Debian security updates come with the fixes for a number of vulnerabilities in multiple packages. the Debian project is an association of a group of individuals who created a completely free operating system.
All the affected package vulnerabilities are fixed and released between July 3 to July 9 July.
ruby-sprockets affected with path traversal vulnerability, it may lead a remote attacker to read the arbitrary files that reside outside root directly with a specially crafted request. The Vulnerability resides with version 3.7.0-1 and it was fixed with version 3.7.0-1+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-3760.
Insufficient validation with libsoup allows an attacker to cause some unspecified impact with an empty hostname. Affected version 2.48.0-1+deb8u1 & 2.56.0-2+deb9u1 and it was fixed with 2.56.0-2+deb9u2.
In Mitre’s CVE dictionary: CVE-2018-12910.
Multiple vulnerabilities found in php7.0 that includes Buffer underread, Dumpable FPM child processes, Denial of service via infinite, Denial of service via malformed LDAP Out-of-bounds. Affected version 7.2.4-1, 7.1.16-1, 7.0.29-1 and the issue fixed with 7.0.30-0+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549.
GOsa a web-based LDAP administration program suffers from a cross-site scripting vulnerability in password change web form and it has been fixed with Gosa 2.7.4+reloaded2-13+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-1000528.
Multiple vulnerabilities detected with Exiv2 that could results in denial of service if a malformed arbitrary code executed. All the vulnerabilities fixed with 0.25-3.1+deb9u1.
In Mitre’s CVE dictionary: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265.
To get all the security updated to add the following source to your sources.list file which you can see under /etc/apt/sources.list and run apt-get update && apt-get upgrade.
deb http://security.debian.org/debian-security stretch/updates main contrib non-free
Parrot Security OS 4.0 Released With Number of New Powerful Tools and with Package Updates
Kali Linux 2018.1 Released With Security Bug fixes and Updates for Important Hacking Tools
Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited,…
A critical vulnerability in BigAntSoft's enterprise chat server software has exposed ~50 internet-facing systems to…
With the growing importance of security compliance for startups, more companies are seeking to achieve…
Two critical security flaws in IBM Storage Virtualize products could enable attackers to bypass authentication…
A newly disclosed path traversal vulnerability (CVE-2024-4885) in Progress Software’s WhatsUp Gold network monitoring solution…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3,…