Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1551 replies to this topic

#1551 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 24 March 2019 - 12:51 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4414-1                   security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst
March 23, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libapache2-mod-auth-mellon
CVE ID         : CVE-2019-3877 CVE-2019-3878
Debian Bug     : 925197

Several issues have been discovered in Apache module auth_mellon, which
provides SAML 2.0 authentication.

CVE-2019-3877

    It was possible to bypass the redirect URL checking on logout, so
    the module could be used as an open redirect facility.

CVE-2019-3878

    When mod_auth_mellon is used in an Apache configuration which
    serves as a remote proxy with the http_proxy module, it was
    possible to bypass authentication by sending SAML ECP headers.

For the stable distribution (stretch), these problems have been fixed in
version 0.12.0-2+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1552 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,808 posts

Posted 24 March 2019 - 06:07 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4415-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 24, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : passenger
CVE ID         : CVE-2017-16355
Debian Bug     : 884463

An arbitrary file read vulnerability was discovered in passenger, a web
application server. A local user allowed to deploy an application to
passenger, can take advantage of this flaw by creating a symlink from
the REVISION file to an arbitrary file on the system and have its
content displayed through passenger-status.

For the stable distribution (stretch), this problem has been fixed in
version 5.0.30-1+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4416-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 24, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wireshark
CVE ID         : CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719
                 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214
Debian Bug     : 923611

It was discovered that Wireshark, a network traffic analyzer, contained
several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE,
ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of
service.

For the stable distribution (stretch), these problems have been fixed in
version 2.6.7-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4417-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 24, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2019-9810 CVE-2019-9813

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.

For the stable distribution (stretch), these problems have been fixed in
version 60.6.1esr-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users