PHP-Horde-Crypt, Passenger, Tomcat7 and more updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-10-1 exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 8 LTS:
DLA 1398-1: php-horde-crypt security update
It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email.

DLA 1399-1: ruby-passenger security update
Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible.

DLA 1400-1: tomcat7 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

DLA 1401-1: graphicsmagick security update
Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

DLA 1402-1: exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 9:
DSA 4235-1: firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

DSA 4236-1: xen security update
Multiple vulnerabilities have been discovered in the Xen hypervisor

Imagemagick, PHP5, Plexus-Archiver Updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-9-1 plexus-archiver security update
An arbitrary file write vulnerability was discovered in plexus-archiver, the archiver plugin for the Plexus modular compiler system.

Debian GNU/Linux 8 LTS:
DLA 1394-1: imagemagick security update
Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash) or out of bounds memory access via crafted SUN, BMP, or DIB image files.

DLA 1397-1: php5 security update
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

OpenSSL, GnuGP, Ghostscript, and Perl Updates for Debian 7 Extended LTS

Debian 10713 Published by Philipp Esselbach 0

4 security updates has been released for Debian GUN/Linux 7 Extended LTS:

ELA-4-1 openssl security update
Possible DoS by a malicious server that sends a very large prime value to the client during TLS handshake.

ELA-5-1 gnupg security update
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

ELA-6-1 ghostscript security update
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the potential information disclosure about files for which read permissions are not available.

ELA-7-1 perl security update
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

Bouncycastle and Lava-Server Updates for Debian 9

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux 9:

DSA 4233-1: bouncycastle security update
It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.

DSA 4234-1: lava-server security update
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.

Xen Security Update for Debian 9

Debian 10713 Published by Philipp Esselbach 0

Updated xen packages has been released for Debian GNU/Linux 9 to provide mitigations for the lazy FPU vulnerability affecting a range of Intel CPUs

Git and OpenJDK-7 Updates for Debian 7 Extended LTS

Debian 10713 Published by Philipp Esselbach 0

The following two updates has been released by Freexian for Debian GNU/Linux 7 Extended LTS:

ELA-1-1 git security update
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

ELA-2-1 openjdk-7 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

To enable Extended LTS on your Debian GNU/Linux 7 installation, visit this page: How to use Extended LTS

Redis and Libgcrypt20 Updates for Debian 9

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux 9:

DSA 4230-1: redis security update
Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.

DSA 4231-1: libgcrypt20 security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...