Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1515-1: hylafax security update

Debian GNU/Linux 9:
DSA 4300-1: libarchive-zip-perl security update
DSA 4301-1: mediawiki security update



DLA 1515-1: hylafax security update




Package : hylafax
Version : 3:6.0.6-6+deb8u1
CVE ID : CVE-2018-17141


Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing
input sanitising in the Hylafax fax software could potentially result in
the execution of arbitrary code via a malformed fax message.


For Debian 8 "Jessie", this problem has been fixed in version
3:6.0.6-6+deb8u1.

We recommend that you upgrade your hylafax packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4300-1: libarchive-zip-perl security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4300-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libarchive-zip-perl
CVE ID : CVE-2018-10860
Debian Bug : 902882

It was discovered that Archive::Zip, a perl module for manipulation of
ZIP archives, is prone to a directory traversal vulnerability. An
attacker able to provide a specially crafted archive for processing can
take advantage of this flaw to overwrite arbitrary files during archive
extraction.

For the stable distribution (stretch), this problem has been fixed in
version 1.59-1+deb9u1.

We recommend that you upgrade your libarchive-zip-perl packages.

For the detailed security status of libarchive-zip-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libarchive-zip-perl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4301-1: mediawiki security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4301-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2018-0503 CVE-2018-0504 CVE-2018-0505

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which result in incorrectly
configured rate limits, information disclosure in Special:Redirect/logid
and bypass of an account lock.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.5-1~deb9u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/