Friday, February 28, 2025
Follow us On Linkedin
HomeComputer SecurityDebian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Computer SecuritySecurity Update

Published on

By Gurubaran
Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Debian security updates come with the fixes for a number of vulnerabilities in multiple packages. the Debian project is an association of a group of individuals who created a completely free operating system.

All the affected package vulnerabilities are fixed and released between July 3 to July 9  July.

Debian security updates for Affected Packages

ruby-sprockets

ruby-sprockets affected with path traversal vulnerability, it may lead a remote attacker to read the arbitrary files that reside outside root directly with a specially crafted request. The Vulnerability resides with version 3.7.0-1 and it was fixed with version 3.7.0-1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-3760.

libsoup2.4

Insufficient validation with libsoup allows an attacker to cause some unspecified impact with an empty hostname. Affected version 2.48.0-1+deb8u1 & 2.56.0-2+deb9u1 and it was fixed with 2.56.0-2+deb9u2.

In Mitre’s CVE dictionary: CVE-2018-12910.

php7.0

Multiple vulnerabilities found in php7.0 that includes Buffer underread, Dumpable FPM child processes, Denial of service via infinite, Denial of service via malformed LDAP Out-of-bounds. Affected version 7.2.4-1, 7.1.16-1, 7.0.29-1 and the issue fixed with 7.0.30-0+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549.

GOsa

GOsa a web-based LDAP administration program suffers from a cross-site scripting vulnerability in password change web form and it has been fixed with Gosa 2.7.4+reloaded2-13+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-1000528.

Exiv2

Multiple vulnerabilities detected with Exiv2 that could results in denial of service if a malformed arbitrary code executed. All the vulnerabilities fixed with 0.25-3.1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265.

How to Update

To get all the security updated to add the following source to your sources.list file which you can see under /etc/apt/sources.list and run apt-get update && apt-get upgrade.

deb http://security.debian.org/debian-security stretch/updates main contrib non-free

Also Read

Parrot Security OS 4.0 Released With Number of New Powerful Tools and with Package Updates

Kali Linux 2018.1 Released With Security Bug fixes and Updates for Important Hacking Tools

Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Chinese Hackers Breach Belgium State Security Service as Investigation Continues

Belgium’s State Security Service (VSSE) has suffered what is being described as its most...
cyber security

Hacktivist Groups Emerge With Powerful Tools for Large-Scale Cyber Operations

Hacktivism, once synonymous with symbolic website defacements and distributed denial-of-service (DDoS) attacks, has evolved...
Cyber Attack

New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access

Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable...
Cyber Security News

Chinese Hackers Exploit Check Point VPN Zero-Day to Target Organizations Globally

A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

Ghidra 11.3 Released – A Major Update to NSA’s Open-Source Tool

The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of...
Android

Android Security Update Fixes Linux Kernel RCE Flaw Allow Read/Write Access

On February 3, 2025, Google published its February Android Security Bulletin, which addresses a...
cyber security

Beware of SmartApeSG Campaigns that Deliver NetSupport RAT

SmartApeSG, a FakeUpdate cyber threat, has emerged as a significant vector for delivering NetSupport...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved