The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1363-1: ghostscript security update
DLA 1364-1: openslp-dfsg security update
Debian GNU/Linux 8 and 9:
DSA 4180-1: drupal7 security update
Debian GNU/Linux 7 LTS:
DLA 1363-1: ghostscript security update
DLA 1364-1: openslp-dfsg security update
Debian GNU/Linux 8 and 9:
DSA 4180-1: drupal7 security update
DLA 1363-1: ghostscript security update
Package : ghostscript
Version : 9.05~dfsg-6.3+deb7u8
CVE ID : CVE-2018-10194
Debian Bug : 896069
It was discovered that the set_text_distance function in
base/gdevpdts.c in the pdfwrite component in Ghostscript does not
prevent overflows in text-positioning calculation, which allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PDF document.
For Debian 7 "Wheezy", these problems have been fixed in version
9.05~dfsg-6.3+deb7u8.
We recommend that you upgrade your ghostscript packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1364-1: openslp-dfsg security update
Package : openslp-dfsg
Version : 1.2.1-9+deb7u2
CVE ID : CVE-2017-17833
CVE-2017-17833
An issue has been found in openslp that is related to heap memory
corruption, which may result in a denial-of-service or remote
code execution.
For Debian 7 "Wheezy", these problems have been fixed in version
1.2.1-9+deb7u2.
We recommend that you upgrade your openslp-dfsg packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4180-1: drupal7 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4180-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : drupal7
CVE ID : CVE-2018-7602
Debian Bug : 896701
A remote code execution vulnerability has been found in Drupal, a
fully-featured content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.org/sa-core-2018-004
For the oldstable distribution (jessie), this problem has been fixed
in version 7.32-1+deb8u12.
For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u4.
We recommend that you upgrade your drupal7 packages.
For the detailed security status of drupal7 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/drupal7
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/