The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1274-1: exim4 security update
DLA 1275-1: uwsgi security update
Debian GNU/Linux 8 and 9:
DSA 4110-1: exim4 security update
Debian GNU/Linux 7 LTS:
DLA 1274-1: exim4 security update
DLA 1275-1: uwsgi security update
Debian GNU/Linux 8 and 9:
DSA 4110-1: exim4 security update
DLA 1274-1: exim4 security update
Package : exim4
Version : 4.80-7+deb7u6
CVE ID : CVE-2018-6789
Debian Bug : 890000
Meh Chang discovered a buffer overflow flaw in a utility function used
in the SMTP listener of Exim, a mail transport agent. A remote attacker
can take advantage of this flaw to cause a denial of service, or
potentially the execution of arbitrary code via a specially crafted
message.
For Debian 7 "Wheezy", this problem has been fixed in version
4.80-7+deb7u6.
We recommend that you upgrade your exim4 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1275-1: uwsgi security update
Package : uwsgi
Version : 1.2.3+dfsg-5+deb7u2
CVE ID : CVE-2018-6758
Debian Bug : 889753
It was discovered that the uwsgi_expand_path function in utils.c in
Unbit uWSGI, an application container server, has a stack-based buffer
overflow via a large directory length that can cause a
denial-of-service (application crash) or stack corruption.
For Debian 7 "Wheezy", these problems have been fixed in version
1.2.3+dfsg-5+deb7u2.
We recommend that you upgrade your uwsgi packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4110-1: exim4 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4110-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : exim4
CVE ID : CVE-2018-6789
Debian Bug : 890000
Meh Chang discovered a buffer overflow flaw in a utility function used
in the SMTP listener of Exim, a mail transport agent. A remote attacker
can take advantage of this flaw to cause a denial of service, or
potentially the execution of arbitrary code via a specially crafted
message.
For the oldstable distribution (jessie), this problem has been fixed
in version 4.84.2-2+deb8u5.
For the stable distribution (stretch), this problem has been fixed in
version 4.89-2+deb9u3.
We recommend that you upgrade your exim4 packages.
For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/