[SECURITY] [DSA 4139-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4139-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 15, 2018https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. For the oldstable distribution (jessie), these problems have been fixed in version 52.7.1esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.7.1esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqq5tcACgkQEMKTtsN8 TjZTvA//T+rqBCfHhIUEk8X0MkALkFtOKDTgSVYERg+ZUolCU0SgfBwIFNo6KbnQ a6FTAr2yHJeke7rNp1+NbHieJ1FcG7twkYlAI0/Ln4HRymIbgs8VYEVrI+hXCfbJ 8n69u5+iG2qwrNEgnlVLxSR5MoxoWLCa7LvZS2v6g37zFW4jbmf6iplh2lZMRpF0 RUYIVautPGPh+nT2yQCcZ//o0fvzywiqMenqcIqeVqS3abxcN6eOpmfo2uzASFoO 5L8/HotWTFGwGottm5Lg8aR+E6o2lfJSRIxzqqQW2cYB4sI9hczgeb5nyWg3z9ET tU9qEjzJo1zLeCaVPTulpRHH4HTMKDmE2CrH6OKTE1rLTiYeh7O8pS/GD/ZhZRhd W9INHgtp4G2IhwlAq8CBorGp+Qal8/0FZY6oVd7+Y0R8jQl0Dty1ArzC5lhEkkxS Ug72Y7QOy0okcdKbKKb4BvohV7kNuuGWhp/8mEMf4h3nVbGSMLJTKystDzjJL/Zi NEQFqHcW9aZZJ5xaVvpHNvhGwkvPGW6ckHi8RXKAHxRZRrIjhM2BtTiDOW0XmEo+ Jlcnd0kZmLkfXeN/JHTr62NdqJ2j0Gd3d0x8id+tDl2MbmnQk6hWp0ZW2dK1rnbG bzGm7wCHIGICtWq6Dx41N8BvlXkSPwq1DONt7Nxmmg3okpSB74c= =cCJ5 -END PGP SIGNATURE-
[SECURITY] [DSA 4138-1] mbedtls security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4138-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond March 15, 2018https://www.debian.org/security/faq - - Package: mbedtls CVE ID : CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 Debian Bug : 890287 890288 Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 2.4.2-1+deb9u2. We recommend that you upgrade your mbedtls packages. For the detailed security status of mbedtls please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mbedtls Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlqqS+sACgkQEL6Jg/PV nWTGzAf/Qxdeu9zdq0KMbcx7yKbr1zpchng/Y7doZFZviKjK2eZb1KvXCR3LqHzx L4+fZE/aK1cfQXdG424xYZkKGrpcz7WFyZV7euDv0vFpk4QmdDQHHVS+jPqvbRT2 x0ekhE98uKzJirOTdES2P2yrF+eNYtRowxbqw0q2uqchGmwYnRKYaApSbSaaaybN 4Ltoj3bTIv0dyEDN95JTzRY405iwVaeQiP5+RjlTnAo2wVQmw1GVV1Dm+fIOMo+i hc41fuKdHrGTod4Gh1opg3cF7AKGoL2cRBrbBVMZp6mk+cdjwXoWrmDzxol7sHXO Rp4o8Ci2n36DYFtugUaBnDVumcLk0w== =tk/E -END PGP SIGNATURE-