[SECURITY] [DLA 2858-1] libzip security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2858-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz December 28, 2021 https://wiki.debian.org/LTS - - Package: libzip Version: 1.1.2-1.1+deb9u1 CVE ID : CVE-2017-14107 An issue has been found in libzip, a library for reading, creating, and modifying zip archives. Crafted ZIP archives could allow remote attackers to cause denial of service due to memorey allocation failure by mishandling EOCD records. For Debian 9 stretch, this problem has been fixed in version 1.1.2-1.1+deb9u1. We recommend that you upgrade your libzip packages. For the detailed security status of libzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libzip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHKUEhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcklRAAmpWTaz7aW9nd58yJ7SVpZMpFaaCcHcs9KgCpKCwDmoZF8ih1DLPVHN5p i4dBWZ3Hu4YGiNOSliAANJbXkCkab13CJ1aHb5HuQwOh5tG360YV+/NHiKyHQoBH xTmwJWeoGxZP6FdrRD4LTwxvCMB7eVukOrBxBHE+wvcEbv/Z1DwhvvQm8ft/TVuY jJjauajQPh5RvzrXcZAK27rxCaJErt8CCghlISZ3unXORL0b8Lv0ug+TdjZsf6JL W2JMmBPlJfYNJ5j6sQktd4qs1dOHiDoZFfAtrdgsHuHoQPmTUZgxs5CbO3a6/VgY Q1kfMz+aQrkwxeZ7h7PCLdFzxIue3yCOOSzfpaZhCNZsejC1FW5Ksz9DMALxHtiB d5w7tR1AMGrQpW1Re5e3AUQUh9UymZNUBBJlt1W4uXBfFZ+x7uybOEB1oC7/r2tZ cirFIRTD7BQ4HEHB0CxDoUViuSFDbF0JAmCoMLFUn/iVCALnWtVrn9JRuIy9dSMn AMgmF+PZH9wC5IY4darjDzBHhYpm8ufRsUGwjEzU2Tg3EotZn9p9QzmLENNnkAp/ TcXj7f2Y+a0y74ZjCIcBdPojwYXQxlsbN4kSirDfpwfYG0KEkWY/3Ae0L1eJtiiz XXW1T+DzIxYInhJCxHrOB4jZ6CYXRcUu+XJ2A7/CZ9yW9feYLgQ= =fh3l -END PGP SIGNATURE-
[SECURITY] [DLA 2859-1] zziplib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2859-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz December 28, 2021 https://wiki.debian.org/LTS - - Package: zziplib Version: 0.13.62-3.2~deb9u2 CVE ID : CVE-2020-18442 An issue has been found in zziplib, a library providing read access on ZIP-archive. Because of mishandling a return value, an attacker might cause a denial of service due to an infinite loop. For Debian 9 stretch, this problem has been fixed in version 0.13.62-3.2~deb9u2. We recommend that you upgrade your zziplib packages. For the detailed security status of zziplib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zziplib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHKUUBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEe1PxAArwOdcfFQxbr/586cZqUEpmevI9yqf9W4DVNgwjyXybyLDRJmFJP31Dbm 77FwZ+7qtbJDcfxRzVYdoT81asXlwHOyrGiKlLkU7ahkAGsI+qmyo3nwqtForOyd z3DZZEJ5EObpr9P395ei15fwxmCgHB83Nb6LuBkDprK1uGLjq0azMX3A2sn+68u/ 6avr/xM2fV8ytUGX5hYV4nhMi8JC9v++0wiTpPNpCvDlJUae3HjgG6oqKA31/GYd rSaFifYsMtljiIgQt0qo4yPkCJHac5wnn+bQu46OHuwEHww0IpNzvRoIHul3wszu /sS6cpnTQbmTsO9l7sF16/3KmkPxMQryohgCKh5b0ANwOv3BxKb3OEavU0Tqnxo3 D32jimwtptvrFsi+2HMVO3B6bAlcnjKpEj7J2/CyzKzk552Vjbfb8AhRKypiLXKf Wa9xoGVR+cm7B2aHtqSQ9vhLd1K7oPHXVxrhzz87vvFg4IsMHlLRSwkbzIZ/SnZB LDHL/Gpi0L4IE8DyTtnOArk6+ZLzU/4ggLGKIMwAl51laMl6XD/rRRduPLNUMu3z Pc8tjfRc97eqk9Lagky5NHK3gvCz3UR8WCqV6a+FbckwbAes1nEuF4eVr5BTl7qi BwAvPHPkZG+awCzT8tj9EBrc6TP80o6KswcxSl4VWBCWP3yhAfw= =56tm -END PGP SIGNATURE-
[SECURITY] [DLA 2857-1] postgis security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2857-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021 https://wiki.debian.org/LTS - - Package: postgis Version: 2.3.1+dfsg-2+deb9u1 CVE ID : CVE-2017-18359 In PostGIS, which adds support for geographic objects to the PostgreSQL database, denial of service via crafted ST_AsX3D function input was fixed. For Debian 9 stretch, this problem has been fixed in version 2.3.1+dfsg-2+deb9u1. We recommend that you upgrade your postgis packages. For the detailed security status of postgis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKOLIACgkQiNJCh6LY mLGyFQ/9Hn/I6qKpYOawYcBOTyypvRvXfQbqBvfTqReteexTNcQIsfWYUiIVK2nD Dl7N4v2pbARUb83C/q7uR0AcRj43QMTEUPJBhPTianvcTqFt5QYNhLRqNm9n2LVw VYDU5z9r8pDV+8T7jI7NrSBBfnXBcWWl2ApTUCCWWeyqfh1Zh46JiZSFiFUtlvhr gjC8WmEriBt8pD/nCGvt/XjE6k5KO6aKxY/Wnr+kisy9ACWep8HJXGFDorN/br/R LIMn/yTbpInDLOb2uvYJrsZ/fuLbegxq4h93ZhzW7j+w4Ktx9Ct7LqH+DTPscwG4 USFsWHW1xyrwn1TXsnJTH5FjrR63ow0d9mclzT7aop4h4qzj7rklOTtUS5t3b4kC aI2DrPM1vsabeNER2M2AlGvivy9i+60XbANZTswYAYppyxGjfHqfW3UABupTOW2Q zsaf619/UG1hu1XTP6lZSxQuhr+l4RrrwKeZdj0PDEWn5q9+QhGpttoScZ4vE2sa NtsQfkDHAIe2ePJMPQaNeMQDnehLEdboMVH0i8D5kpv9gHB2CGvDzSgeOAhxlVoX KEB9dTaFqhtpI6BzHY1PDnxBerhjMpFgkkI3RcOYbXdlf+ghxxyjOYzg4RJM5f0T Dql9VYQ/bdN6hY81YV9HMUzrOSOAK7BrJDzdZfRp6ZeR6yIn3as= =8wL9 -END PGP SIGNATURE-
[SECURITY] [DLA 2856-1] okular security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2856-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 27, 2021 https://wiki.debian.org/LTS - - Package: okular Version: 4:16.08.2-1+deb9u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Code execution via an action link in a PDF document was fixed in the KDE document viewer Okular. For Debian 9 stretch, this problem has been fixed in version 4:16.08.2-1+deb9u2. We recommend that you upgrade your okular packages. For the detailed security status of okular please refer to its security tracker page at: https://security-tracker.debian.org/tracker/okular Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKI1UACgkQiNJCh6LY mLGu8A//U5qqPeqPtdtTFGNpiPuuMtXVhZOTuzTWZGPM8MVQewoT59Wl2twilCTq xdHV0EOP6V6ADAkIVjeqCU2SgHSvT6RujHpIfQ+PPalSPuw8URQ3phiO4UYb85nM gr8RcfYVNYnTZY0fRtrsviuFxReD9Lu2K5D0y8wF5vEmDLZiCNVosmj+J+SS8iWL Y0qHaG3/dQCtARjGT9i8JqXbNaV4SLs2w4yRzGTofL2ycxVHsbKviemwqUymhdMs FQOg1yoEU0wXHszRVTOLxIlxQ4Un8FDDk+va/Mzl36fWP256R+aBlCMavS3XD+1z 0MaAPgsC3kBWhz+g+42iqAAgxSe7E8C+eLwrce+6cOWNE1UkTB01GckaHQJjs6oO xlhkB/qOkTo+TJ6VxIcSwgKlKSrSVUNPxXMLqcRYYOAFz2socktBq1n3c3SDOEFQ lw0ttv/f+mVoZKKEcEsAftS16rgGAtm9/cqOucqHv2fIDDc94oasCyotBUM6VDF9 TqC9vw0+2WHrJbUjRcAOr2sIQ+8ve3QZ8YxSu71AygbEPyuKOdZmGhnxYBvwjJpU peAMs5Lafh4Z3EI1SLTDaHonIt1I+Ev7Syjqykd8tdXNdN57+AJTaWOK8S7TAbuy 4psGJbmh8SQV7OT2EJlaQioyyGZ4xc4vYqLc/LzuKdyr5Ys2V6g= =0jin -END PGP SIGNATURE-
[SECURITY] [DLA 2855-1] monit security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2855-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 27, 2021 https://wiki.debian.org/LTS - - Package: monit Version: 1:5.20.0-6+deb9u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Debian Bug : 927775 Two vulnerabilities were fixed in monit, a utility for monitoring and managing Unix systems. CVE-2019-11454 Persistent cross-site scripting in http/cervlet.c CVE-2019-11455 Buffer over-read in Util_urlDecode in util.c For Debian 9 stretch, these problems have been fixed in version 1:5.20.0-6+deb9u2. We recommend that you upgrade your monit packages. For the detailed security status of monit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/monit Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHKEYQACgkQiNJCh6LY mLHZRA/8CeDnL7MklFtIaYe/gle1v3d+uepa8qflBP+ev7/uKu6I6yo6k6oYBfiZ rICvlwJvxBhQl0svaCEzdKzB3tOq/9TYfY8pbGFsmkUjJ7uNVtEAUPjV/EQjQRyf 050PjNNTTzLaGih1/JOE/EpZIUYr3dcGoDgPtOzZvG8FUPz5PkpxOX24yqg1LP5l cJHCJLiI5MPgpyqNKRrJrtEbcY7Dwgp44UGhRblWAVD27IEitMIRlVfQIcjr09zG zf5eGaXf5Pyjn6NE04RaHkyZhoW37w4o09AND4pU2phcnaTuCkm1c9KntYbRGgEd HYOGml1uaJxJ/qxiqrdpCEUQcdfGPcwuySSHDsiOTpJ+NKUQcpCuzY8YYUvBpciG x1JAdYoi0Slxo3lNxUdIf8Htnfn+lF0OryyNOZi6i8ijX4XKzJ+cEtMsCxQ0qXcJ sIMrzN4GH0k8tWI6s/pxqgTQfzPC8FRYG/nidhUOkJl8L7T1urPfvJVir4KVeuBA 9G5d9rtHPXS2d6sEmL6MtRX06Cz7R915ujR0VlUAaHPVvOdYGBcMKH/CXZwtSk1n aEzs2ClHmvDTLP8yrJxIxMT4fbhVLKnv/4ehBWBAE84qIhTuZwNordhn2aa4tajZ DTd6sH6B15n3FHZnZxr109BVGco5+dHcVTtx8xRGOagUvVOtUMY= =x7Im -END PGP SIGNATURE-