Debian 9843 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1363-1: ghostscript security update
DLA 1364-1: openslp-dfsg security update

Debian GNU/Linux 8 and 9:
DSA 4180-1: drupal7 security update



DLA 1363-1: ghostscript security update




Package : ghostscript
Version : 9.05~dfsg-6.3+deb7u8
CVE ID : CVE-2018-10194
Debian Bug : 896069

It was discovered that the set_text_distance function in
base/gdevpdts.c in the pdfwrite component in Ghostscript does not
prevent overflows in text-positioning calculation, which allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PDF document.

For Debian 7 "Wheezy", these problems have been fixed in version
9.05~dfsg-6.3+deb7u8.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1364-1: openslp-dfsg security update




Package : openslp-dfsg
Version : 1.2.1-9+deb7u2
CVE ID : CVE-2017-17833


CVE-2017-17833

An issue has been found in openslp that is related to heap memory
corruption, which may result in a denial-of-service or remote
code execution.


For Debian 7 "Wheezy", these problems have been fixed in version
1.2.1-9+deb7u2.

We recommend that you upgrade your openslp-dfsg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4180-1: drupal7 security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4180-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2018-7602
Debian Bug : 896701

A remote code execution vulnerability has been found in Drupal, a
fully-featured content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.org/sa-core-2018-004

For the oldstable distribution (jessie), this problem has been fixed
in version 7.32-1+deb8u12.

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u4.

We recommend that you upgrade your drupal7 packages.

For the detailed security status of drupal7 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/drupal7

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/