Debian 10260 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-113-1 monit security update

Debian GNU/Linux 9:
DSA 4435-1: libpng1.6 security update



ELA-113-1 monit security update

Package: monit
Version: 1:5.4-2+deb7u4
Related CVE: CVE-2019-11454 CVE-2019-11455
Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs.

CVE-2019-11454: An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file content when viewed via Monit GUI.

CVE-2019-11455: A buffer overrun vulnerability has been reported in URL decoding.

For Debian 7 Wheezy, these problems have been fixed in version 1:5.4-2+deb7u4.

We recommend that you upgrade your monit packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DSA 4435-1: libpng1.6 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4435-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libpng1.6
CVE ID : CVE-2019-7317
Debian Bug : 921355

A use-after-free vulnerability was discovered in the png_image_free()
function in the libpng PNG library, which could lead to denial of
service or potentially the execution of arbitrary code if a malformed
image is processed.

For the stable distribution (stretch), this problem has been fixed in
version 1.6.28-1+deb9u1.

We recommend that you upgrade your libpng1.6 packages.

For the detailed security status of libpng1.6 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libpng1.6

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/