Thursday, March 28, 2024

Debian 9.5 Released With Fix for Spectre v2 and Other Security Issues

Debian 9.5 released with the fix for a number of security issues including Spectre and the update covers other Miscellaneous Bugfixes.

The release is not completely a new version of Debian 9, it includes only the updates for some of the packages and users can upgrade to the current versions using an up-to-date Debian mirror.

According to Debian release notes users “who install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations.”

Here you can find the comprehensive list of HTTP mirrors.

Debian 9.5 Released  – Important Bugfixes

adminer: Don’t allow connections to privileged ports [CVE-2018-7667]

apache2: high memory usage and potential crash [CVE-2018-1302];

blktrace: Fix buffer overflow in btt [CVE-2018-10689]

faad2: Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]

file: Avoid reading past the end of buffer [CVE-2018-10360]

freedink-dfarc: Fix directory traversal in D-Mod extractor [CVE-2018-0496]

ghostscript: Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite – Guard against trying to output an infinite number [CVE-2018-10194]

git-annex: Security fixes [CVE-2018-10857 CVE-2018-10859]

intel-microcode: Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]

libextractor: Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]

liblouis: Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]

miniupnpd: Fix DoS [CVE-2017-1000494]

patch: Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]

salt: Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]

xapian-core: Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]

xerces-c: Fix Denial of Service via external DTD reference [CVE-2017-12627]

Also Read

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Adobe Released Security Updates & Fixes for 112 Vulnerabilities that Affected Adobe Products

Cisco Released Security Updates and Fixed Critical Vulnerabilities that Affected Cisco Products

WiFi Hacking Tool Aircrack-ng 1.3 Released with New Features, Speed Up & Bug Fixes

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles