Debian 9859 Published by

The following security updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-34-1 redis security update

Debian GNU/Linux 8 LTS:
DLA 1494-1: gdm3 security update
DLA 1495-1: git-annex security update

Debian GNU/Linux 9:
DSA 4285-1: sympa security update
DSA 4286-1: curl security update



ELA-34-1 redis security update

Package: redis
Version: 2:2.4.14-1+deb7u3
Related CVE: CVE-2018-12326
A buffer overflow vulnerability was discovered in the the redis key-value database. The “redis-cli” tool could have allowed an attacker to achieve code execution and/or escalate to higher privileges via a specially-crafted command line.

For Debian 7 Wheezy, these problems have been fixed in version 2:2.4.14-1+deb7u3.

We recommend that you upgrade your redis packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1494-1: gdm3 security update

Package : gdm3
Version : 3.14.1-7+deb8u1
CVE ID : CVE-2018-14424

The daemon in GDM does not properly unexport display objects from its
D-Bus interface when they are destroyed, which allows a local attacker
to trigger a use-after-free via a specially crafted sequence of D-Bus
method calls, resulting in a denial of service or potential code
execution.

For Debian 8 "Jessie", this problem has been fixed in version
3.14.1-7+deb8u1.

We recommend that you upgrade your gdm3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1495-1: git-annex security update

Package : git-annex
Version : 5.20141125+oops-1+deb8u2
CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859
Debian Bug : 873088

The git-annex package was found to have multiple vulnerabilities when
operating on untrusted data that could lead to arbitrary command
execution and encrypted data exfiltration.

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute
arbitrary commands via an ssh URL with an initial dash character
in the hostname, as demonstrated by an ssh://-eProxyCommand= URL,
a related issue to CVE-2017-9800, CVE-2017-12836,
CVE-2017-1000116, and CVE-2017-1000117.

CVE-2018-10857

git-annex is vulnerable to a private data exposure and
exfiltration attack. It could expose the content of files located
outside the git-annex repository, or content from a private web
server on localhost or the LAN.

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting
files. A malicious server for a special remote could trick
git-annex into decrypting a file that was encrypted to the user's
gpg key. This attack could be used to expose encrypted data that
was never stored in git-annex

For Debian 8 "Jessie", these problems have been fixed in version
5.20141125+oops-1+deb8u2.

We recommend that you upgrade your git-annex packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4285-1: sympa security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4285-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 05, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sympa
CVE ID : CVE-2018-1000550

Michael Kaczmarczik discovered a vulnerability in the web interface
template editing function of Sympa, a mailing list manager. Owner and
listmasters could use this flaw to create or modify arbitrary files in
the server with privileges of sympa user or owner view list config files
even if edit_list.conf prohibits it.

For the stable distribution (stretch), this problem has been fixed in
version 6.2.16~dfsg-3+deb9u1.

We recommend that you upgrade your sympa packages.

For the detailed security status of sympa please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sympa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4286-1: curl security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4286-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
September 05, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2018-14618

Zhaoyang Wu discovered that cURL, an URL transfer library, contains a
buffer overflow in the NTLM authentication code triggered by passwords
that exceed 2GB in length on 32bit systems.

See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.

For the stable distribution (stretch), this problem has been fixed in
version 7.52.1-5+deb9u7.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/