Categories: Security Update

Debian 9.5 Released With Fix for Spectre v2 and Other Security Issues

Debian 9.5 released with the fix for a number of security issues including Spectre and the update covers other Miscellaneous Bugfixes.

The release is not completely a new version of Debian 9, it includes only the updates for some of the packages and users can upgrade to the current versions using an up-to-date Debian mirror.

According to Debian release notes users “who install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations.”

Here you can find the comprehensive list of HTTP mirrors.

Debian 9.5 Released  – Important Bugfixes

adminer: Don’t allow connections to privileged ports [CVE-2018-7667]

apache2: high memory usage and potential crash [CVE-2018-1302];

blktrace: Fix buffer overflow in btt [CVE-2018-10689]

faad2: Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]

file: Avoid reading past the end of buffer [CVE-2018-10360]

freedink-dfarc: Fix directory traversal in D-Mod extractor [CVE-2018-0496]

ghostscript: Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite – Guard against trying to output an infinite number [CVE-2018-10194]

git-annex: Security fixes [CVE-2018-10857 CVE-2018-10859]

intel-microcode: Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]

libextractor: Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]

liblouis: Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]

miniupnpd: Fix DoS [CVE-2017-1000494]

patch: Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]

salt: Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]

xapian-core: Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]

xerces-c: Fix Denial of Service via external DTD reference [CVE-2017-12627]

Also Read

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Adobe Released Security Updates & Fixes for 112 Vulnerabilities that Affected Adobe Products

Cisco Released Security Updates and Fixed Critical Vulnerabilities that Affected Cisco Products

WiFi Hacking Tool Aircrack-ng 1.3 Released with New Features, Speed Up & Bug Fixes

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a…

7 hours ago

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy…

8 hours ago

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing…

8 hours ago

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology platform…

8 hours ago

Tsunami Malware Surge: Blending Miners and Credential Stealers in Active Attacks

Security researchers have recently discovered a sophisticated malware operation called the "Tsunami-Framework" that combines credential…

8 hours ago

The Double-Edged Sword of AI in Cybersecurity: Threats, Defenses & the Dark Web Insights Report 2025

Check Point Research's latest AI Security Report 2025 reveals a rapidly evolving cybersecurity landscape where…

9 hours ago