Debian 10230 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1816-1: otrs2 security update
DLA 1817-1: libgd2 security update

Debian GNU/Linux 9:
DSA 4459-1: vlc security update
DSA 4460-1: mediawiki security update
DSA 4461-1: zookeeper security update



DLA 1816-1: otrs2 security update




Package : otrs2
Version : 3.3.18-1+deb8u10
CVE ID : CVE-2019-12248 CVE-2019-12497

Two security vulnerabilities were discovered in the Open Ticket
Request System that could lead to information disclosure or privilege
escalation. New configuration options were added to resolve those
problems.

CVE-2019-12248

An attacker could send a malicious email to an OTRS system. If a
logged in agent user quotes it, the email could cause the browser to
load external image resources.

CVE-2019-12497

In the customer or external frontend, personal information of agents
can be disclosed like Name and mail address in external notes.

For Debian 8 "Jessie", these problems have been fixed in version
3.3.18-1+deb8u10.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1817-1: libgd2 security update




Package : libgd2
Version : 2.1.0-5+deb8u13
CVE ID : CVE-2019-11038
Debian Bug : 929821


An unitialized read was discovered in the XBM support of libgd2, a
library for programmatic graphics creation and manipulation. The
unitialized read might lead to information disclosure.

For Debian 8 "Jessie", this problem has been fixed in version
2.1.0-5+deb8u13.

We recommend that you upgrade your libgd2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- --
Jonas Meurer


DSA 4459-1: vlc security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4459-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : vlc
CVE ID : not yet available

Multiple security issues were discovered in the VLC media player, which
could result in the execution of arbitrary code or denial of service if
a malformed file/stream is processed.

For the stable distribution (stretch), these problems have been fixed in
version 3.0.7-0+deb9u1.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4460-1: mediawiki security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4460-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468
CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472
CVE-2019-12473 CVE-2019-12474

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which may result in authentication
bypass, denial of service, cross-site scripting, information disclosure
and bypass of anti-spam measures.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.7-1~deb9u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4461-1: zookeeper security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4461-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : zookeeper
CVE ID : CVE-2019-0201

Harrison Neil discovered that the getACL() command in Zookeeper, a
service for maintaining configuration information, did not validate
permissions, which could result in information disclosure.

For the stable distribution (stretch), this problem has been fixed in
version 3.4.9-3+deb9u2.

We recommend that you upgrade your zookeeper packages.

For the detailed security status of zookeeper please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zookeeper

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/