Debian Security Advisory

    • Offizieller Beitrag

    Package : chromium-browser

    CVE ID : CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061

    CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065

    CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069

    CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073

    CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077

    CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081

    CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086

    CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090

    CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094

    CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098

    CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102

    CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106

    CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110

    CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114

    CVE-2018-6116 CVE-2018-6117

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2018-6056

    lokihardt discovered an error in the v8 javascript library.

    CVE-2018-6057

    Gal Beniamini discovered errors related to shared memory permissions.

    CVE-2018-6060

    Omair discovered a use-after-free issue in blink/webkit.

    CVE-2018-6061

    Guang Gong discovered a race condition in the v8 javascript library.

    CVE-2018-6062

    A heap overflow issue was discovered in the v8 javascript library.

    CVE-2018-6063

    Gal Beniamini discovered errors related to shared memory permissions.

    CVE-2018-6064

    lokihardt discovered a type confusion error in the v8 javascript

    library.

    CVE-2018-6065

    Mark Brand discovered an integer overflow issue in the v8 javascript

    library.

    CVE-2018-6066

    Masato Kinugawa discovered a way to bypass the Same Origin Policy.

    CVE-2018-6067

    Ned Williamson discovered a buffer overflow issue in the skia library.

    CVE-2018-6068

    Luan Herrera discovered object lifecycle issues.

    CVE-2018-6069

    Wanglu and Yangkang discovered a stack overflow issue in the skia

    library.

    CVE-2018-6070

    Rob Wu discovered a way to bypass the Content Security Policy.

    CVE-2018-6071

    A heap overflow issue was discovered in the skia library.

    CVE-2018-6072

    Atte Kettunen discovered an integer overflow issue in the pdfium

    library.

    CVE-2018-6073

    Omair discover a heap overflow issue in the WebGL implementation.

    CVE-2018-6074

    Abdulrahman Alqabandi discovered a way to cause a downloaded web page

    to not contain a Mark of the Web.

    CVE-2018-6075

    Inti De Ceukelaire discovered a way to bypass the Same Origin Policy.

    CVE-2018-6076

    Mateusz Krzeszowiec discovered that URL fragment identifiers could be

    handled incorrectly.

    CVE-2018-6077

    Khalil Zhani discovered a timing issue.

    CVE-2018-6078

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6079

    Ivars discovered an information disclosure issue.

    CVE-2018-6080

    Gal Beniamini discovered an information disclosure issue.

    CVE-2018-6081

    Rob Wu discovered a cross-site scripting issue.

    CVE-2018-6082

    WenXu Wu discovered a way to bypass blocked ports.

    CVE-2018-6083

    Jun Kokatsu discovered that AppManifests could be handled incorrectly.

    CVE-2018-6085

    Ned Williamson discovered a use-after-free issue.

    CVE-2018-6086

    Ned Williamson discovered a use-after-free issue.

    CVE-2018-6087

    A use-after-free issue was discovered in the WebAssembly implementation.

    CVE-2018-6088

    A use-after-free issue was discovered in the pdfium library.

    CVE-2018-6089

    Rob Wu discovered a way to bypass the Same Origin Policy.

    CVE-2018-6090

    ZhanJia Song discovered a heap overflow issue in the skia library.

    CVE-2018-6091

    Jun Kokatsu discovered that plugins could be handled incorrectly.

    CVE-2018-6092

    Natalie Silvanovich discovered an integer overflow issue in the

    WebAssembly implementation.

    CVE-2018-6093

    Jun Kokatsu discovered a way to bypass the Same Origin Policy.

    CVE-2018-6094

    Chris Rohlf discovered a regression in garbage collection hardening.

    CVE-2018-6095

    Abdulrahman Alqabandi discovered files could be uploaded without user

    interaction.

    CVE-2018-6096

    WenXu Wu discovered a user interface spoofing issue.

    CVE-2018-6097

    xisigr discovered a user interface spoofing issue.

    CVE-2018-6098

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6099

    Jun Kokatsu discovered a way to bypass the Cross Origin Resource

    Sharing mechanism.

    CVE-2018-6100

    Lnyas Zhang dsicovered a URL spoofing issue.

    CVE-2018-6101

    Rob Wu discovered an issue in the developer tools remote debugging

    protocol.

    CVE-2018-6102

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6103

    Khalil Zhani discovered a user interface spoofing issue.

    CVE-2018-6104

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6105

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6106

    lokihardt discovered that v8 promises could be handled incorrectly.

    CVE-2018-6107

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6108

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6109

    Dominik Weber discovered a way to misuse the FileAPI feature.

    CVE-2018-6110

    Wenxiang Qian discovered that local plain text files could be handled

    incorrectly.

    CVE-2018-6111

    Khalil Zhani discovered a use-after-free issue in the developer tools.

    CVE-2018-6112

    Khalil Zhani discovered incorrect handling of URLs in the developer

    tools.

    CVE-2018-6113

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6114

    Lnyas Zhang discovered a way to bypass the Content Security Policy.

    CVE-2018-6116

    Chengdu Security Response Center discovered an error when memory

    is low.

    CVE-2018-6117

    Spencer Dailey discovered an error in form autofill settings.

    For the oldstable distribution (jessie), security support for chromium

    has been discontinued.

    For the stable distribution (stretch), these problems have been fixed in

    version 66.0.3359.117-1~deb9u1.

    We recommend that you upgrade your chromium-browser packages.

    For the detailed security status of chromium-browser please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/chromium-browser

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : tor

    CVE ID : CVE-2018-0490

    It has been discovered that Tor, a connection-based low-latency

    anonymous communication system, contains a protocol-list handling bug

    that could be used to remotely crash directory authorities with a

    null-pointer exception (TROVE-2018-001).

    For the stable distribution (stretch), this problem has been fixed in

    version 0.2.9.15-1.

    We recommend that you upgrade your tor packages.

    For the detailed security status of tor please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/tor

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : sdl-image1.2

    CVE ID : CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441

    CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837

    CVE-2018-3838 CVE-2018-3839

    Debian Bug : 878267

    Multiple vulnerabilities have been discovered in the image loading

    library for Simple DirectMedia Layer 1.2, which could result in denial

    of service or the execution of arbitrary code if malformed image files

    are opened.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 1.2.12-5+deb8u1.

    For the stable distribution (stretch), these problems have been fixed in

    version 1.2.12-5+deb9u1.

    We recommend that you upgrade your sdl-image1.2 packages.

    For the detailed security status of sdl-image1.2 please refer to its

    security tracker page at:

    https://security-tracker.debian.org/tracker/sdl-image1.2

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : openjdk-8

    CVE ID : CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796

    CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800

    CVE-2018-2814 CVE-2018-2815

    Several vulnerabilities have been discovered in OpenJDK, an

    implementation of the Oracle Java platform, resulting in denial of

    service, sandbox bypass, execution of arbitrary code or bypass of JAR

    signature validation.

    For the stable distribution (stretch), these problems have been fixed in

    version 8u171-b11-1~deb9u1.

    We recommend that you upgrade your openjdk-8 packages.

    For the detailed security status of openjdk-8 please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/openjdk-8

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : gunicorn

    CVE ID : CVE-2018-1000164

    It was discovered that gunicorn, an event-based HTTP/WSGI server was

    susceptible to HTTP Response splitting.

    For the oldstable distribution (jessie), this problem has been fixed

    in version 19.0-1+deb8u1.

    We recommend that you upgrade your gunicorn packages.

    For the detailed security status of gunicorn please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/gunicorn

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753

    CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911

    CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017

    CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241

    CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332

    CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927

    CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757

    CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004

    CVE-2018-1000199

    Several vulnerabilities have been discovered in the Linux kernel that

    may lead to a privilege escalation, denial of service or information

    leaks.

    CVE-2015-9016

    Ming Lei reported a race condition in the multiqueue block layer

    (blk-mq). On a system with a driver using blk-mq (mtip32xx,

    null_blk, or virtio_blk), a local user might be able to use this

    for denial of service or possibly for privilege escalation.

    CVE-2017-0861

    Robb Glasser reported a potential use-after-free in the ALSA (sound)

    PCM core. We believe this was not possible in practice.

    CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various

    processors supporting speculative execution, enabling an attacker

    controlling an unprivileged process to read memory from arbitrary

    addresses, including from the kernel and all other processes

    running on the system.

    This specific attack has been named Spectre variant 2 (branch

    target injection) and is mitigated for the x86 architecture (amd64

    and i386) by using the "retpoline" compiler feature which allows

    indirect branches to be isolated from speculative execution.

    CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various

    processors supporting speculative execution, enabling an attacker

    controlling an unprivileged process to read memory from arbitrary

    addresses, including from the kernel and all other processes

    running on the system.

    This specific attack has been named Spectre variant 1

    (bounds-check bypass) and is mitigated by identifying vulnerable

    code sections (array bounds checking followed by array access) and

    replacing the array access with the speculation-safe

    array_index_nospec() function.

    More use sites will be added over time.

    CVE-2017-13166

    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling

    code has been found. Memory protections ensuring user-provided

    buffers always point to userland memory were disabled, allowing

    destination addresses to be in kernel space. On a 64-bit kernel a

    local user with access to a suitable video device can exploit this

    to overwrite kernel memory, leading to privilege escalation.

    CVE-2017-13220

    Al Viro reported that the Bluetooth HIDP implementation could

    dereference a pointer before performing the necessary type check.

    A local user could use this to cause a denial of service.

    CVE-2017-16526

    Andrey Konovalov reported that the UWB subsystem may dereference

    an invalid pointer in an error case. A local user might be able

    to use this for denial of service.

    CVE-2017-16911

    Secunia Research reported that the USB/IP vhci_hcd driver exposed

    kernel heap addresses to local users. This information could aid the

    exploitation of other vulnerabilities.

    CVE-2017-16912

    Secunia Research reported that the USB/IP stub driver failed to

    perform a range check on a received packet header field, leading

    to an out-of-bounds read. A remote user able to connect to the

    USB/IP server could use this for denial of service.

    CVE-2017-16913

    Secunia Research reported that the USB/IP stub driver failed to

    perform a range check on a received packet header field, leading

    to excessive memory allocation. A remote user able to connect to

    the USB/IP server could use this for denial of service.

    CVE-2017-16914

    Secunia Research reported that the USB/IP stub driver failed to

    check for an invalid combination of fields in a received packet,

    leading to a null pointer dereference. A remote user able to

    connect to the USB/IP server could use this for denial of service.

    CVE-2017-18017

    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module

    failed to validate TCP header lengths, potentially leading to a

    use-after-free. If this module is loaded, it could be used by a

    remote attacker for denial of service or possibly for code

    execution.

    CVE-2017-18203

    Hou Tao reported that there was a race condition in creation and

    deletion of device-mapper (DM) devices. A local user could

    potentially use this for denial of service.

    CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a

    necessary lock during nodemanager sysfs file operations,

    potentially leading to a null pointer dereference. A local user

    could use this for denial of service.

    CVE-2017-18232

    Jason Yan reported a race condition in the SAS (Serial-Attached

    SCSI) subsystem, between probing and destroying a port. This

    could lead to a deadlock. A physically present attacker could

    use this to cause a denial of service.

    CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly

    initialise its state if the "noflush_merge" mount option is used.

    A local user with access to a filesystem mounted with this option

    could use this to cause a denial of service.

    CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation

    would dereference a null pointer if the server sent an invalid

    response during NTLMSSP setup negotiation. This could be used

    by a malicious server for denial of service.

    CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of

    ebtables did not sufficiently validate offset values. On a 64-bit

    kernel, a local user with the CAP_NET_ADMIN capability (in any user

    namespace) could use this to overwrite kernel memory, possibly

    leading to privilege escalation. Debian disables unprivileged user

    namespaces by default.

    CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would

    trigger a null dereference when mounted. A local user able

    to mount arbitrary filesystems could use this for denial of

    service.

    CVE-2018-5332

    Mohamed Ghannam reported that the RDS protocol did not

    sufficiently validate RDMA requests, leading to an out-of-bounds

    write. A local attacker on a system with the rds module loaded

    could use this for denial of service or possibly for privilege

    escalation.

    CVE-2018-5333

    Mohamed Ghannam reported that the RDS protocol did not properly

    handle an error case, leading to a null pointer dereference. A

    local attacker on a system with the rds module loaded could

    possibly use this for denial of service.

    CVE-2018-5750

    Wang Qize reported that the ACPI sbshc driver logged a kernel heap

    address. This information could aid the exploitation of other

    vulnerabilities.

    CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check

    the length of chunks to be created. A local or remote user could

    use this to cause a denial of service.

    CVE-2018-6927

    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did

    not check for negative parameter values, which might lead to a

    denial of service or other security impact.

    CVE-2018-7492

    The syzkaller tool found that the RDS protocol was lacking a null

    pointer check. A local attacker on a system with the rds module

    loaded could use this for denial of service.

    CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)

    sequencer core, between write and ioctl operations. This could

    lead to an out-of-bounds access or use-after-free. A local user

    with access to a sequencer device could use this for denial of

    service or possibly for privilege escalation.

    CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation

    did not properly range-check the file offset. A local user with

    access to files on a hugetlbfs filesystem could use this to cause

    a denial of service.

    CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached

    SCSI) subsystem. A local user on a system with SAS devices

    could use this to cause a denial of service.

    CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE

    (Machine Check Exception) driver. This is unlikely to have

    any security impact.

    CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap

    operation did not properly range-check the file offset. A local

    user with access to a udl framebuffer device could exploit this to

    overwrite kernel memory, leading to privilege escalation.

    CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client

    implementation did not validate reply lengths from the server. An

    ncpfs server could use this to cause a denial of service or

    remote code execution in the client.

    CVE-2018-1000004

    Luo Quan reported a race condition in the ALSA (sound) sequencer

    core, between multiple ioctl operations. This could lead to a

    deadlock or use-after-free. A local user with access to a

    sequencer device could use this for denial of service or possibly

    for privilege escalation.

    CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not

    sufficiently validate hardware breakpoint settings. Local users

    can use this to cause a denial of service, or possibly for

    privilege escalation, on x86 (amd64 and i386) and possibly other

    architectures.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 3.16.56-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193

    CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224

    CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066

    CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108

    CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740

    CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781

    CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

    Several vulnerabilities have been discovered in the Linux kernel that

    may lead to a privilege escalation, denial of service or information

    leaks.

    CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various

    processors supporting speculative execution, enabling an attacker

    controlling an unprivileged process to read memory from arbitrary

    addresses, including from the kernel and all other processes

    running on the system.

    This specific attack has been named Spectre variant 2 (branch

    target injection) and is mitigated for the x86 architecture (amd64

    and i386) by using the "retpoline" compiler feature which allows

    indirect branches to be isolated from speculative execution.

    CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various

    processors supporting speculative execution, enabling an attacker

    controlling an unprivileged process to read memory from arbitrary

    addresses, including from the kernel and all other processes

    running on the system.

    This specific attack has been named Spectre variant 1

    (bounds-check bypass) and is mitigated by identifying vulnerable

    code sections (array bounds checking followed by array access) and

    replacing the array access with the speculation-safe

    array_index_nospec() function.

    More use sites will be added over time.

    CVE-2017-17975

    Tuba Yavuz reported a use-after-free flaw in the USBTV007

    audio-video grabber driver. A local user could use this for denial

    of service by triggering failure of audio registration.

    CVE-2017-18193

    Yunlei He reported that the f2fs implementation does not properly

    handle extent trees, allowing a local user to cause a denial of

    service via an application with multiple threads.

    CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a

    necessary lock during nodemanager sysfs file operations,

    potentially leading to a null pointer dereference. A local user

    could use this for denial of service.

    CVE-2017-18218

    Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet

    driver. A local user could use this for denial of service.

    CVE-2017-18222

    It was reported that the Hisilicon Network Subsystem (HNS) driver

    implementation does not properly handle ethtool private flags. A

    local user could use this for denial of service or possibly have

    other impact.

    CVE-2017-18224

    Alex Chen reported that the OCFS2 filesystem omits the use of a

    semaphore and consequently has a race condition for access to the

    extent tree during read operations in DIRECT mode. A local user

    could use this for denial of service.

    CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly

    initialise its state if the "noflush_merge" mount option is used.

    A local user with access to a filesystem mounted with this option

    could use this to cause a denial of service.

    CVE-2017-18257

    It was reported that the f2fs implementation is prone to an infinite

    loop caused by an integer overflow in the __get_data_block()

    function. A local user can use this for denial of service via

    crafted use of the open and fallocate system calls with an

    FS_IOC_FIEMAP ioctl.

    CVE-2018-1065

    The syzkaller tool found a NULL pointer dereference flaw in the

    netfilter subsystem when handling certain malformed iptables

    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN

    capability (in any user namespace) could use this to cause a denial

    of service. Debian disables unprivileged user namespaces by default.

    CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation

    would dereference a null pointer if the server sent an invalid

    response during NTLMSSP setup negotiation. This could be used

    by a malicious server for denial of service.

    CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of

    ebtables did not sufficiently validate offset values. On a 64-bit

    kernel, a local user with the CAP_NET_ADMIN capability (in any user

    namespace) could use this to overwrite kernel memory, possibly

    leading to privilege escalation. Debian disables unprivileged user

    namespaces by default.

    CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would

    trigger a null dereference when mounted. A local user able

    to mount arbitrary filesystems could use this for denial of

    service.

    CVE-2018-1093

    Wen Xu reported that a crafted ext4 filesystem image could trigger

    an out-of-bounds read in the ext4_valid_block_bitmap() function. A

    local user able to mount arbitrary filesystems could use this for

    denial of service.

    CVE-2018-1108

    Jann Horn reported that crng_ready() does not properly handle the

    crng_init variable states and the RNG could be treated as

    cryptographically safe too early after system boot.

    CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check

    the length of chunks to be created. A local or remote user could

    use this to cause a denial of service.

    CVE-2018-7480

    Hou Tao discovered a double-free flaw in the blkcg_init_queue()

    function in block/blk-cgroup.c. A local user could use this to cause

    a denial of service or have other impact.

    CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)

    sequencer core, between write and ioctl operations. This could

    lead to an out-of-bounds access or use-after-free. A local user

    with access to a sequencer device could use this for denial of

    service or possibly for privilege escalation.

    CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation

    did not properly range-check the file offset. A local user with

    access to files on a hugetlbfs filesystem could use this to cause

    a denial of service.

    CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached

    SCSI) subsystem. A local user on a system with SAS devices

    could use this to cause a denial of service.

    CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE

    (Machine Check Exception) driver. This is unlikely to have

    any security impact.

    CVE-2018-8087

    A memory leak flaw was found in the hwsim_new_radio_nl() function in

    the simulated radio testing tool driver for mac80211, allowing a

    local user to cause a denial of service.

    CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap

    operation did not properly range-check the file offset. A local

    user with access to a udl framebuffer device could exploit this to

    overwrite kernel memory, leading to privilege escalation.

    CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client

    implementation did not validate reply lengths from the server. An

    ncpfs server could use this to cause a denial of service or

    remote code execution in the client.

    CVE-2018-10323

    Wen Xu reported a NULL pointer dereference flaw in the

    xfs_bmapi_write() function triggered when mounting and operating a

    crafted xfs filesystem image. A local user able to mount arbitrary

    filesystems could use this for denial of service.

    CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not

    sufficiently validate hardware breakpoint settings. Local users

    can use this to cause a denial of service, or possibly for

    privilege escalation, on x86 (amd64 and i386) and possibly other

    architectures.

    For the stable distribution (stretch), these problems have been fixed in

    version 4.9.88-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : quassel

    CVE ID : CVE-2018-1000178 CVE-2018-1000179

    Two vulnerabilities were found in the Quassel IRC client, which could

    result in the execution of arbitrary code or denial of service.

    Note that you need to restart the 'quasselcore' service after upgrading

    the Quassel packages.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 1:0.10.0-2.3+deb8u4.

    For the stable distribution (stretch), these problems have been fixed in

    version 1:0.12.4-2+deb9u1.

    We recommend that you upgrade your quassel packages.

    For the detailed security status of quassel please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/quassel

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : jackson-databind

    CVE ID : CVE-2018-7489

    Debian Bug : 891614

    It was discovered that jackson-databind, a Java library used to parse

    JSON and other data formats, improperly validated user input prior to

    deserializing because of an incomplete fix for CVE-2017-7525.

    For the oldstable distribution (jessie), this problem has been fixed

    in version 2.4.2-2+deb8u4.

    For the stable distribution (stretch), this problem has been fixed in

    version 2.8.6-1+deb9u4.

    We recommend that you upgrade your jackson-databind packages.

    For the detailed security status of jackson-databind please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/jackson-databind

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : redmine

    CVE ID : CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571

    CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575

    CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026

    Debian Bug : 882544 882545 882547 882548 887307

    Multiple vulnerabilities were discovered in Redmine, a project

    management web application. They could lead to remote code execution,

    information disclosure or cross-site scripting attacks.

    For the stable distribution (stretch), these problems have been fixed in

    version 3.3.1-4+deb9u1.

    We recommend that you upgrade your redmine packages.

    In addition, this message serves as an announcement that security

    support for redmine in the Debian 8 oldstable release (jessie) is now

    discontinued.

    Users of redmine in Debian 8 that want security updates are strongly

    encouraged to upgrade now to the current Debian 9 stable release

    (stretch).

    For the detailed security status of redmine please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/redmine

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : libmad

    CVE ID : CVE-2017-8372 CVE-2017-8373 CVE-2017-8374

    Several vulnerabilities were discovered in MAD, an MPEG audio decoder

    library, which could result in denial of service if a malformed audio

    file is processed.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 0.15.1b-8+deb8u1.

    For the stable distribution (stretch), these problems have been fixed in

    version 0.15.1b-8+deb9u1.

    We recommend that you upgrade your libmad packages.

    For the detailed security status of libmad please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/libmad

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wordpress

    CVE ID : CVE-2018-10100 CVE-2018-10101 CVE-2018-10102

    Debian Bug : 895034

    Several vulnerabilities were discovered in wordpress, a web blogging

    tool, which could allow remote attackers to compromise a site via

    cross-site scripting, bypass restrictions or unsafe redirects. More

    information can be found in the upstream advisory at

    https://wordpress.org/news/2018/04/w…enance-release/

    For the oldstable distribution (jessie), these problems have been fixed

    in version 4.1+dfsg-1+deb8u17.

    For the stable distribution (stretch), these problems have been fixed in

    version 4.7.5+dfsg-2+deb9u3.

    We recommend that you upgrade your wordpress packages.

    For the detailed security status of wordpress please refer to its

    security tracker page at:

    https://security-tracker.debian.org/tracker/wordpress

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : lucene-solr

    CVE ID : CVE-2018-1308

    An XML external entity expansion vulnerability was discovered in the

    DataImportHandler of Solr, a search server based on Lucene, which could

    result in information disclosure.

    For the oldstable distribution (jessie), this problem has been fixed

    in version 3.6.2+dfsg-5+deb8u2.

    For the stable distribution (stretch), this problem has been fixed in

    version 3.6.2+dfsg-10+deb9u2.

    We recommend that you upgrade your lucene-solr packages.

    For the detailed security status of lucene-solr please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/lucene-solr

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wget

    CVE ID : CVE-2018-0494

    Debian Bug : 898076

    Harry Sintonen discovered that wget, a network utility to retrieve files

    from the web, does not properly handle '\r\n' from continuation lines

    while parsing the Set-Cookie HTTP header. A malicious web server could

    use this flaw to inject arbitrary cookies to the cookie jar file, adding

    new or replacing existing cookie values.

    For the oldstable distribution (jessie), this problem has been fixed

    in version 1.16-1+deb8u5.

    For the stable distribution (stretch), this problem has been fixed in

    version 1.18-5+deb9u2.

    We recommend that you upgrade your wget packages.

    For the detailed security status of wget please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/wget

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2018-1087 CVE-2018-8897

    Debian Bug : 897427 897599 898067 898100

    Several vulnerabilities have been discovered in the Linux kernel that

    may lead to a privilege escalation or denial of service.

    CVE-2018-1087

    Andy Lutomirski discovered that the KVM implementation did not

    properly handle #DB exceptions while deferred by MOV SS/POP SS,

    allowing an unprivileged KVM guest user to crash the guest or

    potentially escalate their privileges.

    CVE-2018-8897

    Nick Peterson of Everdox Tech LLC discovered that #DB exceptions

    that are deferred by MOV SS or POP SS are not properly handled,

    allowing an unprivileged user to crash the kernel and cause a denial

    of service.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 3.16.56-1+deb8u1. This update includes various fixes for

    regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427,

    #898067 and #898100).

    For the stable distribution (stretch), these problems have been fixed in

    version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1

    is temporarily reverted due to various regression, cf. #897599.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wavpack

    CVE ID : CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539

    CVE-2018-10540

    Multiple vulnerabilities were discovered in the wavpack audio codec which

    could result in denial of service or the execution of arbitrary code if

    malformed media files are processed.

    The oldstable distribution (jessie) is not affected.

    For the stable distribution (stretch), these problems have been fixed in

    version 5.0.0-2+deb9u2.

    We recommend that you upgrade your wavpack packages.

    For the detailed security status of wavpack please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/wavpack

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : prosody

    CVE ID : CVE-2017-18265

    Debian Bug : 875829

    Albert Dengg discovered that incorrect parsing of <stream:error> messages

    in the Prosody Jabber/XMPP server may result in denial of service.

    The oldstable distribution (jessie) is not affected.

    For the stable distribution (stretch), this problem has been fixed in

    version 0.9.12-2+deb9u1.

    We recommend that you upgrade your prosody packages.

    For the detailed security status of prosody please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/prosody

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157

    CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178

    CVE-2018-5183

    Several security issues have been found in the Mozilla Firefox web

    browser: Multiple memory safety errors and other implementation errors

    may lead to the execution of arbitrary code or denial of service.

    For the oldstable distribution (jessie), these problems have been fixed

    in version 52.8.0esr-1~deb8u1.

    For the stable distribution (stretch), these problems have been fixed in

    version 52.8.0esr-1~deb9u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : kwallet-pam

    CVE ID : CVE-2018-10380

    Fabian Vogt discovered that incorrect permission handling in the PAM

    module of the KDE Wallet could allow an unprivileged local user to gain

    ownership of arbitrary files.

    For the stable distribution (stretch), this problem has been fixed in

    version 5.8.4-1+deb9u2.

    We recommend that you upgrade your kwallet-pam packages.

    For the detailed security status of kwallet-pam please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/kwallet-pam

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : xen

    CVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981

    CVE-2018-10982

    Multiple vulnerabilities have been discovered in the Xen hypervisor:

    CVE-2018-8897

    Andy Lutomirski and Nick Peterson discovered that incorrect handling

    of debug exceptions could result in privilege escalation.

    CVE-2018-10471

    An error was discovered in the mitigations against Meltdown which

    could result in denial of service.

    CVE-2018-10472

    Anthony Perard discovered that incorrect parsing of CDROM images

    can result in information disclosure.

    CVE-2018-10981

    Jan Beulich discovered that malformed device models could result

    in denial of service.

    CVE-2018-10982

    Roger Pau Monne discovered that incorrect handling of high precision

    event timers could result in denial of service and potentially

    privilege escalation.

    For the stable distribution (stretch), these problems have been fixed in

    version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.

    We recommend that you upgrade your xen packages.

    For the detailed security status of xen please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/xen

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/