Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1324 replies to this topic

#1251 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 11 April 2017 - 11:29 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3828-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 11, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot

The Dovecot update issued as DSA-3828-1 introduced a regression, this
update reverts the backported patch. Further analysis by the Dovecot
team has shown that only versions starting from 2.2.26 are affected. For
reference, the original advisory text follows.

It was discovered that the Dovecot email server is vulnerable to a
denial of service attack. When the "dict" passdb and userdb are used
for user authentication, the username sent by the IMAP/POP3 client is
sent through var_expand() to perform %variable expansion. Sending
specially crafted %variable fields could result in excessive memory
usage causing the process to crash (and restart).

For the stable distribution (jessie), this problem has been fixed in
version 1:2.2.13-12~deb8u3.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1252 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 15 April 2017 - 07:27 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3829-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 11, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bouncycastle
CVE ID         : CVE-2015-6644

Quan Nguyen discovered that a missing boundary check in the
Galois/Counter mode implementation of Bouncy Castle (a Java
implementation of cryptographic algorithms) may result in information
disclosure.

For the stable distribution (jessie), this problem has been fixed in
version 1.49+dfsg-3+deb8u2.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1.54-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.54-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1253 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 19 April 2017 - 07:01 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3830-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
April 19, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2017-7867 CVE-2017-7868
Debian Bug     : 860314

It was discovered that icu, the International Components for Unicode
library, did not correctly validate its input. An attacker could use
this problem to trigger an out-of-bound write through a heap-based
buffer overflow, thus causing a denial of service via application
crash, or potential execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u5.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 57.1-6.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3831-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 20, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434
                 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439
                 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443
                 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447
                 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461
                 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, use-after-frees, buffer
overflows and other implementation errors may lead to the execution of
arbitrary code, information disclosure or denial of service.

For the stable distribution (jessie), these problems have been fixed in
version 45.9.0esr-1~deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 45.9.0esr-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1254 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 20 April 2017 - 10:47 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3832-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 20, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
CVE ID         : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378
                 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
                 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
                 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
                 CVE-2017-5410

Multiple security issues have been found in Thunderbird, which may may
lead to the execution of arbitrary code or information leaks.

With this update, the Icedove packages are de-branded back to the official
Mozilla branding. With the removing of the Debian branding the packages
are also renamed back to the official names used by Mozilla.

The Thunderbird package is using a different default profile folder,
the default profile folder is now '$(HOME)/.thunderbird'.
The users profile folder, that was used in Icedove, will get migrated
to the new profile folder on the first start, that can take a little bit
more time.

Please read README.Debian for getting more information about the
changes.

For the stable distribution (jessie), these problems have been fixed in
version 1:45.8.0-3~deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1255 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 24 April 2017 - 07:59 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3833-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 24, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libav
CVE ID         : CVE-2016-9821 CVE-2016-9822

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.or...refs/tags/v11.9
      
For the stable distribution (jessie), these problems have been fixed in
version 6:11.9-1~deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1256 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 25 April 2017 - 07:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3834-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 25, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-5.5
CVE ID         : CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309
                 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461
                 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600
Debian Bug     : 854713 860544

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.55, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
Patch Update advisory for further details:

https://dev.mysql.co...ews-5-5-55.html
http://www.oracle.co...17-3236618.html

For the stable distribution (jessie), these problems have been fixed in
version 5.5.55-0+deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1257 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 26 April 2017 - 08:57 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3835-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 26, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2016-9013 CVE-2016-9014 CVE-2017-7233 CVE-2017-7234
Debian Bug     : 842856 859515 859516

Several vulnerabilities were discovered in Django, a high-level Python
web development framework. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2016-9013

    Marti Raudsepp reported that a user with a hardcoded password is
    created when running tests with an Oracle database.

CVE-2016-9014

    Aymeric Augustin discovered that Django does not properly validate
    the Host header against settings.ALLOWED_HOSTS when the debug
    setting is enabled. A remote attacker can take advantage of this
    flaw to perform DNS rebinding attacks.

CVE-2017-7233

    It was discovered that is_safe_url() does not properly handle
    certain numeric URLs as safe. A remote attacker can take advantage
    of this flaw to perform XSS attacks or to use a Django server as an
    open redirect.

CVE-2017-7234

    Phithon from Chaitin Tech discovered an open redirect vulnerability
    in the django.views.static.serve() view. Note that this view is not
    intended for production use.

For the stable distribution (jessie), these problems have been fixed in
version 1.7.11-1+deb8u2.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1258 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 27 April 2017 - 09:53 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3836-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 27, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : weechat
CVE ID         : CVE-2017-8073
Debian Bug     : 861121

It was discovered that weechat, a fast and light chat client, is prone
to a buffer overflow vulnerability in the IRC plugin, allowing a remote
attacker to cause a denial-of-service by sending a specially crafted
filename via DCC.

For the stable distribution (jessie), this problem has been fixed in
version 1.0.1-1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.7-3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3837-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 27, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2017-7870

It was discovered that a buffer overflow in processing Windows Metafiles
may result in denial of service or the execution of arbitrary code if
a malformed document is opened.

For the stable distribution (jessie), this problem has been fixed in
version 1:4.3.3-2+deb8u7.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1:5.2.5-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:5.2.5-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1259 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 30 April 2017 - 07:37 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3838-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207
                 CVE-2017-8291
Debian Bug     : 858350 859666 859694 859696 861295

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may lead to the execution of arbitrary
code or denial of service if a specially crafted Postscript file is
processed.

For the stable distribution (jessie), these problems have been fixed in
version 9.06~dfsg-2+deb8u5.

For the unstable distribution (sid), these problems have been fixed in
version 9.20~dfsg-3.1 or earlier versions.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3839-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freetype
CVE ID         : CVE-2016-10244 CVE-2017-8105 CVE-2017-8287
Debian Bug     : 856971 861220 861308

Several vulnerabilities were discovered in Freetype. Opening malformed
fonts may result in denial of service or the execution of arbitrary
code.

For the stable distribution (jessie), these problems have been fixed in
version 2.5.2-3+deb8u2.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1260 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 02 May 2017 - 10:14 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3840-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 02, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-connector-java
CVE ID         : CVE-2017-3523

Thijs Alkemade discovered that unexpected automatic deserialisation of
Java objects in the MySQL Connector/J JDBC driver may result in the
execution of arbitary code. For additional details, please refer to the
advisory at
https://www.computes...Connector-J.txt

For the stable distribution (jessie), this problem has been fixed in
version 5.1.41-1~deb8u1.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 5.1.41-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.1.41-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3841-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 02, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxstream-java
CVE ID         : CVE-2017-7957

It was discovered that XStream, a Java library to serialise objects to
XML and back again, was suspectible to denial of service during
unmarshalling.

For the stable distribution (jessie), this problem has been fixed in
version 1.4.7-2+deb8u2.

For the upcoming stable distribution (stretch), this problem will be
fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.9-2.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1261 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 03 May 2017 - 09:18 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3842-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 03, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat7
CVE ID         : CVE-2017-5647 CVE-2017-5648

Two vulnerabilities were discovered in tomcat7, a servlet and JSP
engine.

CVE-2017-5647

  Pipelined requests were processed incorrectly, which could result in
  some responses appearing to be sent for the wrong request.

CVE-2017-5648

  Some application listeners calls were issued against the wrong
  objects, allowing untrusted applications running under a
  SecurityManager to bypass that protection mechanism and access or
  modify information associated with other web applications.

For the stable distribution (jessie), these problems have been fixed in
version 7.0.56-3+deb8u10.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 7.0.72-3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3843-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 03, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat8
CVE ID         : CVE-2017-5647 CVE-2017-5648
Debian Bug     : 860068 860069

Two vulnerabilities were discovered in tomcat8, a servlet and JSP
engine.

CVE-2017-5647

  Pipelined requests were processed incorrectly, which could result in
  some responses appearing to be sent for the wrong request.

CVE-2017-5648

  Some application listeners calls were issued against the wrong
  objects, allowing untrusted applications running under a
  SecurityManager to bypass that protection mechanism and access or
  modify information associated with other web applications.

For the stable distribution (jessie), these problems have been fixed in
version 8.0.14-1+deb8u9.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 8.5.11-2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3844-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 03, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tiff
CVE ID         : CVE-2016-3658  CVE-2016-9535  CVE-2016-10266
                 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270
CVE-2017-5225  CVE-2017-7592  CVE-2017-7593
CVE-2017-7594  CVE-2017-7595  CVE-2017-7596
CVE-2017-7597  CVE-2017-7598  CVE-2017-7599
CVE-2017-7600  CVE-2017-7601  CVE-2017-7602

Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service, memory
disclosure or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 4.0.3-12.3+deb8u3.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 4.0.7-6.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.7-6.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1262 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 08 May 2017 - 07:25 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3845-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 08, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libtirpc
CVE ID         : CVE-2017-8779

Guido Vranken discovered that incorrect memory management in libtirpc,
a transport-independent RPC library used by rpcbind and other programs
may result in denial of service via memory exhaustion (depending on
memory management settings).

For the stable distribution (jessie), this problem has been fixed in
version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1263 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 09 May 2017 - 07:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3846-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 09, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libytnef
CVE ID         : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301
                 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305
                 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802
Debian Bug     :

Several issues were discovered in libytnef, a library used to decode
application/ms-tnef e-mail attachments. Multiple heap overflows,
out-of-bound writes and reads, NULL pointer dereferences and infinite
loops could be exploited by tricking a user into opening a maliciously
crafted winmail.dat file.

For the stable distribution (jessie), these problems have been fixed in
version 1.5-6+deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 1.9.2-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3847-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 09, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024
                 CVE-2017-7228

Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks.

In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215.

For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u9.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 4.8.1-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 4.8.1-1+deb9u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1264 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 10 May 2017 - 07:56 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3848-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 10, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : git
CVE ID         : CVE-2017-8386

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted
login shell for Git-only SSH access, allows a user to run an interactive
pager by causing it to spawn "git upload-pack --help".

For the stable distribution (jessie), this problem has been fixed in
version 1:2.1.4-2.1+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.11.0-3.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1265 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 12 May 2017 - 08:08 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3849-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 12, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kde4libs
CVE ID         : CVE-2017-6410 CVE-2017-8422
Debian Bug     : 856890

Several vulnerabilities were discovered in kde4libs, the core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2017-6410

    Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
    reported that URLs are not sanitized before passing them to
    FindProxyForURL, potentially allowing a remote attacker to obtain
    sensitive information via a crafted PAC file.

CVE-2017-8422

    Sebastian Krahmer from SUSE discovered that the KAuth framework
    contains a logic flaw in which the service invoking dbus is not
    properly checked. This flaw allows spoofing the identity of the
    caller and gaining root privileges from an unprivileged account.

For the stable distribution (jessie), these problems have been fixed in
version 4:4.14.2-5+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 4:4.14.26-2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3850-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 12, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rtmpdump
CVE ID         : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small
dumper/library for RTMP media streams, which may result in denial of
service or the execution of arbitrary code if a malformed stream is
dumped.

For the stable distribution (jessie), these problems have been fixed in
version 2.4+20150115.gita107cef-1+deb8u1.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 2.4+20151223.gitfa8646d.1-1.

For the unstable distribution (sid), these problems have been fixed in
version 2.4+20151223.gitfa8646d.1-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3851-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 12, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-9.4
CVE ID         : CVE-2017-7484 CVE-2017-7485 CVE-2017-7486

Several vulnerabilities have been found in the PostgreSQL database
system:

CVE-2017-7484

    Robert Haas discovered that some selectivity estimators did not
    validate user privileges which could result in information
    disclosure.

CVE-2017-7485

    Daniel Gustafsson discovered that the PGREQUIRESSL environment
    variable did no longer enforce a TLS connection.

CVE-2017-7486

    Andrew Wheelwright discovered that user mappings were insufficiently
    restricted.

For the stable distribution (jessie), these problems have been fixed in
version 9.4.12-0+deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1266 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 13 May 2017 - 07:49 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3852-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 13, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squirrelmail
CVE ID         : CVE-2017-7692

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a
webmail application, incorrectly handled a user-supplied value. This
would allow a logged-in user to run arbitrary commands on the server.

For the stable distribution (jessie), this problem has been fixed in
version 2:1.4.23~svn20120406-2+deb8u1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1267 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 14 May 2017 - 07:18 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3854-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 14, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bind9
CVE ID         : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138
Debian Bug     : 860224 860225 860226

Several vulnerabilities were discovered in BIND, a DNS server
implementation. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2017-3136

    Oleg Gorokhov of Yandex discovered that BIND does not properly
    handle certain queries when using DNS64 with the "break-dnssec yes;"
    option, allowing a remote attacker to cause a denial-of-service.

CVE-2017-3137

    It was discovered that BIND makes incorrect assumptions about the
    ordering of records in the answer section of a response containing
    CNAME or DNAME resource records, leading to situations where BIND
    exits with an assertion failure. An attacker can take advantage of
    this condition to cause a denial-of-service.

CVE-2017-3138

    Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a
    REQUIRE assertion failure if it receives a null command string on
    its control channel. Note that the fix applied in Debian is only
    applied as a hardening measure. Details about the issue can be found
    at https://kb.isc.org/article/AA-01471 .

For the stable distribution (jessie), these problems have been fixed in
version 1:9.9.5.dfsg-9+deb8u11.

For the unstable distribution (sid), these problems have been fixed in
version 1:9.10.3.dfsg.P4-12.3.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1268 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 15 May 2017 - 08:35 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3853-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 15, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bitlbee
CVE ID         : CVE-2016-10188 CVE-2016-10189

It was discovered that bitlbee, an IRC to other chat networks gateway,
contained issues that allowed a remote attacker to cause a denial of
service (via application crash), or potentially execute arbitrary
commands.

For the stable distribution (jessie), these problems have been fixed in
version 3.2.2-2+deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 3.5-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1269 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 20 May 2017 - 08:16 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3793-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 17, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : shadow
Debian Bug     : 862806

The update for the shadow suite issued as DSA-3793-1 introduced a
regression in su signal handling. If su receives a signal like SIGTERM,
it is not propagated to the child. Updated packages are now available to
correct this issue.

For the stable distribution (jessie), this problem has been fixed in
version 1:4.2-3+deb8u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3855-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 18, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jbig2dec
CVE ID         : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976
Debian Bug     : 860460 860787 860788

Multiple security issues have been found in the JBIG2 decoder library,
which may lead to denial of service, disclosure of sensitive information
from process memory or the execution of arbitrary code if a malformed
image file (usually embedded in a PDF document) is opened.

For the stable distribution (jessie), these problems have been fixed in
version 0.13-4~deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.13-4.1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3856-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 18, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : deluge
CVE ID         : CVE-2017-7178 CVE-2017-9031

Two vulnerabilities have been discovered in the web interface of the
Deluge BitTorrent client (directory traversal and cross-site request
forgery).

For the stable distribution (jessie), these problems have been fixed in
version 1.3.10-3+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.3.13+git20161130.48cedf63-3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3857-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 18, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-connector-java
CVE ID         : CVE-2017-3586 CVE-2017-3589

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

For the stable distribution (jessie), these problems have been fixed in
version 5.1.42-1~deb8u1.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 5.1.42-1.

For the unstable distribution (sid), these problems have been fixed in
version 5.1.42-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3858-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 19, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-7
CVE ID         : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533
                 CVE-2017-3539 CVE-2017-3544

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in privilege
escalation, denial of service, newline injection in SMTP or use of
insecure cryptography.

For the stable distribution (jessie), these problems have been fixed in
version 7u131-2.6.9-2~deb8u1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3859-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 19, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dropbear
CVE ID         : CVE-2017-9078 CVE-2017-9079

Two vulnerabilities were found in Dropbear, a lightweight SSH2 server
and client:

CVE-2017-9078

    Mark Shepard discovered a double free in the TCP listener cleanup
    which could result in denial of service by an authenticated user if
    Dropbear is running with the "-a" option.

CVE-2017-9079

    Jann Horn discovered a local information leak in parsing the
    .authorized_keys file.

For the stable distribution (jessie), these problems have been fixed in
version 2014.65-1+deb8u2.

For the unstable distribution (sid), these problems will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1270 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 24 May 2017 - 08:34 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3860-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 24, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2017-7494

steelo discovered a remote code execution vulnerability in Samba, a
SMB/CIFS file, print, and login server for Unix. A malicious client with
access to a writable share, can take advantage of this flaw by uploading
a shared library and then cause the server to load and execute it.

For the stable distribution (jessie), this problem has been fixed in
version 2:4.2.14+dfsg-0+deb8u6.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 24, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libtasn1-6
CVE ID         : CVE-2017-6891
Debian Bug     : 863186

Jakub Jirasek of Secunia Research discovered that libtasn1, a library
used to handle Abstract Syntax Notation One structures, did not
properly validate its input. This would allow an attacker to cause a
crash by denial-of-service, or potentially execute arbitrary code, by
tricking a user into processing a maliciously crafted assignments
file.

For the stable distribution (jessie), this problem has been fixed in
version 4.2-3+deb8u3.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1271 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 26 May 2017 - 12:06 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3862-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 25, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : puppet
CVE ID         : CVE-2017-2295

It was discovered that unrestricted YAML deserialisation of data sent
from agents to the server in the Puppet configuration management system
could result in the execution of arbitrary code.

Note that this fix breaks backward compability with Puppet agents older
than 3.2.2 and there is no safe way to restore it. This affects puppet
agents running on Debian wheezy; we recommend to update the the
puppet version shipped in wheezy-backports.

For the stable distribution (jessie), this problem has been fixed in
version 3.7.2-4+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 4.8.2-5.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3863-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 25, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7943
                 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346
                 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350
                 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354
                 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765
                 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142
                 CVE-2017-9143 CVE-2017-9144
Debian Bug     : 860736 862577 859771 859769 860734 862572 862574 862573
                 862575 862590 862589 862587 862632 862633 862634 862635
862636 862578 860735 862653 862637 863126 863125 863124
863123 862967

This update fixes several vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or the execution of
arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,
PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

For the stable distribution (jessie), these problems have been fixed in
version 8:6.8.9.9-5+deb8u9.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 8:6.9.7.4+dfsg-8.

For the unstable distribution (sid), these problems have been fixed in
version 8:6.9.7.4+dfsg-8.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1272 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 27 May 2017 - 08:10 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3864-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 27, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fop
CVE ID         : CVE-2017-5661

It was discovered that an XML external entities vulnerability in the
Apache FOP XML formatter may result in information disclosure.

For the stable distribution (jessie), this problem has been fixed in
version 1:1.1.dfsg2-1+deb8u1.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1:2.1-6.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.1-6.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1273 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 29 May 2017 - 07:08 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3865-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 29, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mosquitto
CVE ID         : CVE-2017-7650

It was discovered that pattern-based ACLs in the Mosquitto MQTT broker
could be bypassed.

For the stable distribution (jessie), this problem has been fixed in
version 1.3.4-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.10-3.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1274 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 30 May 2017 - 09:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3866-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
May 30, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : strongswan
CVE ID         : CVE-2017-9022 CVE-2017-9023

Two denial of service vulnerabilities were identified in strongSwan, an
IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

CVE-2017-9022

    RSA public keys passed to the gmp plugin aren't validated sufficiently
    before attempting signature verification, so that invalid input might
    lead to a floating point exception and crash of the process.
    A certificate with an appropriately prepared public key sent by a peer
    could be used for a denial-of-service attack.

CVE-2017-9023

    ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
    parsing X.509 certificates with extensions that use such types. This could
    lead to infinite looping of the thread parsing a specifically crafted
    certificate.

A fix for a build failure was additionally included in the 5.2.1-6+deb8u4
revision of the strongSwan package.

For the stable distribution (jessie), these problems have been fixed in
version 5.2.1-6+deb8u3.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 5.5.1-4

For the unstable distribution (sid), these problems have been fixed in
version 5.5.1-4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3867-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 30, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sudo
CVE ID         : CVE-2017-1000367
Debian Bug     : 863731

The Qualys Security team discovered that sudo, a program designed to
provide limited super user privileges to specific users, does not
properly parse "/proc/[pid]/stat" to read the device number of the tty
from field 7 (tty_nr). A sudoers user can take advantage of this flaw on
an SELinux-enabled system to obtain full root privileges.

For the stable distribution (jessie), this problem has been fixed in
version 1.8.10p3-1+deb8u4.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3868-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 30, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openldap
CVE ID         : CVE-2017-9287
Debian Bug     : 863563

Karsten Heymann discovered that the OpenLDAP directory server can be
crashed by performing a paged search with a page size of 0, resulting in
denial of service. This vulnerability is limited to the MDB storage
backend.

For the stable distribution (jessie), this problem has been fixed in
version 2.4.40+dfsg-1+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.44+dfsg-5.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#1275 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,303 posts

Posted 01 June 2017 - 07:47 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3869-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 01, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tnef
CVE ID         : CVE-2017-8911
Debian Bug     : 862442

It was discovered that tnef, a tool used to unpack MIME attachments of
type "application/ms-tnef", did not correctly validate its input. An
attacker could exploit this by tricking a user into opening a
malicious attachment, which would result in a denial-of-service by
application crash.

For the stable distribution (jessie), this problem has been fixed in
version 1.4.9-1+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.12-1.2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3870-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 01, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063
                 CVE-2017-9064 CVE-2017-9065
Debian Bug     : 862053 862816

Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to force password resets, and
perform various cross-site scripting and cross-site request forgery
attacks.

For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u13.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 4.7.5+dfsg-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3871-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 01, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : zookeeper
CVE ID         : CVE-2017-5637

It was discovered that Zookeeper, a service for maintaining
configuration information, didn't restrict access to the computationally
expensive wchp/wchc commands which could result in denial of service by
elevated CPU consumption.

This update disables those two commands by default. The new
configuration option "4lw.commands.whitelist" can be used to whitelist
commands selectively (and the full set of commands can be restored
with '*')

For the stable distribution (jessie), this problem has been fixed in
version 3.4.5+dfsg-2+deb8u2.

For the unstable distribution (sid), this problem will be fixed soon.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3872-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 01, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nss
CVE ID         : CVE-2017-5461 CVE-2017-5462 CVE-2017-7502

Several vulnerabilities were discovered in NSS, a set of cryptographic
libraries, which may result in denial of service or information
disclosure.

For the stable distribution (jessie), these problems have been fixed in
version 2:3.26-1+debu8u2.

For the unstable distribution (sid), these problems will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users