Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1613 replies to this topic

#1601 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 14 July 2019 - 07:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4482-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 14, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712
                 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730

Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code, cross-site
scripting, spoofing, information disclosure, denial of service or
cross-site request forgery.

CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in
buster Thunderbird uses the system-wide copy of NSS which will be updated
separately.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:60.8.0-1~deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 1:60.8.0-1~deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1602 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 16 July 2019 - 07:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 16, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2019-9848 CVE-2019-9849

Two security issues have been discovered in LibreOffice:

CVE-2019-9848

    Nils Emmerich discovered that malicious documents could execute
    arbitrary Python code via LibreLogo.

CVE-2019-9849

    Matei Badanoiu discovered that the stealth mode did not apply to
    bullet graphics.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:5.2.7-1+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:6.1.5-3+deb10u2.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1603 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 21 July 2019 - 09:49 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4484-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 20, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2019-13272

Jann Horn discovered that the ptrace subsystem in the Linux kernel
mishandles the management of the credentials of a process that wants to
create a ptrace relationship, allowing a local user to obtain root
privileges under certain scenarios.

For the oldstable distribution (stretch), this problem has been fixed
in version 4.9.168-1+deb9u4.

For the stable distribution (buster), this problem has been fixed in
version 4.19.37-5+deb10u1. This update includes as well a patch for a
regression introduced by the original fix for CVE-2019-11478 (#930904).
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1604 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 21 July 2019 - 07:15 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4485-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 21, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-8
CVE ID         : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
                 CVE-2019-2816 CVE-2019-2842

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in information disclosure, denial of service or bypass of
sandbox restrictions. In addition the implementation of elliptic curve
cryptography was modernised.

For the oldstable distribution (stretch), these problems have been fixed
in version 8u222-b10-1~deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 21, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-11
CVE ID         : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
                 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in information disclosure, denial of service or bypass of
sandbox restrictions. In addition the implementation of elliptic curve
cryptography was modernised.

For the stable distribution (buster), these problems have been fixed in
version 11.0.4+11-1~deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1605 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 23 July 2019 - 08:17 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4487-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 23, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : neovim
CVE ID         : CVE-2019-12735

User "Arminius" discovered a vulnerability in Vim, an enhanced version of the
standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an
extensible editor focused on modern code and features:
  
Editors typically provide a way to embed editor configuration commands (aka
modelines) which are executed once a file is opened, while harmful commands
are filtered by a sandbox mechanism. It was discovered that the "source"
command (used to include and execute another file) was not filtered, allowing
shell command execution with a carefully crafted file opened in Neovim.

For the oldstable distribution (stretch), this problem has been fixed
in version 0.1.7-4+deb9u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1606 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 25 July 2019 - 08:27 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4488-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 25, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : exim4
CVE ID         : CVE-2019-13917

Jeremy Harris discovered that Exim, a mail transport agent, does not
properly handle the ${sort } expansion. This flaw can be exploited by a
remote attacker to execute programs with root privileges in non-default
(and unusual) configurations where ${sort } expansion is used for items
that can be controlled by an attacker.

For the oldstable distribution (stretch), this problem has been fixed
in version 4.89-2+deb9u5.

For the stable distribution (buster), this problem has been fixed in
version 4.92-8+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1607 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 27 July 2019 - 10:14 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4489-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 27, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : patch
CVE ID         : CVE-2019-13636 CVE-2019-13638
Debian Bug     : 932401 933140

Imre Rad discovered several vulnerabilities in GNU patch, leading to
shell command injection or escape from the working directory and access
and overwrite files, if specially crafted patch files are processed.

This update includes a bugfix for a regression introduced by the patch
to address CVE-2018-1000156 when applying an ed-style patch (#933140).

For the oldstable distribution (stretch), these problems have been fixed
in version 2.7.5-1+deb9u2.

For the stable distribution (buster), these problems have been fixed in
version 2.7.6-3+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1608 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 01 August 2019 - 02:20 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4490-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 01, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
CVE ID         : CVE-2018-11782 CVE-2019-0203

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2018-11782

    Ace Olszowka reported that the Subversion's svnserve server process
    may exit when a well-formed read-only request produces a particular
    answer, leading to a denial of service.

CVE-2019-0203

    Tomas Bortoli reported that the Subversion's svnserve server process
    may exit when a client sends certain sequences of protocol commands.
    If the server is configured with anonymous access enabled this could
    lead to a remote unauthenticated denial of service.

For the oldstable distribution (stretch), these problems have been fixed
in version 1.9.5-1+deb9u4.

For the stable distribution (buster), these problems have been fixed in
version 1.10.4-1+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1609 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 04 August 2019 - 08:07 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4491-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 04, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
CVE ID         : CVE-2019-12815
Debian Bug     : 932453

Tobias Maedel discovered that the mod_copy module of ProFTPD, a
FTP/SFTP/FTPS server, performed incomplete permission validation for
the CPFR/CPTO commands.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.3.5b-4+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 1.3.6-4+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1610 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 08 August 2019 - 07:35 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4492-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 08, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-9.6
CVE ID         : CVE-2019-10208

A issue has been discovered in the PostgreSQL database system, which
could result in privilege escalation.

For additional information please refer to the upstream announcement at
https://www.postgres...bout/news/1960/

For the oldstable distribution (stretch), these problems have been fixed
in version 9.6.15-0+deb9u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4493-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 08, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-11
CVE ID         : CVE-2019-10208 CVE-2019-10209

Two security issues have been discovered in the PostgreSQL database
system, which could result in privilege escalation, denial of service or
memory disclosure.

For additional information please refer to the upstream announcement at
https://www.postgres...bout/news/1960/
  
For the stable distribution (buster), these problems have been fixed in
version 11.5-1+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1611 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 14 August 2019 - 08:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4497-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
August 13, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-8553 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856
                 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207
                 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648
                 CVE-2019-14283 CVE-2019-14284

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2015-8553

    Jan Beulich discovered that CVE-2015-2150 was not completely
    addressed.  If a PCI physical function is passed through to a
    Xen guest, the guest is able to access its memory and I/O
    regions before enabling decoding of those regions.  This could
    result in a denial-of-service (unexpected NMI) on the host.

    The fix for this is incompatible with qemu versions before 2.5.

(CVE ID not yet assigned)

    Denis Andzakovic reported a missing type check in the IPv4 multicast
    routing implementation. A user with the CAP_NET_ADMIN capability (in
    any user namespace) could use this for denial-of-service (memory
    corruption or crash) or possibly for privilege escalation.

CVE-2018-5995

    ADLab of VenusTech discovered that the kernel logged the virtual
    addresses assigned to per-CPU data, which could make it easier to
    exploit other vulnerabilities.

CVE-2018-20836

    chenxiang reported a race condition in libsas, the kernel
    subsystem supporting Serial Attached SCSI (SAS) devices, which
    could lead to a use-after-free.  It is not clear how this might be
    exploited.

CVE-2018-20856

    Xiao Jin reported a potential double-free in the block subsystem,
    in case an error occurs while initialising the I/O scheduler for a
    block device.  It is not clear how this might be exploited.

CVE-2019-1125

    It was discovered that most x86 processors could speculatively
    skip a conditional SWAPGS instruction used when entering the
    kernel from user mode, and/or could speculatively execute it when
    it should be skipped.  This is a subtype of Spectre variant 1,
    which could allow local users to obtain sensitive information from
    the kernel or other processes.  It has been mitigated by using
    memory barriers to limit speculative execution.  Systems using an
    i386 kernel are not affected as the kernel does not use SWAPGS.

CVE-2019-3882

    It was found that the vfio implementation did not limit the number
    of DMA mappings to device memory.  A local user granted ownership
    of a vfio device could use this to cause a denial of service
    (out-of-memory condition).

CVE-2019-3900

    It was discovered that vhost drivers did not properly control the
    amount of work done to service requests from guest VMs.  A
    malicious guest could use this to cause a denial-of-service
    (unbounded CPU usage) on the host.

CVE-2019-10207

    The syzkaller tool found a potential null dereference in various
    drivers for UART-attached Bluetooth adapters.  A local user with
    access to a pty device or other suitable tty device could use this
    for denial-of-service (BUG/oops).

CVE-2019-10638

    Amit Klein and Benny Pinkas discovered that the generation of IP
    packet IDs used a weak hash function, "jhash".  This could enable
    tracking individual computers as they communicate with different
    remote servers and from different networks.  The "siphash"
    function is now used instead.

CVE-2019-10639

    Amit Klein and Benny Pinkas discovered that the generation of IP
    packet IDs used a weak hash function that incorporated a kernel
    virtual address.  This hash function is no longer used for IP IDs,
    although it is still used for other purposes in the network stack.

CVE-2019-13631

    It was discovered that the gtco driver for USB input tablets could
    overrun a stack buffer with constant data while parsing the device's
    descriptor.  A physically present user with a specially
    constructed USB device could use this to cause a denial-of-service
    (BUG/oops), or possibly for privilege escalation.

CVE-2019-13648

    Praveen Pandey reported that on PowerPC (ppc64el) systems without
    Transactional Memory ™, the kernel would still attempt to
    restore TM state passed to the sigreturn() system call.  A local
    user could use this for denial-of-service (oops).

CVE-2019-14283

    The syzkaller tool found a missing bounds check in the floppy disk
    driver.  A local user with access to a floppy disk device, with a
    disk present, could use this to read kernel memory beyond the
    I/O buffer, possibly obtaining sensitive information.

CVE-2019-14284

    The syzkaller tool found a potential division-by-zero in the
    floppy disk driver.  A local user with access to a floppy disk
    device could use this for denial-of-service (oops).

(CVE ID not yet assigned)

    Denis Andzakovic reported a possible use-after-free in the
    TCP sockets implementation.  A local user could use this for
    denial-of-service (memory corruption or crash) or possibly
    for privilege escalation.

(CVE ID not yet assigned)

    The netfilter conntrack subsystem used kernel addresses as
    user-visible IDs, which could make it easier to exploit other
    security vulnerabilities.

XSA-300

    Julien Grall reported that Linux does not limit the amount of memory
    which a domain will attempt to baloon out, nor limits the amount of
    "foreign / grant map" memory which any individual guest can consume,
    leading to denial of service conditions (for host or guests).

For the oldstable distribution (stretch), these problems have been fixed
in version 4.9.168-1+deb9u5.

For the stable distribution (buster), these problems were mostly fixed
in version 4.19.37-5+deb10u2 or earlier.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4500-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
August 12, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
                 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813
                 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
                 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823
                 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
                 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831
                 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836
                 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840
                 CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849
                 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
                 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857
                 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
                 CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867
                 CVE-2019-5868

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-5805

    A use-after-free issue was discovered in the pdfium library.

CVE-2019-5806

    Wen Xu discovered an integer overflow issue in the Angle library.

CVE-2019-5807

    TimGMichaud discovered a memory corruption issue in the v8 javascript
    library.

CVE-2019-5808

    cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5809

    Mark Brand discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5810

    Mark Amery discovered an information disclosure issue.

CVE-2019-5811

    Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
    feature.

CVE-2019-5813

    Aleksandar Nikolic discovered an out-of-bounds read issue in the v8
    javascript library.

CVE-2019-5814

    @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource
    Sharing feature.

CVE-2019-5815

    Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.

CVE-2019-5818

    Adrian Tolbaru discovered an uninitialized value issue.

CVE-2019-5819

    Svyat Mitin discovered an error in the developer tools.

CVE-2019-5820

    pdknsk discovered an integer overflow issue in the pdfium library.

CVE-2019-5821

    pdknsk discovered another integer overflow issue in the pdfium library.

CVE-2019-5822

    Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
    feature.

CVE-2019-5823

    David Erceg discovered a navigation error.

CVE-2019-5824

    leecraso and Guang Gong discovered an error in the media player.

CVE-2019-5825

    Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an
    out-of-bounds write issue in the v8 javascript library.

CVE-2019-5826

    Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a
    use-after-free issue.

CVE-2019-5827

    mlfbrown discovered an out-of-bounds read issue in the sqlite library.

CVE-2019-5828

    leecraso and Guang Gong discovered a use-after-free issue.

CVE-2019-5829

    Lucas Pinheiro discovered a use-after-free issue.

CVE-2019-5830

    Andrew Krashichkov discovered a credential error in the Cross-Origin
    Resource Sharing feature.

CVE-2019-5831

    yngwei discovered a map error in the v8 javascript library.

CVE-2019-5832

    Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing
    feature.

CVE-2019-5833

    Khalil Zhani discovered a user interface error.

CVE-2019-5834

    Khalil Zhani discovered a URL spoofing issue.

CVE-2019-5836

    Omair discovered a buffer overflow issue in the Angle library.

CVE-2019-5837

    Adam Iawniuk discovered an information disclosure issue.

CVE-2019-5838

    David Erceg discovered an error in extension permissions.

CVE-2019-5839

    Masato Kinugawa discovered implementation errors in Blink/Webkit.

CVE-2019-5840

    Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

CVE-2019-5842

    BUGFENSE discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5847

    m3plex discovered an error in the v8 javascript library.

CVE-2019-5848

    Mark Amery discovered an information disclosure issue.

CVE-2019-5849

    Zhen Zhou discovered an out-of-bounds read in the Skia library.

CVE-2019-5850

    Brendon Tiszka discovered a use-after-free issue in the offline page
    fetcher.

CVE-2019-5851

    Zhe Jin discovered a use-after-poison issue.

CVE-2019-5852

    David Erceg discovered an information disclosure issue.

CVE-2019-5853

    Yngwei and sakura discovered a memory corruption issue.

CVE-2019-5854

    Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5855

    Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5856

    Yongke Wang discovered an error related to file system URL permissions.

CVE-2019-5857

    cloudfuzzer discovered a way to crash chromium.

CVE-2019-5858

    evil1m0 discovered an information disclosure issue.

CVE-2019-5859

    James Lee discovered a way to launch alternative browsers.

CVE-2019-5860

    A use-after-free issue was discovered in the v8 javascript library.

CVE-2019-5861

    Robin Linus discovered an error determining click location.

CVE-2019-5862

    Jun Kokatsu discovered an error in the AppCache implementation.

CVE-2019-5864

    Devin Grindle discovered an error in the Cross-Origin Resourse Sharing
    feature for extensions.

CVE-2019-5865

    Ivan Fratric discovered a way to bypass the site isolation feature.

CVE-2019-5867

    Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript
    library.

CVE-2019-5868

    banananapenguin discovered a use-after-free issue in the v8 javascript
    library.

For the stable distribution (buster), these problems have been fixed in
version 76.0.3809.100-1~deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1612 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 15 August 2019 - 10:39 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 15, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2019-9850 CVE-2019-9851 CVE-2019-9852

It was discovered that the code fixes to address CVE-2018-16858 and
CVE-2019-9848 were not complete.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:5.2.7-1+deb9u10.

For the stable distribution (buster), these problems have been fixed in
version 1:6.1.5-3+deb10u3.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1613 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted 16 August 2019 - 06:23 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 16, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
CVE ID         : CVE-2019-12730

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (buster), this problem has been fixed in
version 7:4.1.4-1~deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#1614 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,944 posts

Posted Yesterday, 06:57 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4503-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 18, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : golang-1.11
CVE ID         : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809

Three vulnerabilities have been discovered in the Go programming language;
"net/url" accepted some invalid hosts in URLs which could result in
authorisation bypass in some applications and the HTTP/2 implementation
was susceptible to denial of service.

For the stable distribution (buster), these problems have been fixed in
version 1.11.6-1+deb10u1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

2 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


    Google (1)