The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1257-1: openssh security update
DLA 1258-1: wireshark security update
Debian GNU/Linux 8 and 9:
DSA 4098-1: curl security update
Debian GNU/Linux 7 LTS:
DLA 1257-1: openssh security update
DLA 1258-1: wireshark security update
Debian GNU/Linux 8 and 9:
DSA 4098-1: curl security update
DLA 1257-1: openssh security update
Package : openssh
Version : 1:6.0p1-4+deb7u7
CVE ID : CVE-2016-10708
OpenSSH was found to be vulnerable to out of order NEWKEYS messages
which could crash the daemon, resulting in a denial of service attack.
For Debian 7 "Wheezy", these problems have been fixed in version
1:6.0p1-4+deb7u7.
We recommend that you upgrade your openssh packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1258-1: wireshark security update
Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u6~deb7u9
CVE ID : CVE-2018-5334 CVE-2018-5335 CVE-2018-5336
Kamil Frankowicz and Young found that several parsers of wireshark could
be crashed by malformed packets.
For Debian 7 "Wheezy", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u6~deb7u9.
We recommend that you upgrade your wireshark packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4098-1: curl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4098-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
January 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2018-1000005 CVE-2018-1000007
Two vulnerabilities were discovered in cURL, an URL transfer library.
CVE-2018-1000005
Zhouyihai Ding discovered an out-of-bounds read in the code
handling HTTP/2 trailers. This issue doesn't affect the oldstable
distribution (jessie).
CVE-2018-1000007
Craig de Stigter discovered that authentication data might be leaked
to third parties when following HTTP redirects.
For the oldstable distribution (jessie), these problems have been fixed
in version 7.38.0-4+deb8u9.
For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u4.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
