The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1344-1: squirrelmail security update
DLA 1348-1: patch security update
DLA 1349-1: linux-tools security update
Debian GNU/Linux 9:
DSA 4173-1: r-cran-readxl security update
Debian GNU/Linux 7 LTS:
DLA 1344-1: squirrelmail security update
DLA 1348-1: patch security update
DLA 1349-1: linux-tools security update
Debian GNU/Linux 9:
DSA 4173-1: r-cran-readxl security update
DLA 1344-1: squirrelmail security update
Package : squirrelmail
Version : 2:1.4.23~svn20120406-2+deb7u2
CVE ID : CVE-2018-8741
Debian Bug : 893202
Florian Grunow and Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.
For Debian 7 "Wheezy", these problems have been fixed in version
2:1.4.23~svn20120406-2+deb7u2.
We recommend that you upgrade your squirrelmail packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1348-1: patch security update
Package : patch
Version : 2.6.1-3+deb7u1
CVE ID : CVE-2018-1000156
Debian Bug : #894993
It was discovered that there was an input validation vulnerability in the
patch(1) utility where an ed(1) script embedded in a regular input file
could result in arbitrary code execution. This was reported by Rachel
Kroll [0] et al.
For Debian 7 "Wheezy", this issue has been fixed in patch version
2.6.1-3+deb7u1.
We recommend that you upgrade your patch packages.
[0] https://rachelbythebay.com/w/2018/04/05/bangpatch/
DLA 1349-1: linux-tools security update
Package : linux-tools
Version : 3.2.101-1
Debian Bug : 693667 696957 708994
This update doesn't fix a vulnerability in linux-tools, but provides
support for building Linux kernel modules with the "retpoline"
mitigation for CVE-2017-5715 (Spectre variant 2).
This update also includes bug fixes from the upstream Linux 3.2 stable
branch up to and including 3.2.101.
For Debian 7 "Wheezy", these problems have been fixed in version
3.2.101-1.
We recommend that you upgrade your linux-tools packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4173-1: r-cran-readxl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4173-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : r-cran-readxl
CVE ID : CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12110
CVE-2017-12111
Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R
package to read Excel files (via the integrated libxls library), which
could result in the execution of arbitrary code if a malformed
spreadsheet is processed.
For the stable distribution (stretch), these problems have been fixed in
version 0.1.1-1+deb9u1.
We recommend that you upgrade your r-cran-readxl packages.
For the detailed security status of r-cran-readxl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/r-cran-readxl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
