Debian 9844 Published by

The folowing updates has been released for Debian GNU/Linux 7 LTS:

DLA 1382-1: thunderbird security update
DLA 1383-1: xen security update
DLA 1384-1: xdg-utils security update



DLA 1382-1: thunderbird security update




Package : thunderbird
Version : 1:52.8.0-1~deb7u1
CVE ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159
CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170
CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or attacks on
encrypted emails.

For Debian 7 "Wheezy", these problems have been fixed in version
1:52.8.0-1~deb7u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1383-1: xen security update




Package : xen
Version : 4.1.6.lts1-14
CVE ID : CVE-2018-8897 CVE-2018-10981 CVE-2018-10982

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, informations leaks or privilege
escalation.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.lts1-14.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1384-1: xdg-utils security update





Package : xdg-utils
Version : 1.1.0~rc1+git20111210-6+deb7u4
CVE ID : CVE-2017-18266
Debian Bug : 898317


It was found that the open_envvar function in xdg-utils does not
validate strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0~rc1+git20111210-6+deb7u4.

We recommend that you upgrade your xdg-utils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS