The following updates has been released for Debian GNU/Linux 8 LTS:
DLA 1762-2: systemd regression update
DLA 1766-1: evolution security update
DLA 1767-1: monit security update
DLA 1762-2: systemd regression update
DLA 1766-1: evolution security update
DLA 1767-1: monit security update
DLA 1762-2: systemd regression update
Package : systemd
Version : 215-17+deb8u13
In the recently uploaded systemd security update (215-17+deb8u12 via
DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.
The observation of Debian jessie LTS users was, that after upgrading to
+deb8u12 temporary files would not have the correct ownerships and
permissions anymore (instead of a file being owned by a specific user
and/or group, files were being owned by root:root; setting POSIX file
permissions (rwx, etc.) was also affected).
For Debian 8 "Jessie", this regression problem has been fixed in version
215-17+deb8u13.
We recommend that you upgrade your systemd packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1766-1: evolution security update
Package : evolution
Version : 3.12.9~git20141130.241663-1+deb8u1
CVE ID : CVE-2018-15587
Debian Bug : 924616
Hanno Böck discovered that GNOME Evolution is prone to OpenPGP
signatures being spoofed for arbitrary messages using a specially
crafted HTML email. This issue was mitigated by moving the security
bar with encryption and signature information above the message headers.
For Debian 8 "Jessie", this problem has been fixed in version
3.12.9~git20141130.241663-1+deb8u1.
We recommend that you upgrade your evolution packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1767-1: monit security update
Package : monit
Version : 1:5.9-1+deb8u2
CVE ID : CVE-2019-11454 CVE-2019-11455
Zack Flack found several issues in monit, a utility for monitoring and
managing daemons or similar programs.
CVE-2019-11454
An XSS vulnerabilitty has been reported that could be prevented by
HTML escaping the log file content when viewed via Monit GUI.
CVE-2019-11455
A buffer overrun vulnerability has been reported in URL decoding.
For Debian 8 "Jessie", these problems have been fixed in version
1:5.9-1+deb8u2.
We recommend that you upgrade your monit packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
