Debian 10230 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1634-1: wireshark security update

Debian GNU/Linux 9:
DSA 4367-2: systemd regression update



DLA 1634-1: wireshark security update




Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u16
CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747
CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409
CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997
CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325
CVE-2018-7331 CVE-2018-7336 CVE-2018-7417 CVE-2018-7418
CVE-2018-7420 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260
CVE-2018-9262 CVE-2018-9263 CVE-2018-9265 CVE-2018-9267
CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11356
CVE-2018-11357 CVE-2018-11359 CVE-2018-16057 CVE-2018-16058
CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625
CVE-2018-19626


Several issues in wireshark, a tool that captures and analyzes packets
off the wire, have been found by different people.
These are basically issues with length checks or invalid memory access in
different dissectors. This could result in infinite loops or crashes by
malicious packets.

For Debian 8 "Jessie", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u16.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4367-2: systemd regression update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4367-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 15, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : systemd

The Qualys Research Labs reported that the backported security fixes
shipped in DSA 4367-1 contained a memory leak in systemd-journald. This
and an unrelated bug in systemd-coredump are corrected in this update.

Note that as the systemd-journald service is not restarted automatically
a restart of the service or more safely a reboot is advised.

For the stable distribution (stretch), these problems have been fixed in
version 232-25+deb9u8.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/