Debian 10260 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1580-1: systemd security update

Debian GNU/Linux 9:
DSA 4341-1: mariadb-10.1 security update



DLA 1580-1: systemd security update

Package : systemd
Version : 215-17+deb8u8
CVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688
Debian Bug : 912005 912008

systemd was found to suffer from multiple security vulnerabilities
ranging from denial of service attacks to possible root privilege
escalation.

CVE-2018-1049

A race condition exists between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd
resulting in kernel holding the mountpoint and any processes that
try to use said mount will hang. A race condition like this may
lead to denial of service, until mount points are unmounted.

CVE-2018-15686

A vulnerability in unit_deserialize of systemd allows an attacker
to supply arbitrary state across systemd re-execution via
NotifyAccess. This can be used to improperly influence systemd
execution and possibly lead to root privilege escalation.

CVE-2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd
allows a malicious dhcp6 server to overwrite heap memory in
systemd-networkd, which is not enabled by default in Debian.

For Debian 8 "Jessie", these problems have been fixed in version
215-17+deb8u8.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--



DSA 4341-1: mariadb-10.1 security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4341-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 19, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mariadb-10.1
CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-15365 CVE-2018-2562
CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665
CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766
CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782
CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064
CVE-2018-3066 CVE-2018-3081 CVE-2018-3143 CVE-2018-3156
CVE-2018-3174 CVE-2018-3251 CVE-2018-3282
Debian Bug : 885345 898444 898445 912848

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.1.37. Please see the MariaDB 10.1 Release Notes for further
details:

https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10130-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10131-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10132-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10133-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10134-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10135-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10136-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10137-release-notes/

For the stable distribution (stretch), these problems have been fixed in
version 10.1.37-0+deb9u1.

We recommend that you upgrade your mariadb-10.1 packages.

For the detailed security status of mariadb-10.1 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.1

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/