Debian 9859 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1678-1: thunderbird security update
DLA 1679-1: php5 security update

Debian GNU/Linux 9:
DSA 4392-1: thunderbird security update



DLA 1678-1: thunderbird security update




Package : thunderbird
Version : 1:60.5.1-1~deb8u1
CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505.
CVE-2018-18509 CVE-2019-5785

Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code, denial of service
or spoofing of S/MIME signatures.

For Debian 8 "Jessie", these problems have been fixed in version
1:60.5.1-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1679-1: php5 security update

Package : php5
Version : 5.6.40+dfsg-0+deb8u1


Several security bugs have been identified and fixed in php5, a
server-side, HTML-embedded scripting language. The affected components
include GD graphics, multi-byte string handling, phar file format
handling, and xmlrpc.

CVEs have not yet been assigned. Once the CVE assignments are
announced, the Debian Security Tracker will be updated with the relevant
information.

For Debian 8 "Jessie", this problems have been fixed in version
5.6.40+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4392-1: thunderbird security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501
CVE-2018-18505 CVE-2018-18509 CVE-2019-5785

Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code, denial of service
or spoofing of S/MIME signatures.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.5.1-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/