Debian 9859 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1445-3: busybox regression update
DLA 1455-1: mutt security update
DLA 1456-1: graphicsmagick security update

Debian GNU/Linux 9:
DSA 4260-1: libmspack security update



DLA 1445-3: busybox regression update




Package : busybox
Version : 1:1.22.0-9+deb8u4

It was found that the security update of busybox announced as
DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking
attack, was too strict in case of cpio archives. This update restores
the old behavior.

For Debian 8 "Jessie", this problem has been fixed in version
1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1455-1: mutt security update

Package : mutt
Version : 1.5.23-3+deb8u1
CVE ID : CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352
CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356
CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360
CVE-2018-14361 CVE-2018-14362 CVE-2018-14363
Debian Bug : 904051


Several vulnerabilities have been discovered in mutt, a sophisticated
text-based Mail User Agent, resulting in denial of service, stack-based
buffer overflow, arbitrary command execution, and directory traversal
flaws.

For Debian 8 "Jessie", these problems have been fixed in version
1.5.23-3+deb8u1.

We recommend that you upgrade your mutt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1456-1: graphicsmagick security update

Package : graphicsmagick
Version : 1.3.20-3+deb8u4
CVE ID : CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638
CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936
CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777
CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277
CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547
CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230
CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018
Debian Bug : 867746 870153 870154 870156 870155 872576 872575 878511
878578 862967 879999

Various vulnerabilities were discovered in graphicsmagick, a collection
of image processing tools and associated libraries, resulting in denial
of service, information disclosure, and a variety of buffer overflows
and overreads.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.20-3+deb8u4.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4260-1: libmspack security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4260-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libmspack
CVE ID : CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
Debian Bug : 904799 904800 904801 904802

Several vulnerabilities were discovered in libsmpack, a library used to
handle Microsoft compression formats. A remote attacker could craft
malicious CAB, CHM or KWAJ files and use these flaws to cause a denial
of service via application crash, or potentially execute arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 0.5-1+deb9u2.

We recommend that you upgrade your libmspack packages.

For the detailed security status of libmspack please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libmspack

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/