[SECURITY] [DLA 2322-1] roundcube security update
- Debian LTS Advisory DLA-2322-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 11, 2020 https://wiki.debian.org/LTS - Package: roundcube Version: 1.2.3+dfsg.1-4+deb9u7 CVE ID : CVE-2020-16145 Debian Bug : 968216 A vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. HTML messages with malicious svg or math content can exploit a Cross-site scripting (XSS) vulnerability. For Debian 9 stretch, this problem has been fixed in version 1.2.3+dfsg.1-4+deb9u7. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 2321-1] firmware-nonfree new upstream version
- Debian LTS Advisory DLA-2321-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 11, 2020 https://wiki.debian.org/LTS - Package: firmware-nonfree Version: 20190114-2~deb9u1 The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later, this will provide a supported upgrade path for systems that currently use kernel and firmware packages from the "stretch-backports" suite. This update is not known to fix any security issues. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams signature.asc Description: This is a digitally signed message part
[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2320-1debian-...@lists.debian.org https://www.debian.org/lts/security/ August 10, 2020 https://wiki.debian.org/LTS - - Package: golang-github-seccomp-libseccomp-golang Version: 0.0~git20150813.0.1b506fc-2+deb9u1 CVE ID : CVE-2017-18367 Debian Bug : 927981 A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Additionally, runc has been rebuilt with the fixed package. For Debian 9 stretch, this problem has been fixed in version 0.0~git20150813.0.1b506fc-2+deb9u1. We recommend that you upgrade your golang-github-seccomp-libseccomp-golang and runc packages, and recompile own Go code using golang-github-seccomp-libseccomp-golang. For the detailed security status of golang-github-seccomp-libseccomp-golang please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-github-seccomp-libseccomp-golang Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8yWLUACgkQiNJCh6LY mLEmXxAAnBoGPtHAX1fM2zHnYh5GByVCrXktxBCXus7OFhR1aSbMgsCIlv1/NXrg w1StkihnAsbuM65T6R4C2Foi5UoBwtSbK8YGSUj9mHPRvdF/Tq1f2JPVp4NV+hKF aZt3QN3sIU2orNkhtwv9nZ995sMcVRscG2GQccak4xA5ERCA5L4ftBqiNeO6F10Q foLUSJoMBJgJFlGgvUeY+3DDVYFAgPg9Hklrd0E+2PkYGQndQGIAXYK7GS7zMz+6 Rl7RppaQSwwY3L8kzGDsmuYcthFi7dYKEFX/jWx4sfoVv43TglbmHPr0vMLmxBLa RAzOZeU+wUAHWbG+v5/hfIDPkVvEXuM016S1YHAVo06OZ/vPicOkWuxJovG3k7vP HAB1S5QcU9189s2YHX27bRlwuRORPmdHQODq/H7UeQEvMBD3M/TqcYDl/xeRREvM hMtSitTSt6XLi4puZ9gKzC0/d8sj4HD72w1aZsjeKul2Yvu7MlLdSRcsrD/7Yb3l sbxH0uC4PQVLvx99VY17fp2jSGEQL5ClF5fYTaLAbKpAWVNExH5AQlqYAJS2rvI1 ZKeqz8UAJ/URAthUEVfrBiWb7qCPoWDEV8kvDurf+mSIHol8ute8BTP/fKe/Uxdx q/4Fn0Fu1symZjsuXUTwTiFFG0rd9tH/mAOCa4Lwen5USzs/mTM= =5aB7 -END PGP SIGNATURE-