The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 8 LTS:
DLA 1660-2: rssh regression update
DLA 1681-1: gsoap security update
DLA 1682-1: uriparser security update
Debian GNU/Linux 9:
DSA 4393-1: systemd security update
DSA 4394-1: rdesktop security update
DSA 4395-1: chromium security update
Debian GNU/Linux 8 LTS:
DLA 1660-2: rssh regression update
DLA 1681-1: gsoap security update
DLA 1682-1: uriparser security update
Debian GNU/Linux 9:
DSA 4393-1: systemd security update
DSA 4394-1: rdesktop security update
DSA 4395-1: chromium security update
DLA 1660-2: rssh regression update
Package : rssh
Version : 2.3.4-4+deb8u3
Debian Bug : #921655
It was discovered that the fix for the security vulnerability
released for rssh in 2.3.4-4+deb8u2 via DLA-1660-1 introduced a
regression that blocked scp(1) of multiple files from a server
using rssh.
Please see https://bugs.debian.org/921655 for more information.
For Debian 8 "Jessie", this issue has been addressed in rssh
version 2.3.4-4+deb8u3.
We recommend that you upgrade your rssh packages.
DLA 1681-1: gsoap security update
Package : gsoap
Version : 2.8.17-1+deb8u2
CVE ID : CVE-2019-7659
It was discovered that there was a denial of service vulnerability in
gsoap a C/C++ language binding used for SOAP-based web services.
For Debian 8 "Jessie", this issue has been fixed in gsoap version
2.8.17-1+deb8u2.
We recommend that you upgrade your gsoap packages. Thanks to Mattias
Ellert for their assistance in
preparing this update.
DLA 1682-1: uriparser security update
Package : uriparser
Version : 0.8.0.1-2+deb8u2
CVE ID : CVE-2018-20721
Joergen Ibsen reported an issue with uriparser, a URI parsing library
compliant with RFC 3986.
An Out-of-bounds read for incomplete URIs with IPv6 addresses with
embedded IPv4 address, e.g. "//[::44.1", were possible.
For Debian 8 "Jessie", this problem has been fixed in version
0.8.0.1-2+deb8u2.
We recommend that you upgrade your uriparser packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4393-1: systemd security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4393-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 18, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : systemd
CVE ID : CVE-2019-6454
Chris Coulson discovered a flaw in systemd leading to denial of service.
An unprivileged user could take advantage of this issue to crash PID1 by
sending a specially crafted D-Bus message on the system bus.
For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u9.
We recommend that you upgrade your systemd packages.
For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
DSA 4394-1: rdesktop security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4394-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : rdesktop
CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794
CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
CVE-2018-20175 CVE-2018-20176 CVE-2018-20177
CVE-2018-20178 CVE-2018-20179 CVE-2018-20180
CVE-2018-20181 CVE-2018-20182
Multiple security issues were found in the rdesktop RDP client, which
could result in denial of service, information disclosure and the
execution of arbitrary code.
For the stable distribution (stretch), these problems have been fixed in
version 1.8.4-1~deb9u1.
We recommend that you upgrade your rdesktop packages.
For the detailed security status of rdesktop please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rdesktop
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
DSA 4395-1: chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4395-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
February 18, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778
CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
CVE-2019-5783 CVE-2019-5784
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-17481
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5754
Klzgrad discovered an error in the QUIC networking implementation.
CVE-2019-5755
Jay Bosamiya discovered an implementation error in the v8 javascript
library.
CVE-2019-5756
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5757
Alexandru Pitis discovered a type confusion error in the SVG image
format implementation.
CVE-2019-5758
Zhe Jin discovered a use-after-free issue in blink/webkit.
CVE-2019-5759
Almog Benin discovered a use-after-free issue when handling HTML pages
containing select elements.
CVE-2019-5760
Zhe Jin discovered a use-after-free issue in the WebRTC implementation.
CVE-2019-5762
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5763
Guang Gon discovered an input validation error in the v8 javascript
library.
CVE-2019-5764
Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.
CVE-2019-5765
Sergey Toshin discovered a policy enforcement error.
CVE-2019-5766
David Erceg discovered a policy enforcement error.
CVE-2019-5767
Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error
in the WebAPKs user interface.
CVE-2019-5768
Rob Wu discovered a policy enforcement error in the developer tools.
CVE-2019-5769
Guy Eshel discovered an input validation error in blink/webkit.
CVE-2019-5770
hemidallt discovered a buffer overflow issue in the WebGL implementation.
CVE-2019-5772
Zhen Zhou discovered a use-after-free issue in the pdfium library.
CVE-2019-5773
Yongke Wong discovered an input validation error in the IndexDB
implementation.
CVE-2019-5774
Jnghwan Kang and Juno Im discovered an input validation error in the
SafeBrowsing implementation.
CVE-2019-5775
evil1m0 discovered a policy enforcement error.
CVE-2019-5776
Lnyas Zhang discovered a policy enforcement error.
CVE-2019-5777
Khalil Zhani discovered a policy enforcement error.
CVE-2019-5778
David Erceg discovered a policy enforcement error in the Extensions
implementation.
CVE-2019-5779
David Erceg discovered a policy enforcement error in the ServiceWorker
implementation.
CVE-2019-5780
Andreas Hegenberg discovered a policy enforcement error.
CVE-2019-5781
evil1m0 discovered a policy enforcement error.
CVE-2019-5782
Qixun Zhao discovered an implementation error in the v8 javascript library.
CVE-2019-5783
Shintaro Kobori discovered an input validation error in the developer
tools.
CVE-2019-5784
Lucas Pinheiro discovered an implementation error in the v8 javascript
library.
For the stable distribution (stretch), these problems have been fixed in
version 72.0.3626.96-1~deb9u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
