Debian 10229 Published by

The following updates has been released for Debian GNU/Linux:

DLA 1500-1: openssh security update
DSA 4290-1: libextractor security update



DLA 1500-1: openssh security update

Package : openssh
Version : 1:6.7p1-5+deb8u6
CVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564
CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009
CVE-2016-10011 CVE-2016-10012 CVE-2016-10708
CVE-2017-15906
Debian Bug : 790798 793616 795711 848716 848717


Several vulnerabilities have been found in OpenSSH, a free implementation
of the SSH protocol suite:

CVE-2015-5352

OpenSSH incorrectly verified time window deadlines for X connections.
Remote attackers could take advantage of this flaw to bypass intended
access restrictions. Reported by Jann Horn.

CVE-2015-5600

OpenSSH improperly restricted the processing of keyboard-interactive
devices within a single connection, which could allow remote attackers
to perform brute-force attacks or cause a denial of service, in a
non-default configuration.

CVE-2015-6563

OpenSSH incorrectly handled usernames during PAM authentication. In
conjunction with an additional flaw in the OpenSSH unprivileged child
process, remote attackers could make use if this issue to perform user
impersonation. Discovered by Moritz Jodeit.

CVE-2015-6564

Moritz Jodeit discovered a use-after-free flaw in PAM support in
OpenSSH, that could be used by remote attackers to bypass
authentication or possibly execute arbitrary code.

CVE-2016-1908

OpenSSH mishandled untrusted X11 forwarding when the X server disables
the SECURITY extension. Untrusted connections could obtain trusted X11
forwarding privileges. Reported by Thomas Hoger.

CVE-2016-3115

OpenSSH improperly handled X11 forwarding data related to
authentication credentials. Remote authenticated users could make use
of this flaw to bypass intended shell-command restrictions. Identified
by github.com/tintinweb.

CVE-2016-6515

OpenSSH did not limit password lengths for password authentication.
Remote attackers could make use of this flaw to cause a denial of
service via long strings.

CVE-2016-10009

Jann Horn discovered an untrusted search path vulnerability in
ssh-agent allowing remote attackers to execute arbitrary local
PKCS#11 modules by leveraging control over a forwarded agent-socket.

CVE-2016-10011

Jann Horn discovered that OpenSSH did not properly consider the
effects of realloc on buffer contents. This may allow local users to
obtain sensitive private-key information by leveraging access to a
privilege-separated child process.

CVE-2016-10012

Guido Vranken discovered that the OpenSSH shared memory manager
did not ensure that a bounds check was enforced by all compilers,
which could allow local users to gain privileges by leveraging access
to a sandboxed privilege-separation process.

CVE-2016-10708

NULL pointer dereference and daemon crash via an out-of-sequence
NEWKEYS message.

CVE-2017-15906

Michal Zalewski reported that OpenSSH improperly prevent write
operations in readonly mode, allowing attackers to create zero-length
files.

For Debian 8 "Jessie", these problems have been fixed in version
1:6.7p1-5+deb8u6.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4290-1: libextractor security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4290-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 10, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libextractor
CVE ID : CVE-2018-14346 CVE-2018-14347 CVE-2018-16430
Debian Bug : 904903 904905 907987

Several vulnerabilities were discovered in libextractor, a library to
extract arbitrary meta-data from files, which may lead to denial of
service or the execution of arbitrary code if a specially crafted file
is opened.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.3-4+deb9u2.

We recommend that you upgrade your libextractor packages.

For the detailed security status of libextractor please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libextractor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/