Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1274-1: exim4 security update
DLA 1275-1: uwsgi security update

Debian GNU/Linux 8 and 9:
DSA 4110-1: exim4 security update



DLA 1274-1: exim4 security update




Package : exim4
Version : 4.80-7+deb7u6
CVE ID : CVE-2018-6789
Debian Bug : 890000

Meh Chang discovered a buffer overflow flaw in a utility function used
in the SMTP listener of Exim, a mail transport agent. A remote attacker
can take advantage of this flaw to cause a denial of service, or
potentially the execution of arbitrary code via a specially crafted
message.

For Debian 7 "Wheezy", this problem has been fixed in version
4.80-7+deb7u6.

We recommend that you upgrade your exim4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1275-1: uwsgi security update




Package : uwsgi
Version : 1.2.3+dfsg-5+deb7u2
CVE ID : CVE-2018-6758
Debian Bug : 889753

It was discovered that the uwsgi_expand_path function in utils.c in
Unbit uWSGI, an application container server, has a stack-based buffer
overflow via a large directory length that can cause a
denial-of-service (application crash) or stack corruption.

For Debian 7 "Wheezy", these problems have been fixed in version
1.2.3+dfsg-5+deb7u2.

We recommend that you upgrade your uwsgi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4110-1: exim4 security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4110-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2018-6789
Debian Bug : 890000

Meh Chang discovered a buffer overflow flaw in a utility function used
in the SMTP listener of Exim, a mail transport agent. A remote attacker
can take advantage of this flaw to cause a denial of service, or
potentially the execution of arbitrary code via a specially crafted
message.

For the oldstable distribution (jessie), this problem has been fixed
in version 4.84.2-2+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 4.89-2+deb9u3.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/