Thursday, October 10, 2024
HomeSecurity UpdateDebian 9.5 Released With Fix for Spectre v2 and Other Security Issues

Debian 9.5 Released With Fix for Spectre v2 and Other Security Issues

Published on

Debian 9.5 released with the fix for a number of security issues including Spectre and the update covers other Miscellaneous Bugfixes.

The release is not completely a new version of Debian 9, it includes only the updates for some of the packages and users can upgrade to the current versions using an up-to-date Debian mirror.

According to Debian release notes users “who install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations.”

- Advertisement - EHA

Here you can find the comprehensive list of HTTP mirrors.

Debian 9.5 Released  – Important Bugfixes

adminer: Don’t allow connections to privileged ports [CVE-2018-7667]

apache2: high memory usage and potential crash [CVE-2018-1302];

blktrace: Fix buffer overflow in btt [CVE-2018-10689]

faad2: Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]

file: Avoid reading past the end of buffer [CVE-2018-10360]

freedink-dfarc: Fix directory traversal in D-Mod extractor [CVE-2018-0496]

ghostscript: Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite – Guard against trying to output an infinite number [CVE-2018-10194]

git-annex: Security fixes [CVE-2018-10857 CVE-2018-10859]

intel-microcode: Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]

libextractor: Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]

liblouis: Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]

miniupnpd: Fix DoS [CVE-2017-1000494]

patch: Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]

salt: Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]

xapian-core: Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]

xerces-c: Fix Denial of Service via external DTD reference [CVE-2017-12627]

Also Read

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Adobe Released Security Updates & Fixes for 112 Vulnerabilities that Affected Adobe Products

Cisco Released Security Updates and Fixed Critical Vulnerabilities that Affected Cisco Products

WiFi Hacking Tool Aircrack-ng 1.3 Released with New Features, Speed Up & Bug Fixes

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Parrot Security OS 6.1 Released – What’s New

The Parrot Security team has officially announced the release of Parrot OS 6.1, the...

SAP Security: Code Injection & Other Vulnerabilities Patched

Organizations using SAP products are urged to prioritize patching vulnerabilities outlined in the latest...

Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS

Android has fixed 37 vulnerabilities that were impacting its devices with the release of...