Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1587 replies to this topic

#1576 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 23 May 2019 - 09:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4448-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 22, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-18511 CVE-2019-5798  CVE-2019-7317  CVE-2019-9797
                 CVE-2019-9800  CVE-2019-9816  CVE-2019-9817  CVE-2019-9819
                 CVE-2019-9820  CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
                 CVE-2019-11698

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 60.7.0esr-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4449-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 22, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
CVE ID         : CVE-2018-15822 CVE-2018-1999011 CVE-2019-9718
                 CVE-2019-11338

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
      
For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.14-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1577 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 25 May 2019 - 10:19 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4450-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
May 24, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wpa
CVE ID         : CVE-2019-11555
Debian Bug     : 927463

A vulnerability was found in the WPA protocol implementation found in
wpa_supplication (station) and hostapd (access point).

The EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) doesn't properly validate fragmentation reassembly state when receiving
an unexpected fragment. This could lead to a process crash due to a NULL
pointer derefrence.

An attacker in radio range of a station or access point with EAP-pwd support
could cause a crash of the relevant process (wpa_supplicant or hostapd),
ensuring a denial of service.

For the stable distribution (stretch), this problem has been fixed in
version 2:2.4-1+deb9u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4451-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 24, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
                 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819
                 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
                 CVE-2019-11698

Multiple security issues have been found in Thunderbird: Multiple
vulnerabilities may lead to the execution of arbitrary code or denial of
service.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.7.0-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4452-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 24, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jackson-databind
CVE ID         : CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718
                 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360
                 CVE-2018-19361 CVE-2018-19362 CVE-2019-12086

Multiple security issues were found in jackson-databind, a Java library
to parse JSON and other data formats which could result in information
disclosure or the execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 2.8.6-1+deb9u5.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1578 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 29 May 2019 - 07:47 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4453-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 29, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-8
CVE ID         : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service or sandbox bypass.

For the stable distribution (stretch), these problems have been fixed in
version 8u212-b03-2~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1579 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 31 May 2019 - 07:32 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4454-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 30, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2018-11806 CVE-2018-12617 CVE-2018-16872 CVE-2018-17958
                 CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489
                 CVE-2019-3812 CVE-2019-6778 CVE-2019-9824 CVE-2019-12155

Multiple security issues were discovered in QEMU, a fast processor
emulator, which could result in denial of service, the execution of
arbitrary code or information disclosure.

In addition this update backports support to passthrough the new
md-clear CPU flag added in the intel-microcode update shipped in DSA 4447
to x86-based guests.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u6.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1580 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 04 June 2019 - 02:04 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4455-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 03, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : heimdal
CVE ID         : CVE-2018-16860 CVE-2019-12098
Debian Bug     : 928966 929064

Several vulnerabilities were discovered in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos.

CVE-2018-16860

    Isaac Boukris and Andrew Bartlett discovered that Heimdal was
    susceptible to man-in-the-middle attacks caused by incomplete
    checksum validation. Details on the issue can be found in the Samba
    advisory at https://www.samba.or...2018-16860.html

CVE-2019-12098

    It was discovered that failure of verification of the PA-PKINIT-KX key
    exchange client-side could permit to perform man-in-the-middle attack.

For the stable distribution (stretch), these problems have been fixed in
version 7.1.0+dfsg-13+deb9u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1581 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 05 June 2019 - 08:07 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4456-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 05, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : exim4
CVE ID         : CVE-2019-10149

The Qualys Research Labs reported a flaw in Exim, a mail transport
agent. Improper validation of the recipient address in the
deliver_message() function may result in the execution of arbitrary
commands.

For the stable distribution (stretch), this problem has been fixed in
version 4.89-2+deb9u4.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1582 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 06 June 2019 - 07:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4454-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 06, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
Debian Bug     : 929067

Vincent Tondellier reported that the qemu update issued as DSA 4454-1
did not correctly backport the support to define the md-clear bit to
allow mitigation of the MDS vulnerabilities. Updated qemu packages are
now available to correct this issue.

For the stable distribution (stretch), this problem has been fixed in
version 1:2.8+dfsg-6+deb9u7.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1583 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 07 June 2019 - 08:13 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4457-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 07, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : evolution
CVE ID         : CVE-2018-15587
Debian Bug     : 924616

Hanno Böck discovered that Evolution was vulnerable to OpenPGP
signatures being spoofed for arbitrary messages using a specially
crafted HTML email. This issue was mitigated by moving the security
bar with encryption and signature information above the message
headers.

For the stable distribution (stretch), this problem has been fixed in
version 3.22.6-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1584 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 08 June 2019 - 10:26 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4458-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 08, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cyrus-imapd
CVE ID         : CVE-2019-11356

A flaw was discovered in the CalDAV feature in httpd of the Cyrus IMAP
server, leading to denial of service or potentially the execution of
arbitrary code via a crafted HTTP PUT operation for an event with a long
iCalendar property name.

For the stable distribution (stretch), this problem has been fixed in
version 2.5.10-3+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1585 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 11 June 2019 - 07:05 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4459-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 12, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : not yet available

Multiple security issues were discovered in the VLC media player, which
could result in the execution of arbitrary code or denial of service if
a malformed file/stream is processed.

For the stable distribution (stretch), these problems have been fixed in
version 3.0.7-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4460-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 12, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468
                 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472
                 CVE-2019-12473 CVE-2019-12474

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which may result in authentication
bypass, denial of service, cross-site scripting, information disclosure
and bypass of anti-spam measures.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.7-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4461-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 12, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : zookeeper
CVE ID         : CVE-2019-0201

Harrison Neil discovered that the getACL() command in Zookeeper, a
service for maintaining configuration information, did not validate
permissions, which could result in information disclosure.

For the stable distribution (stretch), this problem has been fixed in
version 3.4.9-3+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1586 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 13 June 2019 - 07:07 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4462-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 13, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dbus
CVE ID         : CVE-2019-12749
Debian Bug     : 930375

Joe Vennix discovered an authentication bypass vulnerability in dbus, an
asynchronous inter-process communication system. The implementation of
the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a
symbolic link attack. A local attacker could take advantage of this flaw
to bypass authentication and connect to a DBusServer with elevated
privileges.

The standard system and session dbus-daemons in their default
configuration are not affected by this vulnerability.

The vulnerability was addressed by upgrading dbus to a new upstream
version 1.10.28 which includes additional fixes.

For the stable distribution (stretch), this problem has been fixed in
version 1.10.28-0+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1587 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 14 June 2019 - 07:31 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4463-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 14, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : znc
CVE ID         : CVE-2019-9917 CVE-2019-12816
Debian Bug     : 925285

Two vulnerabilities were discovered in the ZNC IRC bouncer which could
result in remote code execution (CVE-2019-12816) or denial of service
via invalid encoding (CVE-2019-9917).

For the stable distribution (stretch), these problems have been fixed in
version 1.6.5-1+deb9u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1588 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,890 posts

Posted 15 June 2019 - 08:55 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4464-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 15, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706

Multiple security issues have been found in Thunderbird which may lead
to the execution of arbitrary code if malformed email messages are read.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.7.1-1~deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users