Categories: Security Update

Debian 9.5 Released With Fix for Spectre v2 and Other Security Issues

Debian 9.5 released with the fix for a number of security issues including Spectre and the update covers other Miscellaneous Bugfixes.

The release is not completely a new version of Debian 9, it includes only the updates for some of the packages and users can upgrade to the current versions using an up-to-date Debian mirror.

According to Debian release notes users “who install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations.”

Here you can find the comprehensive list of HTTP mirrors.

Debian 9.5 Released  – Important Bugfixes

adminer: Don’t allow connections to privileged ports [CVE-2018-7667]

apache2: high memory usage and potential crash [CVE-2018-1302];

blktrace: Fix buffer overflow in btt [CVE-2018-10689]

faad2: Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]

file: Avoid reading past the end of buffer [CVE-2018-10360]

freedink-dfarc: Fix directory traversal in D-Mod extractor [CVE-2018-0496]

ghostscript: Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite – Guard against trying to output an infinite number [CVE-2018-10194]

git-annex: Security fixes [CVE-2018-10857 CVE-2018-10859]

intel-microcode: Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]

libextractor: Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]

liblouis: Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]

miniupnpd: Fix DoS [CVE-2017-1000494]

patch: Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]

salt: Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]

xapian-core: Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]

xerces-c: Fix Denial of Service via external DTD reference [CVE-2017-12627]

Also Read

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Adobe Released Security Updates & Fixes for 112 Vulnerabilities that Affected Adobe Products

Cisco Released Security Updates and Fixed Critical Vulnerabilities that Affected Cisco Products

WiFi Hacking Tool Aircrack-ng 1.3 Released with New Features, Speed Up & Bug Fixes

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Cyberattack on Serviceaide Compromises Data of 480,000 Catholic Health Patients

Data breach at Serviceaide, Inc., a technology vendor for Catholic Health, exposed sensitive information belonging…

15 minutes ago

Threat Actors Deploy Bumblebee Malware via Poisoned Bing SEO Results

A newly identified cyberattack campaign has revealed the persistent and evolving threat of Bumblebee malware,…

27 minutes ago

Security Flaw in WordPress Plugin Puts 22,000 Websites at Risk of Cyber Attacks

Critical security vulnerability has been discovered in Motors, a popular WordPress theme with over 22,000…

45 minutes ago

Critical VMware Cloud Foundation Vulnerability Exposes Sensitive Data

Broadcom's VMware division has disclosed three significant security vulnerabilities in its Cloud Foundation platform that…

46 minutes ago

Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure

Cybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in…

56 minutes ago

WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks

A severe security flaw has been uncovered in the Motors WordPress theme, a popular choice…

2 hours ago