Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1551 replies to this topic

#1526 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 01 February 2019 - 08:39 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4379-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 01, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : golang-1.7
CVE ID         : CVE-2018-7187 CVE-2019-6486

A vulnerability was discovered in the implementation of the P-521 and
P-384 elliptic curves, which could result in denial of service and in
some cases key recovery.

In addition this update fixes a vulnerability in "go get", which could
result in the execution of arbitrary shell commands.

For the stable distribution (stretch), these problems have been fixed in
version 1.7.4-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4380-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 01, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : golang-1.8
CVE ID         : CVE-2018-6574 CVE-2018-7187 CVE-2019-6486

A vulnerability was discovered in the implementation of the P-521 and
P-384 elliptic curves, which could result in denial of service and in
some cases key recovery.

In addition this update fixes two vulnerabilities in "go get", which
could result in the execution of arbitrary shell commands.

For the stable distribution (stretch), these problems have been fixed in
version 1.8.1-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1527 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 03 February 2019 - 06:06 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4381-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 02, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2018-16858

Alex Infuehr discovered a directory traversal vulnerability which could
result in the execution of Python script code when opening a malformed
document.

For the stable distribution (stretch), this problem has been fixed in
version 1:5.2.7-1+deb9u5. In addition this update fixes a bug in the
validation of signed PDFs; it would display an incomplete status message
when dealing with a partial signature.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4382-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 02, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rssh
CVE ID         : CVE-2019-3463 CVE-2019-3464

Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell
that allows users to perform only scp, sftp, cvs, svnserve (Subversion),
rdist and/or rsync operations. Missing validation in the rsync support
could result in the bypass of this restriction, allowing the execution
of arbitrary shell commands.

For the stable distribution (stretch), these problems have been fixed in
version 2.3.4-5+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4383-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 03, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libvncserver
CVE ID         : CVE-2018-6307 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019
                 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023
                 CVE-2018-20024
Debian Bug     : 916941

Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a
library to implement VNC server/client functionalities, which might result in
the execution of arbitrary code, denial of service or information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 0.9.11+dfsg-1.3~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1528 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 05 February 2019 - 09:01 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4384-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 04, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libgd2
CVE ID         : CVE-2019-6977 CVE-2019-6978
Debian Bug     : 920645 920728

Multiple vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation, which may result in
denial of service or potentially the execution of arbitrary code if a
malformed file is processed.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.4-2+deb9u4.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-4385-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 05, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
CVE ID         : CVE-2019-3814

halfdog discovered an authentication bypass vulnerability in the Dovecot
email server. Under some configurations Dovecot mistakenly trusts the
username provided via authentication instead of failing. If there is no
additional password verification, this allows the attacker to login as
anyone else in the system. Only installations using:

        auth_ssl_require_client_cert = yes
        auth_ssl_username_from_cert = yes

are affected by this flaw.

For the stable distribution (stretch), this problem has been fixed in
version 1:2.2.27-3+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1529 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 06 February 2019 - 07:20 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4386-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
February 06, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823

Multiple vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2018-16890

    Wenxiang Qian of Tencent Blade Team discovered that the function
    handling incoming NTLM type-2 messages does not validate incoming
    data correctly and is subject to an integer overflow vulnerability,
    which could lead to an out-of-bounds buffer read.

CVE-2019-3822

    Wenxiang Qian of Tencent Blade Team discovered that the function
    creating an outgoing NTLM type-3 header is subject to an integer
    overflow vulnerability, which could lead to an out-of-bounds write.

CVE-2019-3823

    Brian Carpenter of Geeknik Labs discovered that the code handling
    the end-of-response for SMTP is subject to an out-of-bounds heap
    read.

For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u9.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1530 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 09 February 2019 - 06:56 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4387-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
February 09, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssh
CVE ID         : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111
Debian Bug     : 793412 919101

Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in
OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities
are in found in the scp client implementing the SCP protocol.

CVE-2018-20685

    Due to improper directory name validation, the scp client allows servers to
    modify permissions of the target directory by using empty or dot directory
    name.

CVE-2019-6109

    Due to missing character encoding in the progress display, the object name
    can be used to manipulate the client output, for example to employ ANSI
    codes to hide additional files being transferred.

CVE-2019-6111

    Due to scp client insufficient input validation in path names sent by
    server, a malicious server can do arbitrary file overwrites in target
    directory. If the recursive (-r) option is provided, the server can also
    manipulate subdirectories as well.
    .
    The check added in this version can lead to regression if the client and
    the server have differences in wildcard expansion rules. If the server is
    trusted for that purpose, the check can be disabled with a new -T option to
    the scp client.

For the stable distribution (stretch), these problems have been fixed in
version 1:7.4p1-10+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1531 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 11 February 2019 - 08:16 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4388-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 10, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mosquitto
CVE ID         : CVE-2018-12546 CVE-2018-12550 CVE-2018-12551

Three vulnerabilities were discovered in the Mosquitto MQTT broker, which
could result in authentication bypass. Please refer to
https://mosquitto.or...1-5-6-released/ for additional
information.

For the stable distribution (stretch), these problems have been fixed in
version 1.4.10-3+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1532 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 11 February 2019 - 08:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4389-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
February 11, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libu2f-host
CVE ID         : CVE-2018-20340
Debian Bug     : 921725

Christian Reitter discovered that libu2f-host, a library implementing
the host-side of the U2F protocol, failed to properly check for a
buffer overflow. This would allow an attacker with a custom made
malicious USB device masquerading as a security key, and physical
access to a computer where PAM U2F or an application with libu2f-host
integrated, to potentially execute arbitrary code on that computer.

For the stable distribution (stretch), this problem has been fixed in
version 1.1.2-2+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4377-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 11, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rssh
Debian Bug     : 921655

The update for rssh issued as DSA 4377-1 introduced a regression that
blocked scp of multiple files from a server using rssh. Updated packages
are now available to correct this issue.

For the stable distribution (stretch), this problem has been fixed in
version 2.3.4-5+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1533 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 12 February 2019 - 08:27 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4390-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 12, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : flatpak
CVE ID         : not yet available
Debian Bug     : 922059

It was discovered that Flatpak, an application deployment framework for
desktop apps, insufficiently restricted the execution of "apply_extra"
scripts which could potentially result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 0.8.9-0+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1534 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 14 February 2019 - 07:12 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4391-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 14, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-18356 CVE-2019-5785

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.

For the stable distribution (stretch), these problems have been fixed in
version 60.5.1esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1535 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 18 February 2019 - 05:25 PM

------------------------------------------------------------------------
The Debian Project    https://www.debian.org/
Updated Debian 9: 9.8 released   press@debian.org
February 16th, 2019     https://www.debian.o...s/2019/20190216
------------------------------------------------------------------------


The Debian project is pleased to announce the eighth update of its
stable distribution Debian 9 (codename "stretch"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

The complete lists of packages that have changed with this revision:

http://ftp.debian.or...retch/ChangeLog



- -------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 16, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501
                 CVE-2018-18505 CVE-2018-18509 CVE-2019-5785

Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code, denial of service
or spoofing of S/MIME signatures.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.5.1-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4388-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 17, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mosquitto
Debian Bug     : 922071

Kushal Kumaran reported that the update for mosquitto issued as DSA
4388-1 causes mosquitto to crash when reloading the persistent database.
Updated packages are now available to correct this issue.

For the stable distribution (stretch), this problem has been fixed in
version 1.4.10-3+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4393-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 18, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : systemd
CVE ID         : CVE-2019-6454

Chris Coulson discovered a flaw in systemd leading to denial of service.
An unprivileged user could take advantage of this issue to crash PID1 by
sending a specially crafted D-Bus message on the system bus.

For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u9.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1536 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 19 February 2019 - 12:35 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4394-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 18, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rdesktop
CVE ID         : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794
                 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798
                 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
CVE-2018-20175 CVE-2018-20176 CVE-2018-20177
CVE-2018-20178 CVE-2018-20179 CVE-2018-20180
CVE-2018-20181 CVE-2018-20182

Multiple security issues were found in the rdesktop RDP client, which
could result in denial of service, information disclosure and the
execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 1.8.4-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4395-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
February 18, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
                 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
                 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
                 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
                 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
                 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778
                 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
                 CVE-2019-5783 CVE-2019-5784

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17481

    A use-after-free issue was discovered in the pdfium library.

CVE-2019-5754

    Klzgrad discovered an error in the QUIC networking implementation.

CVE-2019-5755

    Jay Bosamiya discovered an implementation error in the v8 javascript
    library.

CVE-2019-5756

    A use-after-free issue was discovered in the pdfium library.

CVE-2019-5757

    Alexandru Pitis discovered a type confusion error in the SVG image
    format implementation.

CVE-2019-5758

    Zhe Jin discovered a use-after-free issue in blink/webkit.

CVE-2019-5759

    Almog Benin discovered a use-after-free issue when handling HTML pages
    containing select elements.

CVE-2019-5760

    Zhe Jin discovered a use-after-free issue in the WebRTC implementation.

CVE-2019-5762

    A use-after-free issue was discovered in the pdfium library.

CVE-2019-5763

    Guang Gon discovered an input validation error in the v8 javascript
    library.

CVE-2019-5764

    Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.

CVE-2019-5765

    Sergey Toshin discovered a policy enforcement error.

CVE-2019-5766

    David Erceg discovered a policy enforcement error.

CVE-2019-5767

     Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error
     in the WebAPKs user interface.

CVE-2019-5768

    Rob Wu discovered a policy enforcement error in the developer tools.

CVE-2019-5769

    Guy Eshel discovered an input validation error in blink/webkit.

CVE-2019-5770

    hemidallt discovered a buffer overflow issue in the WebGL implementation.

CVE-2019-5772

    Zhen Zhou discovered a use-after-free issue in the pdfium library.

CVE-2019-5773

    Yongke Wong discovered an input validation error in the IndexDB
    implementation.

CVE-2019-5774

    Jnghwan Kang and Juno Im discovered an input validation error in the
    SafeBrowsing implementation.

CVE-2019-5775

    evil1m0 discovered a policy enforcement error.

CVE-2019-5776

    Lnyas Zhang discovered a policy enforcement error.

CVE-2019-5777

    Khalil Zhani discovered a policy enforcement error.

CVE-2019-5778

    David Erceg discovered a policy enforcement error in the Extensions
    implementation.

CVE-2019-5779

    David Erceg discovered a policy enforcement error in the ServiceWorker
    implementation.

CVE-2019-5780

    Andreas Hegenberg discovered a policy enforcement error.

CVE-2019-5781

    evil1m0 discovered a policy enforcement error.

CVE-2019-5782

    Qixun Zhao discovered an implementation error in the v8 javascript library.

CVE-2019-5783

    Shintaro Kobori discovered an input validation error in the developer
    tools.

CVE-2019-5784

    Lucas Pinheiro discovered an implementation error in the v8 javascript
    library.

For the stable distribution (stretch), these problems have been fixed in
version 72.0.3626.96-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1537 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 19 February 2019 - 07:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4396-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 19, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ansible
CVE ID         : CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876
                 CVE-2019-3828

Several vulnerabilities have been found in Ansible, a configuration
management, deployment, and task execution system:

CVE-2018-10855 / CVE-2018-16876

    The no_log task flag wasn't honored, resulting in an information leak.

CVE-2018-10875

    ansible.cfg was read from the current working directory.

CVE-2018-16837

    The user module leaked parameters passed to ssh-keygen to the process
    environment.

CVE-2019-3828

    The fetch module was susceptible to path traversal.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.1.0-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1538 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 23 February 2019 - 05:52 PM

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4377-3                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 22, 2019                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : rssh
CVE ID         : CVE-2019-1000018
Debian Bug     : 919623

The restrictions introduced in the security fix to address
CVE-2019-1000018 also disallowed the -pf and -pt options which are used
by the scp support in libssh2. This update restores support for those.

For the stable distribution (stretch), this problem has been fixed in
version 2.3.4-5+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1539 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 27 February 2019 - 09:44 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4395-2                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
February 26, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
Debian Bug     : 922794 923298

A regression was introduced in the previous chromium security update.  The
browser would always crash when launched in headless mode.  This update fixes
this problem.

A file conflict with the buster chromium packages is also fixed.

For the stable distribution (stretch), this problem has been fixed in
version 72.0.3626.96-1~deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1540 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 28 February 2019 - 07:55 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4397-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 28, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ldb
CVE ID         : CVE-2019-3824

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare()
function of ldb, a LDAP-like embedded database, resulting in denial of
service.

For the stable distribution (stretch), this problem has been fixed in
version 2:1.1.27-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4398-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 28, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.0
CVE ID         : CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023
                 CVE-2019-9024

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: Multiple out-of-bounds memory
accesses were found in the xmlrpc, mbstring and phar extensions and
the dns_get_record() function.

For the stable distribution (stretch), these problems have been fixed in
version 7.0.33-0+deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4399-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 28, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ikiwiki
CVE ID         : CVE-2019-9187

Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki
compiler was susceptible to server-side request forgery, resulting in
information disclosure or denial of service.

For the stable distribution (stretch), this problem has been fixed in
version 3.20170111.1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4400-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 28, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl1.0
CVE ID         : CVE-2019-1559

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding
oracle attack in OpenSSL.

For the stable distribution (stretch), this problem has been fixed in
version 1.0.2r-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1541 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 01 March 2019 - 06:52 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4401-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
March 01, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150
                 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 CVE-2019-8942
Debian Bug     : 916403

Several vulnerabilities were discovered in Wordpress, a web blogging
tool. They allowed remote attackers to perform various Cross-Side
Scripting (XSS) and PHP injections attacks, delete files, leak
potentially sensitive data, create posts of unauthorized types, or
cause denial-of-service by application crash.

For the stable distribution (stretch), these problems have been fixed in
version 4.7.5+dfsg-2+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1542 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 02 March 2019 - 05:53 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4387-2                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
March 02, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssh
CVE ID         : CVE-2019-6111
Debian Bug     : 923486

It was found that a security update (DSA-4387-1) of OpenSSH, an implementation
of the SSH protocol suite, was incomplete. This update did not completely fix
CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client
implementing the SCP protocol.

For the stable distribution (stretch), this problem has been fixed in
version 1:7.4p1-10+deb9u6.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1543 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 05 March 2019 - 05:10 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4402-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 05, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mumble
CVE ID         : CVE-2018-20743

It was discovered that insufficient restrictions in the connection
handling of Mumble, a low latency encrypted VoIP client, could result in
denial of service.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.18-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1544 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 08 March 2019 - 09:15 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4403-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 08, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.0
CVE ID         : not yet available

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: The EXIF extension had multiple cases
of invalid memory access and rename() was implemented insecurely.

For the stable distribution (stretch), this problem has been fixed in
version 7.0.33-0+deb9u3
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1545 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 10 March 2019 - 06:16 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4404-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
March 09, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-5786

Clement Lecigne discovered a use-after-free issue in chromium's file
reader implementation.  A maliciously crafted file could be used to
remotely execute arbitrary code because of this problem.

This update also fixes a regression introduced in a previous update.  The
browser would always crash when launched in remote debugging mode.

For the stable distribution (stretch), this problem has been fixed in
version 72.0.3626.122-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4405-1                   security@debian.org
https://www.debian.org/security/                            Luciano Bello
March 10, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjpeg2
CVE ID         : CVE-2017-17480 CVE-2018-5785 CVE-2018-6616 CVE-2018-14423
                 CVE-2018-18088
Debian Bug     : 884738 888533 889683 904873 910763

Multiple vulnerabilities have been discovered in openjpeg2, the
open-source JPEG 2000 codec, that could be leveraged to cause a denial
of service or possibly remote code execution.

CVE-2017-17480

    Write stack buffer overflow in the jp3d and jpwl codecs can result
    in a denial of service or remote code execution via a crafted jp3d
    or jpwl file.

CVE-2018-5785

    Integer overflow can result in a denial of service via a crafted bmp
    file.

CVE-2018-6616

    Excessive iteration can result in a denial of service via a crafted
    bmp file.

CVE-2018-14423

    Division-by-zero vulnerabilities can result in a denial of service via
    a crafted j2k file.

CVE-2018-18088

    Null pointer dereference can result in a denial of service via a
    crafted bmp file.


For the stable distribution (stretch), these problems have been fixed in
version 2.1.2-1.1+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1546 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 12 March 2019 - 09:02 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4406-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 12, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : waagent
CVE ID         : CVE-2019-0804

Francis McBratney discovered that the Windows Azure Linux Agent created
swap files with world-readable permissions, resulting in information
disclosure.

For the stable distribution (stretch), this problem has been fixed in
version 2.2.18-3~deb9u2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4407-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 12, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xmltooling
CVE ID         : CVE-2019-9628

Ross Geerlings discovered that the XMLTooling library didn't correctly
handle exceptions on malformed XML declarations, which could result in
denial of service against the application using XMLTooling.

For the stable distribution (stretch), this problem has been fixed in
version 1.6.0-4+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1547 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 17 March 2019 - 08:28 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4408-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 17, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : liblivemedia
CVE ID         : CVE-2019-6256 CVE-2019-7314 CVE-2019-9215

Multiple security issues were discovered in liveMedia, a set of C++
libraries for multimedia streaming which could result in the execution
of arbitrary code or denial of service when parsing a malformed RTSP
stream.
      
For the stable distribution (stretch), these problems have been fixed in
version 2016.11.28-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1548 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 18 March 2019 - 10:06 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4409-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 18, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : neutron
CVE ID         : CVE-2019-9735

Erik Olof Gunnar Andersson discovered that incorrect validation of port
settings in the iptables security group driver of Neutron, the OpenStack
virtual network service, could result in denial of service in a multi
tenant setup.

For the stable distribution (stretch), this problem has been fixed in
version 2:9.1.1-3+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1549 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 20 March 2019 - 07:36 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4410-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-8
CVE ID         : CVE-2019-2422

A memory disclosure vulnerability was discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in information
disclosure or bypass of sandbox restrictions.
    
For the stable distribution (stretch), this problem has been fixed in
version 8u212-b01-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4411-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791
                 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.

For the stable distribution (stretch), these problems have been fixed in
version 60.6.0esr-1~deb9u1.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-4412-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : drupal7
CVE ID         : not yet available

It was discovered that missing input sanitising in the file module of
Drupal, a fully-featured content management framework, could result in
cross-site scripting.

For additional information, please refer to the upstream advisory
at https://www.drupal.o...a-core-2019-004.

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u7.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1550 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 21 March 2019 - 07:13 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4413-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 21, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ntfs-3g
CVE ID         : CVE-2019-9755

A heap-based buffer overflow was discovered in NTFS-3G, a read-write
NTFS driver for FUSE. A local user can take advantage of this flaw for
local root privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 1:2016.2.22AR.1+dfsg-1+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users