Debian 10232 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 and 9:
DSA 4217-1: wireshark security update
It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.

Debian GNU/Linux 9:
DSA 4191-2: redmine regression update
The previous security update for redmine caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue.



DSA 4191-2: redmine regression update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4191-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : redmine
Debian Bug : 900283

The redmine security update announced as DSA-4191-1 caused regressions
with multi-value fields while doing queries on project issues due to an
bug in the patch to address CVE-2017-15569. Updated packages are now
available to correct this issue.

For the stable distribution (stretch), this problem has been fixed in
version 3.3.1-4+deb9u2.

We recommend that you upgrade your redmine packages.

For the detailed security status of redmine please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/redmine

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4217-1: wireshark security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4217-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 03, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2018-9273 CVE-2018-7320 CVE-2018-7334 CVE-2018-7335
CVE-2018-7419 CVE-2018-9261 CVE-2018-9264 CVE-2018-11358
CVE-2018-11360 CVE-2018-11362



For the oldstable distribution (jessie), these problems have been fixed
in version 1.12.1+g01b65bf-4+deb8u14.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.6+g32dac6a-2+deb9u3.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/