Debian 10270 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1762-2: systemd regression update
DLA 1766-1: evolution security update
DLA 1767-1: monit security update



DLA 1762-2: systemd regression update

Package : systemd
Version : 215-17+deb8u13


In the recently uploaded systemd security update (215-17+deb8u12 via
DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.

The observation of Debian jessie LTS users was, that after upgrading to
+deb8u12 temporary files would not have the correct ownerships and
permissions anymore (instead of a file being owned by a specific user
and/or group, files were being owned by root:root; setting POSIX file
permissions (rwx, etc.) was also affected).


For Debian 8 "Jessie", this regression problem has been fixed in version
215-17+deb8u13.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1766-1: evolution security update




Package : evolution
Version : 3.12.9~git20141130.241663-1+deb8u1
CVE ID : CVE-2018-15587
Debian Bug : 924616


Hanno Böck discovered that GNOME Evolution is prone to OpenPGP
signatures being spoofed for arbitrary messages using a specially
crafted HTML email. This issue was mitigated by moving the security
bar with encryption and signature information above the message headers.

For Debian 8 "Jessie", this problem has been fixed in version
3.12.9~git20141130.241663-1+deb8u1.

We recommend that you upgrade your evolution packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1767-1: monit security update




Package : monit
Version : 1:5.9-1+deb8u2
CVE ID : CVE-2019-11454 CVE-2019-11455


Zack Flack found several issues in monit, a utility for monitoring and
managing daemons or similar programs.

CVE-2019-11454
An XSS vulnerabilitty has been reported that could be prevented by
HTML escaping the log file content when viewed via Monit GUI.

CVE-2019-11455
A buffer overrun vulnerability has been reported in URL decoding.


For Debian 8 "Jessie", these problems have been fixed in version
1:5.9-1+deb8u2.

We recommend that you upgrade your monit packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS