sunrat Posted December 17, 2015 Share Posted December 17, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3421-1 security@debian.org https://www.debian.org/security/ Luciano Bello December 16, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : grub2 CVE ID : CVE-2015-8370 Debian Bug : 807614 Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password. More information: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html For the oldstable distribution (wheezy), this problem has been fixed in version 1.99-27+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 2.02~beta2-22+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.02~beta2-33. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3423-1 security@debian.org https://www.debian.org/security/ Luciano Bello December 16, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2015-8369 Debian Bug : 807599 Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database. For the oldstable distribution (wheezy), this problem has been fixed in version 0.8.8a+dfsg-5+deb7u7. For the stable distribution (jessie), this problem has been fixed in version 0.8.8b+dfsg-8+deb8u3. For the testing distribution (stretch), this problem has been fixed in version 0.8.8f+ds1-3. For the unstable distribution (sid), this problem has been fixed in version 0.8.8f+ds1-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3424-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 16, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2015-5343 Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows an attacker with write access to the server to execute arbitrary code or cause a denial of service. The oldstable distribution (wheezy) is not affected. For the stable distribution (jessie), this problem has been fixed in version 1.8.10-6+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 1.9.3-1. Link to comment Share on other sites More sharing options...
sunrat Posted December 17, 2015 Share Posted December 17, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3337-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gdk-pixbuf CVE ID : CVE-2015-4491 The patch applied for gdk-pixbuf to fix CVE-2015-4491 in DSA 3337-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened. For the oldstable distribution (wheezy), this problem has been fixed in version 2.26.1-1+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 2.31.1-2+deb8u4. For the testing distribution (stretch), this problem has been fixed in version 2.31.7-1. For the unstable distribution (sid), this problem has been fixed in version 2.31.7-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3425-1 security@debian.org https://www.debian.org/security/ Luciano Bello December 17, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tryton-server CVE ID : CVE-2015-0861 Cédric Krier discovered a vulnerability in the server-side of Tryton, an application framework written in Python. An aunthenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written. The oldstable distribution (wheezy) is not affected. For the stable distribution (jessie), this problem has been fixed in version 3.4.0-3+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 3.8.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted December 18, 2015 Share Posted December 18, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3426-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-8104 CVE-2015-8374 CVE-2015-8543 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local (AF_UNIX) sockets can result in a use-after-free. This may be used to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-7799 It was discovered that a user granted access to /dev/ppp can cause a denial of service (crash) by passing invalid parameters to the PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes. CVE-2015-7833 Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a flaw in the processing of certain USB device descriptors in the usbvision driver. An attacker with physical access to the system can use this flaw to crash the system. This was partly fixed by the changes listed in DSA 3396-1. CVE-2015-8104 Jan Beulich reported a guest to host denial-of-service flaw affecting the KVM hypervisor running on AMD processors. A malicious guest can trigger an infinite stream of "debug" (#DB) exceptions causing the processor microcode to enter an infinite loop where the core never receives another interrupt. This leads to a panic of the host kernel. CVE-2015-8374 It was discovered that Btrfs did not correctly implement truncation of compressed inline extents. This could lead to an information leak, if a file is truncated and later made readable by other users. Additionally, it could cause data loss. This has been fixed for the stable distribution (jessie) only. CVE-2015-8543 It was discovered that a local user permitted to create raw sockets could cause a denial-of-service by specifying an invalid protocol number for the socket. The attacker must have the CAP_NET_RAW capability in their user namespace. This has been fixed for the stable distribution (jessie) only. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.73-2+deb7u1. In addition, this update contains several changes originally targeted for the upcoming Wheezy point release. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several changes originally targeted for the upcoming Jessie point release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3427-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : blueman CVE ID : not yet available It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation. For the oldstable distribution (wheezy), this problem has been fixed in version 1.23-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.99~alpha1-1+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3428-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2014-7810 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 8.0.21-2. For the unstable distribution (sid), this problem has been fixed in version 8.0.21-2. Link to comment Share on other sites More sharing options...
sunrat Posted December 22, 2015 Share Posted December 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3429-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : foomatic-filters CVE ID : CVE-2015-8327 CVE-2015-8560 Debian Bug : 806886 807993 Michal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.17-1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 4.0.17-5+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 4.0.17-7. Link to comment Share on other sites More sharing options...
sunrat Posted December 23, 2015 Share Posted December 23, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3430-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8317 Debian Bug : 782782 782985 783010 802827 803942 806384 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application. For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. Link to comment Share on other sites More sharing options...
sunrat Posted January 2, 2016 Share Posted January 2, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3431-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ganeti CVE ID : CVE-2015-7944 CVE-2015-7945 Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. For the oldstable distribution (wheezy), these problems have been fixed in version 2.5.2-1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 2.12.4-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 2.15.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3432-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 38.5.0-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.5.0-1~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 38.5.0esr-1. For the unstable distribution (sid), these problems have been fixed in version 38.5.0esr-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 3, 2016 Share Posted January 3, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3433-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 02, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540 CVE-2015-8467 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause the Samba LDAP server to hang, spinning using CPU. A remote attacker can take advantage of this flaw to mount a denial of service. CVE-2015-5252 Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University discovered that insufficient symlink verification could allow data access outside an exported share path. CVE-2015-5296 Stefan Metzmacher of SerNet discovered that Samba does not ensure that signing is negotiated when creating an encrypted client connection to a server. This allows a man-in-the-middle attacker to downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection. CVE-2015-5299 It was discovered that a missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots. CVE-2015-5330 Douglas Bagnall of Catalyst discovered that the Samba LDAP server is vulnerable to a remote memory read attack. A remote attacker can obtain sensitive information from daemon heap memory by sending crafted packets and then either read an error message, or a database value. CVE-2015-7540 It was discovered that a malicious client can send packets that cause the LDAP server provided by the AD DC in the samba daemon process to consume unlimited memory and be terminated. CVE-2015-8467 Andrew Bartlett of the Samba Team and Catalyst discovered that a Samba server deployed as an AD DC can expose Windows DCs in the same domain to a denial of service via the creation of multiple machine accounts. This issue is related to the MS15-096 / CVE-2015-2535 security issue in Windows. For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u6. The oldstable distribution (wheezy) is only affected by CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. For the stable distribution (jessie), these problems have been fixed in version 2:4.1.17+dfsg-2+deb8u1. The fixes for CVE-2015-3223 and CVE-2015-5330 required an update to ldb 2:1.1.17-2+deb8u1 to correct the defects. For the unstable distribution (sid), these problems have been fixed in version 2:4.1.22+dfsg-1. The fixes for CVE-2015-3223 and CVE-2015-5330 required an update to ldb 2:1.1.24-1 to correct the defects. Link to comment Share on other sites More sharing options...
sunrat Posted January 6, 2016 Share Posted January 6, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3434-1 security@debian.org https://www.debian.org/security/ Ben Hutchings January 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-7513 CVE-2015-7550 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8709 Debian Bug : 808293 808602 808953 808973 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-7513 It was discovered that a local user permitted to use the x86 KVM subsystem could configure the PIT emulation to cause a denial of service (crash). CVE-2015-7550 Dmitry Vyukov discovered a race condition in the keyring subsystem that allows a local user to cause a denial of service (crash). CVE-2015-8543 It was discovered that a local user permitted to create raw sockets could cause a denial-of-service by specifying an invalid protocol number for the socket. The attacker must have the CAP_NET_RAW capability. CVE-2015-8550 Felix Wilhelm of ERNW discovered that the Xen PV backend drivers may read critical data from shared memory multiple times. This flaw can be used by a guest kernel to cause a denial of service (crash) on the host, or possibly for privilege escalation. CVE-2015-8551 / CVE-2015-8552 Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI backend driver does not adequately validate the device state when a guest configures MSIs. This flaw can be used by a guest kernel to cause a denial of service (crash or disk space exhaustion) on the host. CVE-2015-8569 Dmitry Vyukov discovered a flaw in the PPTP sockets implementation that leads to an information leak to local users. CVE-2015-8575 David Miller discovered a flaw in the Bluetooth SCO sockets implementation that leads to an information leak to local users. CVE-2015-8709 Jann Horn discovered a flaw in the permission checks for use of the ptrace feature. A local user who has the CAP_SYS_PTRACE capability within their own user namespace could use this flaw for privilege escalation if a more privileged process ever enters that user namespace. This affects at least the LXC system. In addition, this update fixes some regressions in the previous update: #808293 A regression in the UDP implementation prevented freeradius and some other applications from receiving data. #808602 / #808953 A regression in the USB XHCI driver prevented use of some devices in USB 3 SuperSpeed ports. #808973 A fix to the radeon driver interacted with an existing bug to cause a crash at boot when using some AMD/ATI graphics cards. This issue only affects wheezy. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not affected by CVE-2015-8709. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in version 3.16.7-ckt20-1+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 4.3.3-3 or earlier. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3435-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) January 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2015-7545 Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. For the oldstable distribution (wheezy), this problem has been fixed in version 1:1.7.10.4-1+wheezy2. For the stable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:2.6.1-1. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 9, 2016 Share Posted January 9, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3436-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2015-7575 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH For the oldstable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u19. For the stable distribution (jessie), the testing distribution (stretch) and the unstable distribution (sid), this issue was already addressed in version 1.0.1f-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 10, 2016 Share Posted January 10, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3437-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls26 CVE ID : CVE-2015-7575 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH For the oldstable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : prosody CVE ID : CVE-2016-1231 CVE-2016-1232 Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody's HTTP file-serving module that allows it to serve requests outside of the configured public root directory. A remote attacker can exploit this flaw to access private files including sensitive data. The default configuration does not enable the mod_http_files module and thus is not vulnerable. CVE-2016-1232 Thijs Alkemade discovered that Prosody's generation of the secret token for server-to-server dialback authentication relied upon a weak random number generator that was not cryptographically secure. A remote attacker can take advantage of this flaw to guess at probable values of the secret key and impersonate the affected domain to other servers on the network. For the oldstable distribution (wheezy), these problems have been fixed in version 0.8.2-4+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 0.9.7-2+deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3438-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xscreensaver CVE ID : CVE-2015-8025 Debian Bug : 802914 It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. For the oldstable distribution (wheezy), this problem has been fixed in version 5.15-3+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 5.30-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 5.34-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 12, 2016 Share Posted January 12, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3441-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2015-8607 Debian Bug : 810719 David Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution (wheezy) is not affected by this problem. For the stable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u2. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted January 13, 2016 Share Posted January 13, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3442-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : isc-dhcp CVE ID : CVE-2015-8605 Debian Bug : 810875 It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected. For the oldstable distribution (wheezy), this problem has been fixed in version 4.2.2.dfsg.1-5+deb70u8. For the stable distribution (jessie), this problem has been fixed in version 4.3.1-6+deb8u2. For the testing (stretch) and unstable (sid) distributions, this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3443-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng CVE ID : CVE-2015-8472 CVE-2015-8540 Debian Bug : 807112 807694 Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications using png_set_PLTE directly. A remote attacker can take advantage of this flaw to cause a denial of service (application crash). CVE-2015-8540 Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword function. A remote attacker can potentially take advantage of this flaw to cause a denial of service (application crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.49-1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 1.2.50-2+deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3444-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2016-1564 Debian Bug : 810325 Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site. For the oldstable distribution (wheezy), this problem has been fixed in version 3.6.1+dfsg-1~deb7u9. For the stable distribution (jessie), this problem has been fixed in version 4.1+dfsg-1+deb8u7. For the unstable distribution (sid), this problem has been fixed in version 4.4.1+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pygments CVE ID : CVE-2015-8557 Debian Bug : 802828 Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. For the oldstable distribution (wheezy), this problem has been fixed in version 1.5+dfsg-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.0.1+dfsg-1.1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 2.0.1+dfsg-2. Link to comment Share on other sites More sharing options...
sunrat Posted January 14, 2016 Share Posted January 14, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3446-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez January 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssh CVE ID : CVE-2016-0777 CVE-2016-0778 Debian bug : 810984 The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite). SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn't support roaming, but the OpenSSH client supports it (even though it's not documented) and it's enabled by default. CVE-2016-0777 An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys. CVE-2016-0778 A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11. This security update completely disables the roaming code in the OpenSSH client. It is also possible to disable roaming by adding the (undocumented) option 'UseRoaming no' to the global /etc/ssh/ssh_config file, or to the user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line. Users with passphrase-less privates keys, especially in non interactive setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to update their keys if they have connected to an SSH server they don't trust. More details about identifying an attack and mitigations will be available in the Qualys Security Advisory. For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version. Link to comment Share on other sites More sharing options...
sunrat Posted January 16, 2016 Share Posted January 16, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3431-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ganeti Debian Bug : 810850 The update for ganeti issued as DSA-3431-1 causes the gnt-instance info command to fail for all instances of type DRBD. Updated packages are now available to address this regression. For reference the original advisory text follows. Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. For the oldstable distribution (wheezy), this problem has been fixed in version 2.5.2-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.12.4-1+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted January 17, 2016 Share Posted January 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3447-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 17, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2014-7810 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. For the oldstable distribution (wheezy), this problem has been fixed in version 7.0.28-4+deb7u3. This update also provides fixes for CVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and CVE-2014-0230, which were all fixed for the stable distribution (jessie) already. For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 7.0.61-1. For the unstable distribution (sid), this problem has been fixed in version 7.0.61-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 20, 2016 Share Posted January 20, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3448-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-0728 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service. CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions. CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected. CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake. CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service. CVE-2016-0728 The Perception Point research team discovered a use-after-free vulnerability in the keyring facility, possibly leading to local privilege escalation. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3449-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2015-8704 It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service. For the oldstable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u5. Link to comment Share on other sites More sharing options...
sunrat Posted January 21, 2016 Share Posted January 21, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3450-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ecryptfs-utils CVE ID : CVE-2016-1572 Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges. For the oldstable distribution (wheezy), this problem has been fixed in version 99-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 103-5+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 22, 2016 Share Posted January 22, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3451-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez January 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fuse CVE ID : CVE-2016-1233 Jann Horn discovered a vulnerability in the fuse (Filesystem in Userspace) package in Debian. The fuse package ships an udev rules adjusting permissions on the related /dev/cuse character device, making it world writable. This permits a local, unprivileged attacker to create an arbitrarily-named character device in /dev and modify the memory of any process that opens it and performs an ioctl on it. This in turn might allow a local, unprivileged attacker to escalate to root privileges. For the oldstable distribution (wheezy), the fuse package is not affected. For the stable distribution (jessie), this problem has been fixed in version 2.9.3-15+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 2.9.5-1. For the unstable distribution (sid), this problem has been fixed in version 2.9.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 23, 2016 Share Posted January 23, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3452-1 security@debian.org https://www.debian.org/security/ Ben Hutchings January 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : claws-mail CVE ID : CVE-2015-8614 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. For the oldstable distribution (wheezy), this problem has been fixed in version 3.8.1-2+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 3.11.1-3+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 24, 2016 Share Posted January 24, 2016 ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 8: 8.3 released press@debian.org January 23rd, 2016 https://www.debian.org/News/2016/20160123 ------------------------------------------------------------------------ The Debian project is pleased to announce the third update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were published separately and are referenced where applicable. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Link to comment Share on other sites More sharing options...
sunrat Posted January 25, 2016 Share Posted January 25, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3453-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-2047 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/ For the stable distribution (jessie), these problems have been fixed in version 10.0.23-0+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 10.0.23-1. For the unstable distribution (sid), these problems have been fixed in version 10.0.23-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 27, 2016 Share Posted January 27, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3454-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : virtualbox CVE ID : CVE-2015-5307 CVE-2015-8104 CVE-2016-0495 CVE-2016-0592 Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. Upstream support for the 4.1 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed to be ended as well. If you use virtualbox with externally procured VMs (e.g. through vagrant) we advise you to update to Debian jessie. For the stable distribution (jessie), these problems have been fixed in version 4.3.36-dfsg-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 5.0.14-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 5.0.14-dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 28, 2016 Share Posted January 28, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3455-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2016-0755 Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user. For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 7.47.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3456-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-6792 An issue was found in the handling of MIDI files. CVE-2016-1612 cloudfuzzer discovered a logic error related to receiver compatibility in the v8 javascript library. CVE-2016-1613 A use-after-free issue was discovered in the pdfium library. CVE-2016-1614 Christoph Diehl discovered an information leak in Webkit/Blink. CVE-2016-1615 Ron Masas discovered a way to spoof URLs. CVE-2016-1616 Luan Herrera discovered a way to spoof URLs. CVE-2016-1617 jenuis discovered a way to discover whether an HSTS web site had been visited. CVE-2016-1618 Aaron Toponce discovered the use of weak random number generator. CVE-2016-1619 Keve Nagy discovered an out-of-bounds-read issue in the pdfium library. CVE-2016-1620 The chrome 48 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.7.271.17. For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.82-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.82-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3457-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. For the oldstable distribution (wheezy), these problems have been fixed in version 38.6.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.6.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 44.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3458-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. For the oldstable distribution (wheezy), these problems have been fixed in version 7u95-2.6.4-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 7u95-2.6.4-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7u95-2.6.4-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 28, 2016 Share Posted January 28, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3459-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 Debian Bug : 811428 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html For the oldstable distribution (wheezy), these problems have been fixed in version 5.5.47-0+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 5.5.47-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 31, 2016 Share Posted January 31, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3460-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : privoxy CVE ID : CVE-2016-1982 CVE-2016-1983 It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service. For the oldstable distribution (wheezy), these problems have been fixed in version 3.0.19-2+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 3.0.21-7+deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 3.0.24-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3462-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez January 30, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radicale CVE ID : CVE-2015-8747 CVE-2015-8748 Debian Bug : 809920 Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The (not configured by default and not available on Wheezy) multifilesystem storage backend allows read and write access to arbitrary files (still subject to the DAC permissions of the user the radicale server is running as). CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules `owner_write' (read for everybody, write for the calendar owner) and `owner_only' (read and write for the the calendar owner). For the oldstable distribution (wheezy), these problems have been fixed in version 0.7-1.1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 0.9-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.1.1-1. For the unstable distribution (sid), these problems have been fixed in version 1.1.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 1, 2016 Share Posted February 1, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3461-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freetype CVE ID : CVE-2014-9674 Debian Bug : 777656 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 2.4.9-1.1+deb7u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3463-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : prosody CVE ID : CVE-2016-0756 It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server. For the oldstable distribution (wheezy), this problem has been fixed in version 0.8.2-4+deb7u4. For the stable distribution (jessie), this problem has been fixed in version 0.9.7-2+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 0.9.10-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3464-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2015-3226 CVE-2015-3227 CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. For the stable distribution (jessie), these problems have been fixed in version 2:4.1.8-1+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 2:4.2.5.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 3, 2016 Share Posted February 3, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3465-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. For the oldstable distribution (wheezy), these problems have been fixed in version 6b38-1.13.10-1~deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 4, 2016 Share Posted February 4, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3466-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : krb5 CVE ID : CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 Debian Bug : 813126 813127 813296 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. CVE-2015-8630 It was discovered that an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. CVE-2015-8631 It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. For the oldstable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is not affected by CVE-2015-8630. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+dfsg-19+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted February 7, 2016 Share Posted February 7, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3467-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) February 06, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 Debian Bug : 808968 809021 Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash. For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 4.0.6-1. For the unstable distribution (sid), these problems have been fixed in version 4.0.6-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3468-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 06, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : polarssl CVE ID : CVE-2015-5291 CVE-2015-8036 Debian Bug : 801413 It was discovered that polarssl, a library providing SSL and TLS support, contained two heap-based buffer overflows that could allow a remote attacker to trigger denial of service (via application crash) or arbitrary code execution. For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.9-1~deb7u6. For the stable distribution (jessie), these problems have been fixed in version 1.3.9-2.1+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 9, 2016 Share Posted February 9, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3469-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 Debian Bug : 799452 806373 806741 806742 808130 808144 810519 810527 811201 Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-7512 Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-8345 Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash). CVE-2015-8504 Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash). CVE-2015-8558 Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion). CVE-2015-8743 Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption. CVE-2016-1568 Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1714 Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1922 Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u12. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3470-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 Debian Bug : 799452 806373 806741 806742 808130 808144 810519 810527 811201 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-7512 Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-8345 Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash). CVE-2015-8504 Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash). CVE-2015-8558 Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion). CVE-2015-8743 Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption. CVE-2016-1568 Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1714 Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1922 Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u12. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3471-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 Debian Bug : 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201 812307 809237 809237 Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-7512 Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-7549 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PCI MSI-X emulator is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash). CVE-2015-8345 Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash). CVE-2015-8504 Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash). CVE-2015-8550 Felix Wilhelm of ERNW Research that the PV backend drivers are vulnerable to double fetch vulnerabilities, possibly resulting in arbitrary code execution. CVE-2015-8558 Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion). CVE-2015-8567 CVE-2015-8568 Qinghao Tang of Qihoo 360 Inc. discovered that the vmxnet3 device emulator could be used to intentionally leak host memory, thus resulting in denial-of-service. CVE-2015-8613 Qinghao Tang of Qihoo 360 Inc. discovered that the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack-based buffer overflow issue, that could lead to denial-of-service (via application crash). CVE-2015-8619 Ling Liu of Qihoo 360 Inc. discovered that the Human Monitor Interface support is vulnerable to an out-of-bound write access issue that could result in denial-of-service (via application crash). CVE-2015-8743 Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption. CVE-2015-8744 The vmxnet3 driver incorrectly processes small packets, which could result in denial-of-service (via application crash). CVE-2015-8745 The vmxnet3 driver incorrectly processes Interrupt Mask Registers, which could result in denial-of-service (via application crash). CVE-2016-1568 Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1714 Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1922 Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash). CVE-2016-1981 The e1000 driver is vulnerable to an infinite loop issue that could lead to denial-of-service (via application crash). For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u5a. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3472-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2016-2221 CVE-2016-2222 Debian Bug : 813697 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability. CVE-2016-2222 Ronni Skansing discovered a server-side request forgery (SSRF) vulnerability. For the oldstable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u10. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u8. For the unstable distribution (sid), these problems have been fixed in version 4.4.2+dfsg-1. Link to comment Share on other sites More sharing options...
Recommended Posts