Debian Security Advisory

    • Offizieller Beitrag

    Package : php7.0

    CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546

    CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

    Several vulnerabilities were found in PHP, a widely-used open source

    general purpose scripting language:

    CVE-2018-7584

    Buffer underread in parsing HTTP responses

    CVE-2018-10545

    Dumpable FPM child processes allowed the bypass of opcache access

    controls

    CVE-2018-10546

    Denial of service via infinite loop in convert.iconv stream filter

    CVE-2018-10547

    The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete

    CVE-2018-10548

    Denial of service via malformed LDAP server responses

    CVE-2018-10549

    Out-of-bounds read when parsing malformed JPEG files

    For the stable distribution (stretch), these problems have been fixed in

    version 7.0.30-0+deb9u1.

    We recommend that you upgrade your php7.0 packages.

    For the detailed security status of php7.0 please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/php7.0

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : libsoup2.4

    CVE ID : CVE-2018-12910

    It was discovered that the Soup HTTP library performed insuffient

    validation of cookie requests which could result in an out-of-bounds

    memory read.

    For the stable distribution (stretch), this problem has been fixed in

    version 2.56.0-2+deb9u2.

    We recommend that you upgrade your libsoup2.4 packages.

    For the detailed security status of libsoup2.4 please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/libsoup2.4

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ruby-sprockets

    CVE ID : CVE-2018-3760

    Debian Bug : 901913

    Orange Tsai discovered a path traversal flaw in ruby-sprockets, a

    Rack-based asset packaging system. A remote attacker can take advantage

    of this flaw to read arbitrary files outside an application's root

    directory via specially crafted requests, when the Sprockets server is

    used in production.

    For the stable distribution (stretch), this problem has been fixed in

    version 3.7.0-1+deb9u1.

    We recommend that you upgrade your ruby-sprockets packages.

    For the detailed security status of ruby-sprockets please refer to its

    security tracker page at:

    https://security-tracker.debian.org/tracker/ruby-sprockets

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : cups

    CVE ID : CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182

    CVE-2018-4183 CVE-2018-6553

    Several vulnerabilities were discovered in CUPS, the Common UNIX Printing

    System. These issues have been identified with the following CVE ids:

    CVE-2017-15400

    Rory McNamara discovered that an attacker is able to execute arbitrary

    commands (with the privilege of the CUPS daemon) by setting a

    malicious IPP server with a crafted PPD file.

    CVE-2018-4180

    Dan Bastone of Gotham Digital Science discovered that a local

    attacker with access to cupsctl could escalate privileges by setting

    an environment variable.

    CVE-2018-4181

    Eric Rafaloff and John Dunlap of Gotham Digital Science discovered

    that a local attacker can perform limited reads of arbitrary files

    as root by manipulating cupsd.conf.

    CVE-2018-4182

    Dan Bastone of Gotham Digital Science discovered that an attacker

    with sandboxed root access can execute backends without a sandbox

    profile by provoking an error in CUPS' profile creation.

    CVE-2018-4183

    Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered

    that an attacker with sandboxed root access can execute arbitrary

    commands as unsandboxed root by modifying /etc/cups/cups-files.conf

    CVE-2018-6553

    Dan Bastone of Gotham Digital Science discovered that an attacker

    can bypass the AppArmor cupsd sandbox by invoking the dnssd backend

    using an alternate name that has been hard linked to dnssd.


    For the stable distribution (stretch), these problems have been fixed in

    version 2.2.1-8+deb9u2.

    We recommend that you upgrade your cups packages.

    For the detailed security status of cups please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/cups

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360

    CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365

    CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374

    Multiple security issues have been found in Thunderbird, which may lead

    to the execution of arbitrary code, denial of service or attacks on

    encrypted emails.

    For the stable distribution (stretch), these problems have been fixed in

    version 1:52.9.1-1~deb9u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : imagemagick

    CVE ID : CVE-2018-5248 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600

    This update fixes several vulnerabilities in Imagemagick, a graphical

    software suite. Various memory handling problems or incomplete input

    sanitising could result in denial of service or the execution of

    arbitrary code.

    For the stable distribution (stretch), these problems have been fixed in

    version 8:6.9.7.4+dfsg-11+deb9u5.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : mailman

    CVE ID : CVE-2018-0618

    Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered

    that mailman, a web-based mailing list manager, is prone to a cross-site

    scripting flaw allowing a malicious listowner to inject scripts into the

    listinfo page, due to not validated input in the host_name field.

    For the stable distribution (stretch), this problem has been fixed in

    version 1:2.1.23-1+deb9u3.

    We recommend that you upgrade your mailman packages.

    For the detailed security status of mailman please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/mailman

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ruby-rack-protection

    CVE ID : CVE-2018-1000119

    A timing attack was discovered in the function for CSRF token validation

    of the "Ruby rack protection" framework.

    For the stable distribution (stretch), this problem has been fixed in

    version 1.5.3-2+deb9u1.

    We recommend that you upgrade your ruby-rack-protection packages.

    For the detailed security status of ruby-rack-protection please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/ruby-rack-protection

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : blender

    CVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902

    CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906

    CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081

    CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100

    CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104

    CVE-2017-12105

    Multiple vulnerabilities have been discovered in various parsers of

    Blender, a 3D modeller/ renderer. Malformed .blend model files and

    malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may

    result in the execution of arbitrary code.

    For the stable distribution (stretch), these problems have been fixed in

    version 2.79.b+dfsg0-1~deb9u1.

    We recommend that you upgrade your blender packages.

    For the detailed security status of blender please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/blender

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ffmpeg

    CVE ID : CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001

    CVE-2018-12458 CVE-2018-13300 CVE-2018-13302

    Several vulnerabilities have been discovered in the FFmpeg multimedia

    framework, which could result in denial of service or potentially the

    execution of arbitrary code if malformed files/streams are processed.

    For the stable distribution (stretch), these problems have been fixed in

    version 7:3.2.11-1~deb9u1.

    We recommend that you upgrade your ffmpeg packages.

    For the detailed security status of ffmpeg please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/ffmpeg

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wordpress

    CVE ID : CVE-2018-12895

    Debian Bug : 902876

    A vulnerability was discovered in Wordpress, a web blogging tool. It

    allowed remote attackers with specific roles to execute arbitrary

    code.

    For the stable distribution (stretch), this problem has been fixed in

    version 4.7.5+dfsg-2+deb9u4.

    We recommend that you upgrade your wordpress packages.

    For the detailed security status of wordpress please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/wordpress

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : vlc

    CVE ID : CVE-2018-11529

    A use-after-free was discovered in the MP4 demuxer of the VLC media

    player, which could result in the execution of arbitrary code if a

    malformed media file is played.

    For the stable distribution (stretch), this problem has been fixed in

    version 3.0.3-1-0+deb9u1.

    We recommend that you upgrade your vlc packages.

    For the detailed security status of vlc please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/vlc

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : znc

    CVE ID : CVE-2018-14055 CVE-2018-14056

    Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which

    could result in privilege escalation or denial of service.

    For the stable distribution (stretch), these problems have been fixed in

    version 1.6.5-1+deb9u1.

    We recommend that you upgrade your znc packages.

    For the detailed security status of znc please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/znc

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : network-manager-vpnc

    CVE ID : CVE-2018-10900

    Debian Bug : 904255

    Denis Andzakovic discovered that network-manager-vpnc, a plugin to

    provide VPNC support for NetworkManager, is prone to a privilege

    escalation vulnerability. A newline character can be used to inject a

    Password helper parameter into the configuration data passed to vpnc,

    allowing a local user with privileges to modify a system connection to

    execute arbitrary commands as root.

    For the stable distribution (stretch), this problem has been fixed in

    version 1.2.4-4+deb9u1.

    We recommend that you upgrade your network-manager-vpnc packages.

    For the detailed security status of network-manager-vpnc please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/network-manager-vpnc

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : slurm-llnl

    CVE ID : CVE-2018-7033 CVE-2018-10995

    Debian Bug : 893044 900548

    Several vulnerabilities were discovered in the Simple Linux Utility for

    Resource Management (SLURM), a cluster resource management and job

    scheduling system. The Common Vulnerabilities and Exposures project

    identifies the following problems:

    CVE-2018-7033

    Incomplete sanitization of user-provided text strings could lead to

    SQL injection attacks against slurmdbd.

    CVE-2018-10995

    Insecure handling of user_name and gid fields leading to improper

    authentication handling.

    For the stable distribution (stretch), these problems have been fixed in

    version 16.05.9-1+deb9u2.

    We recommend that you upgrade your slurm-llnl packages.

    For the detailed security status of slurm-llnl please refer to its

    security tracker page at:

    https://security-tracker.debian.org/tracker/slurm-llnl

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ant

    CVE ID : CVE-2018-10886

    Danny Grander reported that the unzip and untar tasks in ant, a Java

    based build tool like make, allow the extraction of files outside a

    target directory. An attacker can take advantage of this flaw by

    submitting a specially crafted Zip or Tar archive to an ant build to

    overwrite any file writable by the user running ant.

    For the stable distribution (stretch), this problem has been fixed in

    version 1.9.9-1+deb9u1.

    We recommend that you upgrade your ant packages.

    For the detailed security status of ant please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/ant

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium-browser

    CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151

    CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155

    CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159

    CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164

    CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168

    CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172

    CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176

    CVE-2018-6177 CVE-2018-6178 CVE-2018-6179

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2018-4117

    AhsanEjaz discovered an information leak.

    CVE-2018-6044

    Rob Wu discovered a way to escalate privileges using extensions.

    CVE-2018-6150

    Rob Wu discovered an information disclosure issue (this problem was

    fixed in a previous release but was mistakenly omitted from upstream's

    announcement at the time).

    CVE-2018-6151

    Rob Wu discovered an issue in the developer tools (this problem was

    fixed in a previous release but was mistakenly omitted from upstream's

    announcement at the time).

    CVE-2018-6152

    Rob Wu discovered an issue in the developer tools (this problem was

    fixed in a previous release but was mistakenly omitted from upstream's

    announcement at the time).

    CVE-2018-6153

    Zhen Zhou discovered a buffer overflow issue in the skia library.

    CVE-2018-6154

    Omair discovered a buffer overflow issue in the WebGL implementation.

    CVE-2018-6155

    Natalie Silvanovich discovered a use-after-free issue in the WebRTC

    implementation.

    CVE-2018-6156

    Natalie Silvanovich discovered a buffer overflow issue in the WebRTC

    implementation.

    CVE-2018-6157

    Natalie Silvanovich discovered a type confusion issue in the WebRTC

    implementation.

    CVE-2018-6158

    Zhe Jin discovered a use-after-free issue.

    CVE-2018-6159

    Jun Kokatsu discovered a way to bypass the same origin policy.

    CVE-2018-6161

    Jun Kokatsu discovered a way to bypass the same origin policy.

    CVE-2018-6162

    Omair discovered a buffer overflow issue in the WebGL implementation.

    CVE-2018-6163

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6164

    Jun Kokatsu discovered a way to bypass the same origin policy.

    CVE-2018-6165

    evil1m0 discovered a URL spoofing issue.

    CVE-2018-6166

    Lynas Zhang discovered a URL spoofing issue.

    CVE-2018-6167

    Lynas Zhang discovered a URL spoofing issue.

    CVE-2018-6168

    Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross

    Origin Resource Sharing policy.

    CVE-2018-6169

    Sam P discovered a way to bypass permissions when installing

    extensions.

    CVE-2018-6170

    A type confusion issue was discovered in the pdfium library.

    CVE-2018-6171

    A use-after-free issue was discovered in the WebBluetooth

    implementation.

    CVE-2018-6172

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6173

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6174

    Mark Brand discovered an integer overflow issue in the swiftshader

    library.

    CVE-2018-6175

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6176

    Jann Horn discovered a way to escalate privileges using extensions.

    CVE-2018-6177

    Ron Masas discovered an information leak.

    CVE-2018-6178

    Khalil Zhani discovered a user interface spoofing issue.

    CVE-2018-6179

    It was discovered that information about files local to the system

    could be leaked to extensions.

    This version also fixes a regression introduced in the previous security

    update that could prevent decoding of particular audio/video codecs.

    For the stable distribution (stretch), these problems have been fixed in

    version 68.0.3440.75-1~deb9u1.

    We recommend that you upgrade your chromium-browser packages.

    For the detailed security status of chromium-browser please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/chromium-browser

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ffmpeg

    CVE ID : CVE-2018-14395

    Several vulnerabilities have been discovered in the FFmpeg multimedia

    framework, which could result in denial of service or potentially the

    execution of arbitrary code if malformed files/streams are processed.

    For the stable distribution (stretch), this problem has been fixed in

    version 7:3.2.12-1~deb9u1.

    We recommend that you upgrade your ffmpeg packages.

    For the detailed security status of ffmpeg please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/ffmpeg

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : fuse

    CVE ID : CVE-2018-10906

    Debian Bug : 904439

    Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the

    bypass of the 'user_allow_other' restriction when SELinux is active

    (including in permissive mode). A local user can take advantage of this

    flaw in the fusermount utility to bypass the system configuration and

    mount a FUSE filesystem with the 'allow_other' mount option.

    For the stable distribution (stretch), this problem has been fixed in

    version 2.9.7-1+deb9u1.

    We recommend that you upgrade your fuse packages.

    For the detailed security status of fuse please refer to its security

    tracker page at:

    https://security-tracker.debian.org/tracker/fuse

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ruby2.3

    CVE ID : CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914

    CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780

    CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075

    CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078

    CVE-2018-1000079

    Several vulnerabilities have been discovered in the interpreter for the

    Ruby language, which may result in incorrect processing of HTTP/FTP,

    directory traversal, command injection, unintended socket creation or

    information disclosure.

    This update also fixes several issues in RubyGems which could allow an

    attacker to use specially crafted gem files to mount cross-site scripting

    attacks, cause denial of service through an infinite loop, write arbitrary

    files, or run malicious code.

    For the stable distribution (stretch), these problems have been fixed in

    version 2.3.3-1+deb9u3.

    We recommend that you upgrade your ruby2.3 packages.

    For the detailed security status of ruby2.3 please refer to

    its security tracker page at:

    https://security-tracker.debian.org/tracker/ruby2.3

    Further information about Debian Security Advisories, how to apply

    these updates to your system and frequently asked questions can be

    found at: https://www.debian.org/security/