Debian 10263 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1530-1: imagemagick security update
DLA 1531-1: linux-4.9 security update

Debian GNU/Linux 9:
DSA 4310-1: firefox-esr security update



DLA 1530-1: imagemagick security update

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u14
CVE ID : CVE-2018-16412 CVE-2018-16413 CVE-2018-16642
CVE-2018-16643 CVE-2018-16644 CVE-2018-16645
CVE-2018-16749


Several security vulnerabilities were discovered in ImageMagick, an
image manipulation program, that allow remote attackers to cause denial
of service (application crash, excessive memory allocation, or other
unspecified effects) or out of bounds memory access via DCM, PWP, CALS,
PICT, BMP, DIB, or PNG image files.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u14.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1531-1: linux-4.9 security update

Package : linux-4.9
Version : 4.9.110-3+deb9u5~deb8u1
CVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363
CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099
CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678
CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
CVE-2018-16658 CVE-2018-17182

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2018-6554

A memory leak in the irda_bind function in the irda subsystem was
discovered. A local user can take advantage of this flaw to cause a
denial of service (memory consumption).

CVE-2018-6555

A flaw was discovered in the irda_setsockopt function in the irda
subsystem, allowing a local user to cause a denial of service
(use-after-free and system crash).

CVE-2018-7755

Brian Belleville discovered a flaw in the fd_locked_ioctl function
in the floppy driver in the Linux kernel. The floppy driver copies a
kernel pointer to user memory in response to the FDGETPRM ioctl. A
local user with access to a floppy drive device can take advantage
of this flaw to discover the location kernel code and data.

CVE-2018-9363

It was discovered that the Bluetooth HIDP implementation did not
correctly check the length of received report messages. A paired
HIDP device could use this to cause a buffer overflow, leading to
denial of service (memory corruption or crash) or potentially
remote code execution.

CVE-2018-9516

It was discovered that the HID events interface in debugfs did not
correctly limit the length of copies to user buffers. A local
user with access to these files could use this to cause a
denial of service (memory corruption or crash) or possibly for
privilege escalation. However, by default debugfs is only
accessible by the root user.

CVE-2018-10902

It was discovered that the rawmidi kernel driver does not protect
against concurrent access which leads to a double-realloc (double
free) flaw. A local attacker can take advantage of this issue for
privilege escalation.

CVE-2018-10938

Yves Younan from Cisco reported that the Cipso IPv4 module did not
correctly check the length of IPv4 options. On custom kernels with
CONFIG_NETLABEL enabled, a remote attacker could use this to cause
a denial of service (hang).

CVE-2018-13099

Wen Xu from SSLab at Gatech reported a use-after-free bug in the
F2FS implementation. An attacker able to mount a crafted F2FS
volume could use this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.

CVE-2018-14609

Wen Xu from SSLab at Gatech reported a potential null pointer
dereference in the F2FS implementation. An attacker able to mount
arbitrary F2FS volumes could use this to cause a denial of service
(crash).

CVE-2018-14617

Wen Xu from SSLab at Gatech reported a potential null pointer
dereference in the HFS+ implementation. An attacker able to mount
arbitrary HFS+ volumes could use this to cause a denial of service
(crash).

CVE-2018-14633

Vincent Pelletier discovered a stack-based buffer overflow flaw in
the chap_server_compute_md5() function in the iSCSI target code. An
unauthenticated remote attacker can take advantage of this flaw to
cause a denial of service or possibly to get a non-authorized access
to data exported by an iSCSI target.

CVE-2018-14678

M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
kernel exit code used on amd64 systems running as Xen PV guests.
A local user could use this to cause a denial of service (crash).

CVE-2018-14734

A use-after-free bug was discovered in the InfiniBand
communication manager. A local user could use this to cause a
denial of service (crash or memory corruption) or possible for
privilege escalation.

CVE-2018-15572

Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
Nael Abu-Ghazaleh, from University of California, Riverside,
reported a variant of Spectre variant 2, dubbed SpectreRSB. A
local user may be able to use this to read sensitive information
from processes owned by other users.

CVE-2018-15594

Nadav Amit reported that some indirect function calls used in
paravirtualised guests were vulnerable to Spectre variant 2. A
local user may be able to use this to read sensitive information
from the kernel.

CVE-2018-16276

Jann Horn discovered that the yurex driver did not correctly limit
the length of copies to user buffers. A local user with access to
a yurex device node could use this to cause a denial of service
(memory corruption or crash) or possibly for privilege escalation.

CVE-2018-16658

It was discovered that the cdrom driver does not correctly
validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user
with access to a cdrom device could use this to read sensitive
information from the kernel or to cause a denial of service
(crash).

CVE-2018-17182

Jann Horn discovered that the vmacache_flush_all function mishandles
sequence number overflows. A local user can take advantage of this
flaw to trigger a use-after-free, causing a denial of service
(crash or memory corruption) or privilege escalation.

For Debian 8 "Jessie", these problems have been fixed in version
4.9.110-3+deb9u5~deb8u1.

We recommend that you upgrade your linux-4.9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams



DSA 4310-1: firefox-esr security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4310-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 03, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-12386 CVE-2018-12387

Two security issues have been found in the Mozilla Firefox web browser,
which could potentially result in the execution of arbitrary code inside
the sandboxed content process.

For the stable distribution (stretch), these problems have been fixed in
version 60.2.2esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/