Debian Long Term Support / LTS Security Information / 2020 / Security Information -- DLA-2103-1 debian-security-support

Debian Security Advisory

DLA-2103-1 debian-security-support -- LTS security update

Date Reported:

13 Feb 2020

Affected Packages:

debian-security-support

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

debian-security-support, the Debian security support coverage checker, has been updated in jessie-security.

This marks the end of life of the libqb package in jessie. A recently reported vulnerability against libqb which allows users to overwrite arbitrary files via a symlink attack cannot be adequately addressed in libqb in jessie. Upstream no longer supports this version and no packages in jessie depend upon libqb.

We recommend that if your systems or applications depend upon the libqb package provided from the Debian archive that you upgrade your systems to a more recent Debian release or find an alternate and up to date source of libqb packages.

Additionally, MySQL 5.5 is no longer supported. Upstream has ended its support and we are unable to backport fixes from newer versions due to the lack of patch details. Options are to switch to MariaDB 10.0 in jessie or to a newer version of MySQL in more recent Debian releases.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTShttps://wiki.debian.org/LTS

For Debian 8 Lenny, these issues have been fixed in debian-security-support version 2019.12.12~deb8u2