beyond the

I/O buffer, possibly obtaining sensitive information.

 

CVE-2019-14284

 

The syzkaller tool found a potential division-by-zero in the

floppy disk driver. A local user with access to a floppy disk

device could use this for denial-of-service (oops).

 

(CVE ID not yet assigned)

 

Denis Andzakovic reported a possible use-after-free in the

TCP sockets implementation. A local user could use this for

denial-of-service (memory corruption or crash) or possibly

for privilege escalation.

 

(CVE ID not yet assigned)

 

The netfilter conntrack subsystem used kernel addresses as

user-visible IDs, which could make it easier to exploit other

security vulnerabilities.

 

XSA-300

 

Julien Grall reported that Linux does not limit the amount of memory

which a domain will attempt to baloon out, nor limits the amount of

"foreign / grant map" memory which any individual guest can consume,

leading to denial of service conditions (for host or guests).

 

For the oldstable distribution (stretch), these problems have been fixed

in version 4.9.168-1+deb9u5.

 

For the stable distribution (buster), these problems were mostly fixed

in version 4.19.37-5+deb10u2 or earlier.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4500-1 security@debian.org

https://www.debian.org/security/ Michael Gilbert

August 12, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium

CVE ID : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808

CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813

CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819

CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823

CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827

CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831

CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836

CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840

CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849

CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853

CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857

CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861

CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867

CVE-2019-5868

 

Several vulnerabilities have been discovered in the chromium web browser.

 

CVE-2019-5805

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2019-5806

 

Wen Xu discovered an integer overflow issue in the Angle library.

 

CVE-2019-5807

 

TimGMichaud discovered a memory corruption issue in the v8 javascript

library.

 

CVE-2019-5808

 

cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

 

CVE-2019-5809

 

Mark Brand discovered a use-after-free issue in Blink/Webkit.

 

CVE-2019-5810

 

Mark Amery discovered an information disclosure issue.

 

CVE-2019-5811

 

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing

feature.

 

CVE-2019-5813

 

Aleksandar Nikolic discovered an out-of-bounds read issue in the v8

javascript library.

 

CVE-2019-5814

 

@AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource

Sharing feature.

 

CVE-2019-5815

 

Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.

 

CVE-2019-5818

 

Adrian Tolbaru discovered an uninitialized value issue.

 

CVE-2019-5819

 

Svyat Mitin discovered an error in the developer tools.

 

CVE-2019-5820

 

pdknsk discovered an integer overflow issue in the pdfium library.

 

CVE-2019-5821

 

pdknsk discovered another integer overflow issue in the pdfium library.

 

CVE-2019-5822

 

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing

feature.

 

CVE-2019-5823

 

David Erceg discovered a navigation error.

 

CVE-2019-5824

 

leecraso and Guang Gong discovered an error in the media player.

 

CVE-2019-5825

 

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an

out-of-bounds write issue in the v8 javascript library.

 

CVE-2019-5826

 

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a

use-after-free issue.

 

CVE-2019-5827

 

mlfbrown discovered an out-of-bounds read issue in the sqlite library.

 

CVE-2019-5828

 

leecraso and Guang Gong discovered a use-after-free issue.

 

CVE-2019-5829

 

Lucas Pinheiro discovered a use-after-free issue.

 

CVE-2019-5830

 

Andrew Krashichkov discovered a credential error in the Cross-Origin

Resource Sharing feature.

 

CVE-2019-5831

 

yngwei discovered a map error in the v8 javascript library.

 

CVE-2019-5832

 

Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing

feature.

 

CVE-2019-5833

 

Khalil Zhani discovered a user interface error.

 

CVE-2019-5834

 

Khalil Zhani discovered a URL spoofing issue.

 

CVE-2019-5836

 

Omair discovered a buffer overflow issue in the Angle library.

 

CVE-2019-5837

 

Adam Iawniuk discovered an information disclosure issue.

 

CVE-2019-5838

 

David Erceg discovered an error in extension permissions.

 

CVE-2019-5839

 

Masato Kinugawa discovered implementation errors in Blink/Webkit.

 

CVE-2019-5840

 

Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

 

CVE-2019-5842

 

BUGFENSE discovered a use-after-free issue in Blink/Webkit.

 

CVE-2019-5847

 

m3plex discovered an error in the v8 javascript library.

 

CVE-2019-5848

 

Mark Amery discovered an information disclosure issue.

 

CVE-2019-5849

 

Zhen Zhou discovered an out-of-bounds read in the Skia library.

 

CVE-2019-5850

 

Brendon Tiszka discovered a use-after-free issue in the offline page

fetcher.

 

CVE-2019-5851

 

Zhe Jin discovered a use-after-poison issue.

 

CVE-2019-5852

 

David Erceg discovered an information disclosure issue.

 

CVE-2019-5853

 

Yngwei and sakura discovered a memory corruption issue.

 

CVE-2019-5854

 

Zhen Zhou discovered an integer overflow issue in the pdfium library.

 

CVE-2019-5855

 

Zhen Zhou discovered an integer overflow issue in the pdfium library.

 

CVE-2019-5856

 

Yongke Wang discovered an error related to file system URL permissions.

 

CVE-2019-5857

 

cloudfuzzer discovered a way to crash chromium.

 

CVE-2019-5858

 

evil1m0 discovered an information disclosure issue.

 

CVE-2019-5859

 

James Lee discovered a way to launch alternative browsers.

 

CVE-2019-5860

 

A use-after-free issue was discovered in the v8 javascript library.

 

CVE-2019-5861

 

Robin Linus discovered an error determining click location.

 

CVE-2019-5862

 

Jun Kokatsu discovered an error in the AppCache implementation.

 

CVE-2019-5864

 

Devin Grindle discovered an error in the Cross-Origin Resourse Sharing

feature for extensions.

 

CVE-2019-5865

 

Ivan Fratric discovered a way to bypass the site isolation feature.

 

CVE-2019-5867

 

Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript

library.

 

CVE-2019-5868

 

banananapenguin discovered a use-after-free issue in the v8 javascript

library.

 

For the stable distribution (buster), these problems have been fixed in

version 76.0.3809.100-1~deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4501-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 15, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libreoffice

CVE ID : CVE-2019-9850 CVE-2019-9851 CVE-2019-9852

 

It was discovered that the code fixes to address CVE-2018-16858 and

CVE-2019-9848 were not complete.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1:5.2.7-1+deb9u10.

 

For the stable distribution (buster), these problems have been fixed in

version 1:6.1.5-3+deb10u3.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4502-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 16, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ffmpeg

CVE ID : CVE-2019-12730

 

Several vulnerabilities have been discovered in the FFmpeg multimedia

framework, which could result in denial of service or potentially the

execution of arbitrary code if malformed files/streams are processed.

 

For the stable distribution (buster), this problem has been fixed in

version 7:4.1.4-1~deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4503-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 18, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : golang-1.11

CVE ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809

 

Three vulnerabilities have been discovered in the Go programming language;

"net/url" accepted some invalid hosts in URLs which could result in

authorisation bypass in some applications and the HTTP/2 implementation

was susceptible to denial of service.

 

For the stable distribution (buster), these problems have been fixed in

version 1.11.6-1+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4504-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 20, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vlc

CVE ID : CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438

CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535

CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970

 

Multiple security issues were discovered in the VLC media player, which

could result in the execution of arbitrary code or denial of service if

a malformed file/stream is processed.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 3.0.8-0+deb9u1.

 

For the stable distribution (buster), these problems have been fixed in

version 3.0.8-0+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4505-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 22, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nginx

CVE ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516

 

Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a

high-performance web and reverse proxy server, which could result in

denial of service.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1.10.3-1+deb9u3.

 

For the stable distribution (buster), these problems have been fixed in

version 1.14.2-2+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4506-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 24, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2018-20815 CVE-2019-13164 CVE-2019-14378

Debian Bug : 873012 933741 931351

 

Multiple security issues were discovered in QEMU, a fast processor

emulator, which could result in denial of service, the execution of

arbitrary code or bypass of ACLs.

 

In addition this update fixes a regression which could cause NBD

connections to hang.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1:2.8+dfsg-6+deb9u8.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4507-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

August 24, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squid

CVE ID : CVE-2019-12525 CVE-2019-12527 CVE-2019-12529 CVE-2019-12854

CVE-2019-13345

Debian Bug : 931478

 

Several vulnerabilities were discovered in Squid, a fully featured web

proxy cache. The flaws in the HTTP Digest Authentication processing, the

HTTP Basic Authentication processing and in the cachemgr.cgi allowed

remote attackers to perform denial of service and cross-site scripting

attacks, and potentially the execution of arbitrary code.

 

For the stable distribution (buster), these problems have been fixed in

version 4.6-1+deb10u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4508-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

August 24, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : h2o

CVE ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-9515

 

Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP

server, which could result in denial of service.

 

For the stable distribution (buster), these problems have been fixed in

version 2.2.5+dfsg2-2+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4509-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

August 26, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apache2

CVE ID : CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092

CVE-2019-10097 CVE-2019-10098

 

Several vulnerabilities have been found in the Apache HTTPD server.

 

CVE-2019-9517

 

Jonathan Looney reported that a malicious client could perform a

denial of service attack (exhausting h2 workers) by flooding a

connection with requests and basically never reading responses on

the TCP connection.

 

CVE-2019-10081

 

Craig Young reported that HTTP/2 PUSHes could lead to an overwrite

of memory in the pushing request's pool, leading to crashes.

 

CVE-2019-10082

 

Craig Young reported that the HTTP/2 session handling could be made

to read memory after being freed, during connection shutdown.

 

CVE-2019-10092

 

Matei "Mal" Badanoiu reported a limited cross-site scripting

vulnerability in the mod_proxy error page.

 

CVE-2019-10097

 

Daniel McCarney reported that when mod_remoteip was configured to

use a trusted intermediary proxy server using the "PROXY" protocol,

a specially crafted PROXY header could trigger a stack buffer

overflow or NULL pointer deference. This vulnerability could only be

triggered by a trusted proxy and not by untrusted HTTP clients. The

issue does not affect the stretch release.

 

CVE-2019-10098

 

Yukitsugu Sasaki reported a potential open redirect vulnerability in

the mod_rewrite module.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 2.4.25-3+deb9u8.

 

For the stable distribution (buster), these problems have been fixed in

version 2.4.38-3+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4510-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

August 28, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dovecot

CVE ID : CVE-2019-11500

 

Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve

protocol parsers in the Dovecot email server do not properly validate

input (both pre- and post-login). A remote attacker can take advantage

of this flaw to trigger out of bounds heap memory writes, leading to

information leaks or potentially the execution of arbitrary code.

 

For the oldstable distribution (stretch), this problem has been fixed

in version 1:2.2.27-3+deb9u5.

 

For the stable distribution (buster), this problem has been fixed in

version 1:2.3.4.1-5+deb10u1.

[sunrat]

- -------------------------------------------------------------------------

Debian Security Advisory DSA-4511-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

September 01, 2019 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nghttp2

CVE ID : CVE-2019-9511 CVE-2019-9513

 

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2

HTTP server, which could result in denial of service.

 

For the oldstable distribution (stretch), these problems have been fixed

in version 1.18.1-1+deb9u1.

 

For the stable distribution (buster), these problems have been fixed in

version 1.36.0-2+deb10u1.