Friday, April 26, 2024

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

By Guru baran

Debian security updates come with the fixes for a number of vulnerabilities in multiple packages. the Debian project is an association of a group of individuals who created a completely free operating system.

All the affected package vulnerabilities are fixed and released between July 3 to July 9  July.

Debian security updates for Affected Packages

ruby-sprockets

ruby-sprockets affected with path traversal vulnerability, it may lead a remote attacker to read the arbitrary files that reside outside root directly with a specially crafted request. The Vulnerability resides with version 3.7.0-1 and it was fixed with version 3.7.0-1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-3760.

libsoup2.4

Insufficient validation with libsoup allows an attacker to cause some unspecified impact with an empty hostname. Affected version 2.48.0-1+deb8u1 & 2.56.0-2+deb9u1 and it was fixed with 2.56.0-2+deb9u2.

In Mitre’s CVE dictionary: CVE-2018-12910.

php7.0

Multiple vulnerabilities found in php7.0 that includes Buffer underread, Dumpable FPM child processes, Denial of service via infinite, Denial of service via malformed LDAP Out-of-bounds. Affected version 7.2.4-1, 7.1.16-1, 7.0.29-1 and the issue fixed with 7.0.30-0+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549.

GOsa

GOsa a web-based LDAP administration program suffers from a cross-site scripting vulnerability in password change web form and it has been fixed with Gosa 2.7.4+reloaded2-13+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-1000528.

Exiv2

Multiple vulnerabilities detected with Exiv2 that could results in denial of service if a malformed arbitrary code executed. All the vulnerabilities fixed with 0.25-3.1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265.

How to Update

To get all the security updated to add the following source to your sources.list file which you can see under /etc/apt/sources.list and run apt-get update && apt-get upgrade.

deb http://security.debian.org/debian-security stretch/updates main contrib non-free

Also Read

Parrot Security OS 4.0 Released With Number of New Powerful Tools and with Package Updates

Kali Linux 2018.1 Released With Security Bug fixes and Updates for Important Hacking Tools

Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed

Managed WAF Protection

Website

Latest articles

cyber security

Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox

Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch...
cyber security

Beware! Zero-click RCE Exploit for iMessage Circulating on Hacker Forums

A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit...
Cyber Attack

New DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder

Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which...
cyber security

JudgeO Online Code Editor Flaw Let Attackers Execute Code as Root User

A critical flaw has been identified in the popular online code editor, JudgeO.If...
Cyber Attack

Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised...
Cisco

Alert! Cisco Releases Critical Security Updates to Fix 2 ASA Firewall 0-Days

Cisco has released critical security updates to address multiple vulnerabilities in its Adaptive Security...
cyber security

Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files

Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]