Debian security updates come with the fixes for a number of vulnerabilities in multiple packages. the Debian project is an association of a group of individuals who created a completely free operating system.
All the affected package vulnerabilities are fixed and released between July 3 to July 9 July.
Debian security updates for Affected Packages
ruby-sprockets affected with path traversal vulnerability, it may lead a remote attacker to read the arbitrary files that reside outside root directly with a specially crafted request. The Vulnerability resides with version 3.7.0-1 and it was fixed with version 3.7.0-1+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-3760.
Insufficient validation with libsoup allows an attacker to cause some unspecified impact with an empty hostname. Affected version 2.48.0-1+deb8u1 & 2.56.0-2+deb9u1 and it was fixed with 2.56.0-2+deb9u2.
In Mitre’s CVE dictionary: CVE-2018-12910.
Multiple vulnerabilities found in php7.0 that includes Buffer underread, Dumpable FPM child processes, Denial of service via infinite, Denial of service via malformed LDAP Out-of-bounds. Affected version 7.2.4-1, 7.1.16-1, 7.0.29-1 and the issue fixed with 7.0.30-0+deb9u1.
GOsa a web-based LDAP administration program suffers from a cross-site scripting vulnerability in password change web form and it has been fixed with Gosa 2.7.4+reloaded2-13+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-1000528.
Multiple vulnerabilities detected with Exiv2 that could results in denial of service if a malformed arbitrary code executed. All the vulnerabilities fixed with 0.25-3.1+deb9u1.
How to Update
To get all the security updated to add the following source to your sources.list file which you can see under /etc/apt/sources.list and run apt-get update && apt-get upgrade.
deb http://security.debian.org/debian-security stretch/updates main contrib non-free