The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 8 LTS:
DLA 1515-1: hylafax security update
Debian GNU/Linux 9:
DSA 4300-1: libarchive-zip-perl security update
DSA 4301-1: mediawiki security update
Debian GNU/Linux 8 LTS:
DLA 1515-1: hylafax security update
Debian GNU/Linux 9:
DSA 4300-1: libarchive-zip-perl security update
DSA 4301-1: mediawiki security update
DLA 1515-1: hylafax security update
Package : hylafax
Version : 3:6.0.6-6+deb8u1
CVE ID : CVE-2018-17141
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing
input sanitising in the Hylafax fax software could potentially result in
the execution of arbitrary code via a malformed fax message.
For Debian 8 "Jessie", this problem has been fixed in version
3:6.0.6-6+deb8u1.
We recommend that you upgrade your hylafax packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4300-1: libarchive-zip-perl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4300-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libarchive-zip-perl
CVE ID : CVE-2018-10860
Debian Bug : 902882
It was discovered that Archive::Zip, a perl module for manipulation of
ZIP archives, is prone to a directory traversal vulnerability. An
attacker able to provide a specially crafted archive for processing can
take advantage of this flaw to overwrite arbitrary files during archive
extraction.
For the stable distribution (stretch), this problem has been fixed in
version 1.59-1+deb9u1.
We recommend that you upgrade your libarchive-zip-perl packages.
For the detailed security status of libarchive-zip-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libarchive-zip-perl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
DSA 4301-1: mediawiki security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4301-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : mediawiki
CVE ID : CVE-2018-0503 CVE-2018-0504 CVE-2018-0505
Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which result in incorrectly
configured rate limits, information disclosure in Special:Redirect/logid
and bypass of an account lock.
For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.5-1~deb9u1.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/