Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Debian security updates come with the fixes for a number of vulnerabilities in multiple packages. the Debian project is an association of a group of individuals who created a completely free operating system.

All the affected package vulnerabilities are fixed and released between July 3 to July 9  July.

Debian security updates for Affected Packages

ruby-sprockets

ruby-sprockets affected with path traversal vulnerability, it may lead a remote attacker to read the arbitrary files that reside outside root directly with a specially crafted request. The Vulnerability resides with version 3.7.0-1 and it was fixed with version 3.7.0-1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-3760.

libsoup2.4

Insufficient validation with libsoup allows an attacker to cause some unspecified impact with an empty hostname. Affected version 2.48.0-1+deb8u1 & 2.56.0-2+deb9u1 and it was fixed with 2.56.0-2+deb9u2.

In Mitre’s CVE dictionary: CVE-2018-12910.

php7.0

Multiple vulnerabilities found in php7.0 that includes Buffer underread, Dumpable FPM child processes, Denial of service via infinite, Denial of service via malformed LDAP Out-of-bounds. Affected version 7.2.4-1, 7.1.16-1, 7.0.29-1 and the issue fixed with 7.0.30-0+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549.

GOsa

GOsa a web-based LDAP administration program suffers from a cross-site scripting vulnerability in password change web form and it has been fixed with Gosa 2.7.4+reloaded2-13+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-1000528.

Exiv2

Multiple vulnerabilities detected with Exiv2 that could results in denial of service if a malformed arbitrary code executed. All the vulnerabilities fixed with 0.25-3.1+deb9u1.

In Mitre’s CVE dictionary: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265.

How to Update

To get all the security updated to add the following source to your sources.list file which you can see under /etc/apt/sources.list and run apt-get update && apt-get upgrade.

deb http://security.debian.org/debian-security stretch/updates main contrib non-free

Also Read

Parrot Security OS 4.0 Released With Number of New Powerful Tools and with Package Updates

Kali Linux 2018.1 Released With Security Bug fixes and Updates for Important Hacking Tools

Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on…

1 hour ago

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI)…

1 hour ago

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise…

1 hour ago

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in…

3 hours ago

Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff

The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate…

3 hours ago

Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers

A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous…

3 hours ago