Re: Debian Security Advisory January 21, 2018 05:00PM |
Admin Registered: 13 years ago Posts: 18,853 |
Re: Debian Security Advisory May 18, 2018 10:00PM |
Admin Registered: 13 years ago Posts: 18,853 |
Quote
Debian Security Advisory DSA-4205-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
This is an advance notice that regular security support for Debian
GNU/Linux 8 (code name "jessie") will be terminated on the 17th of
June.
As with previous releases additional LTS support will be provided for
a reduced set of architectures and packages, a separate announcement
will be available in due time.
Re: Debian Security Advisory March 22, 2020 09:14PM |
Admin Registered: 13 years ago Posts: 18,853 |
Re: Debian Security Advisory June 03, 2021 04:05PM |
Admin Registered: 13 years ago Posts: 18,853 |
Re: Debian Security Advisory May 25, 2022 05:05PM |
Admin Registered: 13 years ago Posts: 18,853 |
Re: Debian Security Advisory June 10, 2022 08:24PM |
Admin Registered: 13 years ago Posts: 18,853 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5160-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 10, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ntfs-3g
CVE ID : CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
Debian Bug : 1011770
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS
driver for FUSE. A local user can take advantage of these flaws for
local root privilege escalation.
For the oldstable distribution (buster), these problems have been fixed
in version 1:2017.3.23AR.3-3+deb10u2.
For the stable distribution (bullseye), these problems have been fixed in
version 1:2017.3.23AR.3-4+deb11u2.
We recommend that you upgrade your ntfs-3g packages.
Re: Debian Security Advisory August 15, 2023 12:03AM |
Admin Registered: 13 years ago Posts: 18,853 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5477-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 14, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967
CVE-2023-34968
Debian Bug : 1041043
Several vulnerabilities have been discovered in Samba, which could result
in information disclosure, denial of service or insufficient enforcement
of security-relevant config directives.
The version of Samba in the oldstable distribution (bullseye) cannot be
fully supported further: If you are using Samba as a domain controller
you should either upgrade to the stable distribution or if that's not
an immediate option consider to migrate to Samba from bullseye-backports
(which will be kept updated to the version in stable). Operating Samba
as a file/print server will continue to be supported, a separate DSA
will provide an update update along with documentation about the scope
of continued support.
For the stable distribution (bookworm), these problems have been fixed in
version 2:4.17.10+dfsg-0+deb12u1.
We recommend that you upgrade your samba packages.
Quote
The version of Samba in the oldstable distribution (bullseye) cannot be
fully supported further: If you are using Samba as a domain controller
you should either upgrade to the stable distribution or if that's not
an immediate option consider to migrate to Samba from bullseye-backports
Re: Debian Security Advisory October 06, 2023 03:04PM |
Admin Registered: 13 years ago Posts: 18,853 |
dpkg -l | grep -i exim
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5512-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 02, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : exim4
CVE ID : CVE-2023-42114 CVE-2023-42115 CVE-2023-42116
Several vulnerabilities were discovered in Exim, a mail transport agent,
which could result in remote code execution if the EXTERNAL or SPA/NTLM
authenticators are used.
For the oldstable distribution (bullseye), these problems have been fixed
in version 4.94.2-7+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 4.96-15+deb12u2.
We recommend that you upgrade your exim4 packages.
Re: Debian Security Advisory March 29, 2024 05:52PM |
Admin Registered: 13 years ago Posts: 18,853 |
Quote
Andres Freund has posted a detailed investigation into a backdoor that was shipped with versions 5.6.0 and 5.6.1 of the xz compression utility. It appears that the malicious code may be aimed at allowing SSH authentication to be bypassed.
Update: there are advisories out now from Arch, Debian, Red Hat, and openSUSE.
Quote
Andres Freund discovered that the upstream source tarballs for xz-utils,
the XZ-format compression utilities, are compromised and inject
malicious code, at build time, into the resulting liblzma5 library.
Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and
experimental distributions, with versions ranging from 5.5.1alpha-0.1
(uploaded on 2024-02-01), up to and including 5.6.1-1. The package has
been reverted to use the upstream 5.4.5 code, which we have versioned
5.6.1+really5.4.5-1.
ii xz-utils 5.4.1-0.2 armel XZ-format compression utilities