Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-131-1 suricata security update

Debian GNU/linux 8 LTS:
DLA 1828-1: python-urllib3 security update
DLA 1829-1: firefox-esr security update



ELA-131-1 suricata security update

Package: suricata
Version: 1.2.1-2+deb7u4
Related CVE: CVE-2019-10053
It was discovered that suricata, the network threat detection engine, is vulnerable to a buffer overflow issue when parsing SSH banners. This flaw might be leveraged by remote attackers to cause unauthorized disclosure and modification of information, or denial of service via a crafted SSH banner.

For Debian 7 Wheezy, these problems have been fixed in version 1.2.1-2+deb7u4.

We recommend that you upgrade your suricata packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1828-1: python-urllib3 security update

Package : python-urllib3
Version : 1.9.1-3+deb8u1
CVE ID : CVE-2019-11236
Debian Bug : 927172


A vulnerability was discovered in python-urllib3, an HTTP library with
thread-safe connection pooling, whereby an attacker can inject CRLF
characters in the request parameter.

For Debian 8 "Jessie", this problem has been fixed in version
1.9.1-3+deb8u1.

We recommend that you upgrade your python-urllib3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1829-1: firefox-esr security update




Package : firefox-esr
Version : 60.7.1esr-1~deb8u1
CVE ID : CVE-2019-11707

Samuel Gross discovered a type confusion bug in the JavaScript engine of
the Mozilla Firefox web browser, which could result in the execution of
arbitrary code when browsing a malicious website.

For Debian 8 "Jessie", this problem has been fixed in version
60.7.1esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS