Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.

It has been discovered that OTRS (Open source Ticket Request System) is susceptible to code injection vulnerability. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling.

For Debian 8 'Jessie', this problem has been fixed in version 3.3.18-1+deb8u8.

We recommend that you upgrade your otrs2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.

It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this vulnerability to possibly trigger code execution or denial of service (OOB access and application crash) via a crafted HTTP header.

For Debian 8 'Jessie', this problem has been fixed in version 2014.01.13-1+deb8u3.

We recommend that you upgrade your liblivemedia packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially crafted bitmap (BMP) file.

For Debian 8 'Jessie', this issue has been fixed in libjpeg-turbo version 1:1.3.1-12+deb8u2.

We recommend that you upgrade your libjpeg-turbo packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two vulnerabilities were discovered in SQLALchemy, a Python SQL Toolkit and Object Relational Mapper.

CVE-2019-7164

SQLAlchemy allows SQL Injection via the order_by parameter.

CVE-2019-7548

SQLAlchemy has SQL Injection when the group_by parameter can be controlled.

The SQLAlchemy project warns that these security fixes break the seldom-used text coercion feature.

For Debian 8 'Jessie', these problems have been fixed in version 0.9.8+dfsg-0.1+deb8u1.

We recommend that you upgrade your sqlalchemy packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path.

For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1.

We recommend that you upgrade your rdflib packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The ikiwiki maintainers discovered that the aggregate plugin did not use LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized wiki editors could tell ikiwiki to fetch potentially undesired URIs even if LWPx::ParanoidAgent was installed :

local files via file: URIs other URI schemes that might be misused by attackers, such as gopher: hosts that resolve to loopback IP addresses (127.x.x.x) hosts that resolve to RFC 1918 IP addresses (192.168.x.x etc.)

This could be used by an attacker to publish information that should not have been accessible, cause denial of service by requesting 'tarpit' URIs that are slow to respond, or cause undesired side-effects if local web servers implement 'unsafe' GET requests.
(CVE-2019-9187)

Additionally, if liblwpx-paranoidagent-perl is not installed, the blogspam, openid and pinger plugins would fall back to LWP, which is susceptible to similar attacks. This is unlikely to be a practical problem for the blogspam plugin because the URL it requests is under the control of the wiki administrator, but the openid plugin can request URLs controlled by unauthenticated remote users, and the pinger plugin can request URLs controlled by authorized wiki editors.

This is addressed in ikiwiki 3.20190228 as follows, with the same fixes backported to Debian 9 in version 3.20170111.1 :

  - URI schemes other than http: and https: are not     accepted, preventing access to file:, gopher:, etc.

  - If a proxy is configured in the ikiwiki setup file, it     is used for all outgoing http: and https: requests. In     this case the proxy is responsible for blocking any     requests that are undesired, including loopback or RFC     1918 addresses.

  - If a proxy is not configured, and     liblwpx-paranoidagent-perl is installed, it will be     used. This prevents loopback and RFC 1918 IP addresses,     and sets a timeout to avoid denial of service via     'tarpit' URIs.

  - Otherwise, the ordinary LWP user-agent will be used.
    This allows requests to loopback and RFC 1918 IP     addresses, and has less robust timeout behaviour. We are     not treating this as a vulnerability: if this behaviour     is not acceptable for your site, please make sure to     install LWPx::ParanoidAgent or disable the affected     plugins.

For Debian 8 'Jessie', this problem has been fixed in version 3.20141016.4+deb8u1.

We recommend that you upgrade your ikiwiki packages. In addition it is also recommended that you have liblwpx-paranoidagent-perl installed, which listed in the recommends field of ikiwiki.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2017-18249

A race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a denial of service or other security impact.

CVE-2018-1128, CVE-2018-1129

The cephx authentication protocol used by Ceph was susceptible to replay attacks, and calculated signatures incorrectly. These vulnerabilities in the server required changes to authentication that are incompatible with existing clients. The kernel's client code has now been updated to be compatible with the fixed server.

CVE-2018-3639 (SSB)

Multiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4.

This update adds a further mitigation for this issue in the eBPF (Extended Berkeley Packet Filter) implementation.

CVE-2018-5391 (FragmentSmack)

Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service.

This was previously mitigated by reducing the default limits on memory usage for incomplete fragmented packets. This update replaces that mitigation with a more complete fix.

CVE-2018-5848

The wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation.

CVE-2018-12896, CVE-2018-13053

Team OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact.

CVE-2018-13096, CVE-2018-13097, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616

Wen Xu from SSLab at Gatech reported that crafted F2FS volumes could trigger a crash (BUG, Oops, or division by zero) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation.

CVE-2018-13406

Dr Silvio Cesare of InfoSect reported a potential integer overflow in the uvesafb driver. A user with permission to access such a device might be able to use this for denial of service or privilege escalation.

CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613

Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation.

CVE-2018-15471 ((XSA-270)

Felix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in privilege escalation, denial of service, or information leaks.

https://xenbits.xen.org/xsa/advisory-270.html

CVE-2018-16862

Vasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume.

CVE-2018-17972

Jann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root)

CVE-2018-18281

Jann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user could possibly exploit this for denial of service (memory corruption) or for privilege escalation.

CVE-2018-18690

Kanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service.

CVE-2018-18710

It was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).

CVE-2018-19407

Wei Wu reported a potential crash (Oops) in the KVM implementation for x86 processors. A user with access to /dev/kvm could use this for denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs #890034, #896911, #907581, #915229, and #915231; and other fixes included in upstream stable updates.

We recommend that you upgrade your linux-4.9 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple buffer overflow security issues have been found in libsdl2, a library that allows low level access to a video frame buffer, audio output, mouse, and keyboard.

For Debian 8 'Jessie', these problems have been fixed in version 2.0.2+dfsg1-6+deb8u1.

We recommend that you upgrade your libsdl2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple buffer overflow security issues have been found in libsdl1.2, a library that allows low level access to a video frame buffer, audio output, mouse, and keyboard.

For Debian 8 'Jessie', these problems have been fixed in version 1.2.15-10+deb8u1.

We recommend that you upgrade your libsdl1.2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows :

A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of service (out of bounds read and application crash).

For Debian 8 'Jessie', this problem has been fixed in version 1.0.25-9.1+deb8u4.

We recommend that you upgrade your libsndfile packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in systemd-journald.

Function dispatch_message_real() in journald-server.c does not free allocated memory to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash.

Note that as the systemd-journald service is not restarted automatically a restart of the service or more safely a reboot is advised.

For Debian 8 'Jessie', this problem has been fixed in version 215-17+deb8u11.

We recommend that you upgrade your systemd packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.

For Debian 8 'Jessie', this problem has been fixed in version 1.5.3-2+deb8u4.

We recommend that you upgrade your xmltooling packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.

For Debian 8 'Jessie', this problem has been fixed in version 2.2.18-3~deb8u2.

We recommend that you upgrade your waagent packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.

Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution.

CVE-2016-10742

Zabbix allowed remote attackers to redirect to external links by misusing the request parameter.

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

This update also includes several other bug fixes and improvements.
For more information please refer to the upstream changelog file.

For Debian 8 'Jessie', these problems have been fixed in version 1:2.2.23+dfsg-0+deb8u1.

We recommend that you upgrade your zabbix packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution.

  - CVE-2017-17480     Write stack-based buffer overflow in the jp3d and jpwl     codecs can result in a denial of service or remote code     execution via a crafted jp3d or jpwl file.

  - CVE-2018-5785     Integer overflow can result in a denial of service via a     crafted bmp file.

  - CVE-2018-6616     Excessive iteration can result in a denial of service     via a crafted bmp file.

  - CVE-2018-14423     Division-by-zero vulnerabilities can result in a denial     of service via a crafted j2k file.

  - CVE-2018-18088     NULL pointer dereference can result in a denial of     service via a crafted bmp file.

Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.

This update also fixes a regression introduced in a previous update.
The browser would always crash when launched in remote debugging mode.

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF extension had multiple cases of invalid memory access and rename() was implemented insecurely.

Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Security, bundle readers, session handling, SecurityBundle, HttpFoundation, Form, and Security\Http.

The corresponding upstream advisories contain further details :

[CVE-2017-16652] https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on
-security-handlers

[CVE-2017-16654] https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-o ut-of-paths

[CVE-2018-11385] https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-gua rd-authentication

[CVE-2018-11408] https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on
-security-handlers

[CVE-2018-14773] https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and- risky-http-headers

[CVE-2018-19789] https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-f ull-path

[CVE-2018-19790] https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-wh en-using-security-http

For Debian 8 'Jessie', these problems have been fixed in version 2.3.21+dfsg-4+deb8u4.

We recommend that you upgrade your symfony packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security vulnerabilities were discovered in the poppler PDF rendering shared library.

CVE-2018-19058

A reachable abort in Object.h will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-20481

Poppler mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document.

CVE-2018-20662

Poppler allows attackers to cause a denial of service (application crash and segmentation fault by crafting a PDF file in which an xref data structure is corrupted.

CVE-2019-7310

A heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause denial of service (segmentation fault) or possibly have unspecified other impact.

For Debian 8 'Jessie', these problems have been fixed in version 0.26.5-2+deb8u8.

We recommend that you upgrade your poppler packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service.

Multiple vulnerabilities have been discovered in SoX (Sound eXchange), a sound processing program :

CVE-2017-11332

The startread function (wav.c) is affected by a divide-by-zero vulnerability when processing WAV file with zero channel count. This flaw might be leveraged by remote attackers using a crafted WAV file to perform denial of service (application crash).

CVE-2017-11358

The read_samples function (hcom.c) is affected by an invalid memory read vulnerability when processing HCOM files with invalid dictionnaries. This flaw might be leveraged by remote attackers using a crafted HCOM file to perform denial of service (application crash).

CVE-2017-11359

The wavwritehdr function (wav.c) is affected by a divide-by-zero vulnerability when processing WAV files with invalid channel count over 16 bits. This flaw might be leveraged by remote attackers using a crafted WAV file to perform denial of service (application crash).

CVE-2017-15371

The sox_append_comment() function (formats.c) is vulnerable to a reachable assertion when processing FLAC files with metadata declaring more comments than provided. This flaw might be leveraged by remote attackers using crafted FLAC data to perform denial of service (application crash).

For Debian 8 'Jessie', these problems have been fixed in version 14.4.1-5+deb8u3.

We recommend that you upgrade your sox packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.

CVE-2018-12404

Cache side-channel variant of the Bleichenbacher attack

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a denial of service

For Debian 8 'Jessie', these problems have been fixed in version 2:3.26-1+debu8u4.

We recommend that you upgrade your nss packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.

For Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u5.

We recommend that you upgrade your jackson-databind packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash.

Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities.

CVE-2018-1056

Joonun Jang discovered that the advzip tool was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial of service (application crash) or other unspecified impact via a crafted file.

CVE-2019-9210

The png_compress function in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in another heap based buffer overflow.

For Debian 8 'Jessie', these problems have been fixed in version 1.19-1+deb8u1.

We recommend that you upgrade your advancecomp packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.

In order for this to be exploitable 'non-stitched' ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). AEAD ciphersuites are not impacted.

For Debian 8 'Jessie', this problem has been fixed in version 1.0.1t-1+deb8u11.

We recommend that you upgrade your openssl packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.

This update disables access to IMAP mailboxes through running imapd over rsh, and therefore ssh for users of the client application. Code which uses the library can still enable it with tcp_parameters() after making sure that the IMAP server name is sanitized.

For Debian 8 'Jessie', this problem has been fixed in version 8:2007f~dfsg-4+deb8u1.

We recommend that you upgrade your uw-imap packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Ceph, a distributed storage and file system.

CVE-2018-14662

It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVE-2018-16846

It was found that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

For Debian 8 'Jessie', these problems have been fixed in version 0.80.7-2+deb8u3.

We recommend that you upgrade your ceph packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service.

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function.

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service.

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service.

For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2.

We recommend that you upgrade your ldb packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Potential buffer over-reads in readelf.c have been found in file, a popular file type guesser.

For Debian 8 'Jessie', these problems have been fixed in version 1:5.22+15-2+deb8u5.

We recommend that you upgrade your file packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two issues have been found in bind9, the Internet Domain Name Server.

CVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs.

CVE-2018-5745 Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm.

For Debian 8 'Jessie', these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u17.

We recommend that you upgrade your bind9 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in SoX (Sound eXchange), a sound processing program :

CVE-2017-15370

The ImaAdpcmReadBlock function (src/wav.c) is affected by a heap buffer overflow. This vulnerability might be leveraged by remote attackers using a crafted WAV file to cause denial of service (application crash).

CVE-2017-15372

The lsx_ms_adpcm_block_expand_i function (adpcm.c) is affected by a stack based buffer overflow. This vulnerability might be leveraged by remote attackers using a crafted audio file to cause denial of service (application crash).

CVE-2017-15642

The lsx_aiffstartread function (aiff.c) is affected by a use-after-free vulnerability. This flaw might be leveraged by remote attackers using a crafted AIFF file to cause denial of service (application crash).

CVE-2017-18189

The startread function (xa.c) is affected by a NULL pointer dereference vulnerability. This flaw might be leveraged by remote attackers using a crafted Maxis XA audio file to cause denial of service (application crash).

For Debian 8 'Jessie', these problems have been fixed in version 14.4.1-5+deb8u2.

We recommend that you upgrade your sox packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were found in QEMU, a fast processor emulator :

CVE-2018-12617

The qmp_guest_file_read function (qga/commands-posix.c) is affected by an integer overflow and subsequent memory allocation failure. This weakness might be leveraged by remote attackers to cause denial of service (application crash).

CVE-2018-16872

The usb_mtp_get_object, usb_mtp_get_partial_object and usb_mtp_object_readdir functions (hw/usb/dev-mtp.c) are affected by a symlink attack. Remote attackers might leverage this vulnerability to perform information disclosure.

CVE-2019-6778

The tcp_emu function (slirp/tcp_subr.c) is affected by a heap buffer overflow caused by insufficient validation of available space in the sc_rcv->sb_data buffer. Remote attackers might leverage this flaw to cause denial of service, or any other unspecified impact.

For Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u10.

We recommend that you upgrade your qemu packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes.

The issues are basically all buffer overflows in different functions all over the package.

For Debian 8 'Jessie', these problems have been fixed in version 0.5.0+svn5324~dfsg1-1+deb8u2.

We recommend that you upgrade your gpac packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access.
This is related to the mysql.allow_local_infile PHP configuration.
When the AllowArbitraryServer configuration setting is set to false (default), the attacker needs a local MySQL account. When set to true, the attacker can exploit this with the use of a rogue MySQL server.

For Debian 8 'Jessie', this problem has been fixed in version 4:4.2.12-2+deb8u5.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata manipulation tool.

CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to denial of service.

CVE-2018-19107 A heap based buffer over-read caused by an integer overflow could result in a denial of service via a crafted file.

CVE-2018-19108 There seems to be an infinite loop inside a function that can be activated by a crafted image.

CVE-2018-19535 A heap based buffer over-read caused could result in a denial of service via a crafted file.

CVE-2018-20097 A crafted image could result in a denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 0.24-4.1+deb8u3.

We recommend that you upgrade your exiv2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library :

CVE-2019-6256

liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET and POST requests being sent with identical x-sessioncookie within the same TCP session and might be leveraged by remote attackers to cause DoS.

CVE-2019-7314

liblivemedia servers with RTSP-over-HTTP tunneling enabled are affected by a use-after-free vulnerability. This vulnerability might be triggered by remote attackers to cause DoS (server crash) or possibly unspecified other impact.

For Debian 8 'Jessie', these problems have been fixed in version 2014.01.13-1+deb8u2.

We recommend that you upgrade your liblivemedia packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues in elfutils, a collection of utilities to handle ELF objects, have been found either by fuzzing or by using an AddressSanitizer.

CVE-2019-7665 Due to a heap-buffer-overflow problem in function elf32_xlatetom() a crafted ELF input can cause segmentation faults.

CVE-2019-7150 Add sanity check for partial core file dynamic data read.

CVE-2019-7149 Due to a heap-buffer-overflow problem in function read_srclines() a crafted ELF input can cause segmentation faults.

CVE-2018-18521 By using a crafted ELF file, containing a zero sh_entsize, a divide-by-zero vulnerability could allow remote attackers to cause a denial of service (application crash).

CVE-2018-18520 By fuzzing an Invalid Address Deference problem in function elf_end has been found.

CVE-2018-18310 By fuzzing an Invalid Address Read problem in eu-stack has been found.

CVE-2018-16062 By using an AddressSanitizer a heap-buffer-overflow has been found.

CVE-2017-7613 By using fuzzing it was found that an allocation failure was not handled properly.

CVE-2017-7612 By using a crafted ELF file, containing an invalid sh_entsize, a remote attackers could cause a denial of service (application crash).

CVE-2017-7611 By using a crafted ELF file a remote attackers could cause a denial of service (application crash).

CVE-2017-7610 By using a crafted ELF file a remote attackers could cause a denial of service (application crash).

CVE-2017-7608 By fuzzing a heap based buffer overflow has been detected.

For Debian 8 'Jessie', these problems have been fixed in version 0.159-4.2+deb8u1.

We recommend that you upgrade your elfutils packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A newer version of waagent is needed for several features of the Azure platform.

For Debian 8 'Jessie', this problem has been fixed in version 2.2.18-3~deb8u1.

We recommend that you upgrade your waagent packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package.

For Debian 8 'Jessie', this problem has been fixed in version 14.4.1-5+deb8u1.

We recommend that you upgrade your sox packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the user's system.

For Debian 8 'Jessie', this problem has been fixed in version 3.12-1+deb8u1.

We recommend that you upgrade your freedink-dfarc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system :

  - CVE-2018-10855/ CVE-2018-16876     The no_log task flag wasn't honored, resulting in an     information leak.

  - CVE-2018-10875     ansible.cfg was read from the current working directory.

  - CVE-2018-16837     The user module leaked parameters passed to ssh-keygen     to the process environment.

  - CVE-2019-3828     The fetch module was susceptible to path traversal.

ID	Name	Severity
122957	Debian DSA-4409-1 : neutron - security update	Medium
122956	Debian DLA-1721-1 : otrs2 security update	Medium
122933	Debian DSA-4408-1 : liblivemedia - security update	High
122932	Debian DLA-1720-1 : liblivemedia security update	High
122931	Debian DLA-1719-1 : libjpeg-turbo security update	Medium
122930	Debian DLA-1718-1 : sqlalchemy security update	High
122929	Debian DLA-1717-1 : rdflib security update	High
122928	Debian DLA-1716-1 : ikiwiki security update	High
122879	Debian DLA-1715-1 : linux-4.9 security update (Spectre)	High
122829	Debian DLA-1714-1 : libsdl2 security update	Medium
122828	Debian DLA-1713-1 : libsdl1.2 security update	Medium
122827	Debian DLA-1712-1 : libsndfile security update	High
122826	Debian DLA-1711-1 : systemd security update	Low
122825	Debian DLA-1710-1 : xmltooling security update	High
122824	Debian DLA-1709-1 : waagent security update	High
122794	Debian DSA-4407-1 : xmltooling - security update	High
122793	Debian DSA-4406-1 : waagent - security update	High
122762	Debian DLA-1708-1 : zabbix security update	Medium
122724	Debian DSA-4405-1 : openjpeg2 - security update	High
122723	Debian DSA-4404-1 : chromium - security update	High
122722	Debian DSA-4403-1 : php7.0 - security update	High
122721	Debian DLA-1707-1 : symfony security update	Medium
122720	Debian DLA-1706-1 : poppler security update	Medium
122621	Debian DSA-4402-1 : mumble - security update	Medium
122620	Debian DLA-1705-1 : sox security update	Medium
122604	Debian DLA-1704-1 : nss security update	High
122603	Debian DLA-1703-1 : jackson-databind security update	High
122551	Debian DSA-4401-1 : wordpress - security update	High
122550	Debian DLA-1702-1 : advancecomp security update	Medium
122549	Debian DLA-1701-1 : openssl security update	Medium
122548	Debian DLA-1700-1 : uw-imap security update	High
122547	Debian DLA-1696-1 : ceph security update	Medium
122519	Debian DSA-4400-1 : openssl1.0 - security update	Medium
122518	Debian DSA-4399-1 : ikiwiki - security update	High
122517	Debian DSA-4398-1 : php7.0 - security update	High
122516	Debian DSA-4397-1 : ldb - security update	Medium
122515	Debian DLA-1699-1 : ldb security update	Medium
122514	Debian DLA-1698-1 : file security update	Medium
122513	Debian DLA-1697-1 : bind9 security updat	High
122512	Debian DLA-1695-1 : sox security update	Medium
122511	Debian DLA-1694-1 : qemu security update	Medium
122491	Debian DLA-1693-1 : gpac security update	Medium
122490	Debian DLA-1692-1 : phpmyadmin security update	Medium
122454	Debian DLA-1691-1 : exiv2 security update	Medium
122453	Debian DLA-1690-1 : liblivemedia security update	High
122431	Debian DLA-1689-1 : elfutils security update	Medium
122430	Debian DLA-1688-1 : waagent update	High
122405	Debian DLA-1687-1 : sox security update	High
122404	Debian DLA-1686-1 : freedink-dfarc security update	Medium
122321	Debian DSA-4396-1 : ansible - security update	High

Debian Local Security Checks Family for Nessus