sunrat Posted February 11, 2016 Share Posted February 11, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 Debian Bug : 812806 Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file. For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4. For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1. For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 12, 2016 Share Posted February 12, 2016 ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Debian 6.0 Long Term Support reaching end-of-life press@debian.org February 12th, 2016 https://www.debian.org/News/2016/20160212 ------------------------------------------------------------------------ The Debian Long Term Support (LTS) [1] Team hereby announces that Debian 6.0 ("squeeze") support will reach its end-of-life on February 29, 2016, five years after its initial release on February 6, 2011. 1: https://wiki.debian.org/LTS/ There will be no further security support for Debian 6.0. The LTS Team will prepare the transition to Debian 7 ("wheezy"), which is the current oldstable release. The LTS team will take over support from the Security Team on April 26, 2016. Debian 7 will also receive Long Term Support for five years after its initial release with support ending in May 2018. Debian and its LTS Team would like to thank all contributing users, developers and sponsors who are making it possible to extend the life of previous stable releases, and who have made this LTS a success. If you rely on Debian LTS, please consider joining the team [2], providing patches, testing or funding the efforts [3]. 2: https://wiki.debian.org/LTS/Development 3: https://wiki.debian.org/LTS/Funding Link to comment Share on other sites More sharing options...
sunrat Posted February 13, 2016 Share Posted February 13, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3474-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2015-7511 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. For the stable distribution (jessie), this problem has been fixed in version 1.6.3-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.6.5-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3475-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.1 CVE ID : CVE-2015-5288 CVE-2016-0766 CVE-2016-0773 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 9.1.20-0+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3476-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2016-0766 CVE-2016-0773 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 9.4.6-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 15, 2016 Share Posted February 15, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3477-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2016-1523 Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 38.6.1esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 38.6.1esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 44.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 15, 2016 Share Posted February 15, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3478-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt11 CVE ID : CVE-2015-7511 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt11 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. For the oldstable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3479-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 15, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphite2 CVE ID : CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For the oldstable distribution (wheezy), these problems have been fixed in version 1.3.5-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 1.3.5-1~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.3.5-1. For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2016 Share Posted February 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3480-1 security@debian.org https://www.debian.org/security/ Florian Weimer February 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : eglibc CVE ID : CVE-2014-8121 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Debian Bug : 779587 796105 798316 801691 803927 812441 812445 812455 Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lookups. This could cause the enumeration enter an endless loop, leading to a denial of service. CVE-2015-1781 Arjun Shankar discovered that the _r variants of host name resolution functions (like gethostbyname_r), when performing DNS name resolution, suffered from a buffer overflow if a misaligned buffer was supplied by the applications, leading to a crash or, potentially, arbitrary code execution. Most applications are not affected by this vulnerability because they use aligned buffers. CVE-2015-7547 The Google Security Team and Red Hat discovered that the eglibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. CVE-2015-8777 Hector Marco-Gisbert reported that LD_POINTER_GUARD was not ignored for SUID programs, enabling an unintended bypass of a security feature. This update causes eglibc to always ignore the LD_POINTER_GUARD environment variable. CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. The following fixed vulnerabilities currently lack CVE assignment: Joseph Myers reported discovered that an integer overflow in the strxfrm can lead to heap-based buffer overflow, possibly allowing arbitrary code execution. In addition, a fallback path in strxfrm uses an unbounded stack allocation (stack overflow), leading to a crash or erroneous application behavior. Kostya Serebryany reported that the fnmatch function could skip over the terminating NUL character of a malformed pattern, causing an application calling fnmatch to crash (denial of service). Joseph Myers reported that the IO_wstr_overflow function, internally used by wide-oriented character streams, suffered from an integer overflow, leading to a heap-based buffer overflow. On GNU/Linux systems, wide-oriented character streams are rarely used, and no affected applications are known. Andreas Schwab reported a memory leak (memory allocation without a matching deallocation) while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function. This vulnerability could lead to a denial of service. While it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade. For the oldstable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3481-1 security@debian.org https://www.debian.org/security/ Florian Weimer February 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : glibc CVE ID : CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 Debian Bug : 812441 812445 812455 Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade. For the stable distribution (jessie), these problems have been fixed in version 2.19-18+deb8u3. For the unstable distribution (sid), these problems will be fixed in version 2.21-8. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2016 Share Posted February 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3482-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 17, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2016-0794 CVE-2016-0795 An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file. For the oldstable distribution (wheezy), these problems have been fixed in version 3.5.4+dfsg2-0+deb7u6. For the stable distribution (jessie), these problems have been fixed in version 4.3.3-2+deb8u3. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 1:5.1.1~rc1-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 21, 2016 Share Posted February 21, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3483-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cpio CVE ID : CVE-2016-2037 Debian Bug : 812401 Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service (application crash). For the oldstable distribution (wheezy), this problem has been fixed in version 2.11+dfsg-0.1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.11+dfsg-4.1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.11+dfsg-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3484-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xdelta3 CVE ID : CVE-2014-9765 Debian Bug : 814067 Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the main_get_appheader function, which may lead to the execution of arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 3.0.0.dfsg-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 3.0.8-dfsg-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 3.0.8-dfsg-1.1. For the unstable distribution (sid), this problem has been fixed in version 3.0.8-dfsg-1.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3485-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : didiwiki CVE ID : CVE-2013-7448 Debian Bug : 815111 Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem. For the oldstable distribution (wheezy), this problem has been fixed in version 0.5-11+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 0.5-11+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 0.5-12. Link to comment Share on other sites More sharing options...
sunrat Posted February 23, 2016 Share Posted February 23, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3486-1 security@debian.org https://www.debian.org/security/ Michael Gilbert February 21, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a buffer overflow issue in the Brotli library. CVE-2016-1625 Jann Horn discovered a way to cause the Chrome Instant feature to navigate to unintended destinations. CVE-2016-1626 An out-of-bounds read issue was discovered in the openjpeg library. CVE-2016-1627 It was discovered that the Developer Tools did not validate URLs. CVE-2016-1628 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1629 A way to bypass the Same Origin Policy was discovered in Blink/WebKit, along with a way to escape the chromium sandbox. For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.116-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.116-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 23, 2016 Share Posted February 23, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3487-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh2 CVE ID : CVE-2016-0787 Debian Bug : 815662 Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially allowing an eavesdropper with enough resources to decrypt or intercept SSH sessions. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.2-1.1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 1.4.3-4.1+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3488-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh CVE ID : CVE-2016-0739 Debian Bug : 815663 Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. This flaw could allow an eavesdropper with enough resources to decrypt or intercept SSH sessions. For the oldstable distribution (wheezy), this problem has been fixed in version 0.5.4-1+deb7u3. This update also includes fixes for CVE-2014-8132 and CVE-2015-3146, which were previously scheduled for the next wheezy point release. For the stable distribution (jessie), this problem has been fixed in version 0.6.3-4+deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3489-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lighttpd CVE ID : CVE-2014-3566 Debian Bug : 765702 lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.31-4+deb7u4. Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2016 Share Posted February 26, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3490-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : websvn CVE ID : CVE-2016-2511 Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks. For the oldstable distribution (wheezy), this problem has been fixed in version 2.3.3-1.1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.3.3-1.2+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3491-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 38.6.0-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.6.0-1~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 38.6.0-1. For the unstable distribution (sid), these problems have been fixed in version 38.6.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3493-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2016-0729 Debian Bug : 815907 Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 3.1.1-3+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3492-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez February 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim CVE ID : CVE-2015-8688 Debian Bug : 809900 Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. For the oldstable distribution (wheezy), this problem has been fixed in version 0.15.1-4.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 0.16-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 0.16.5-0.1. For the unstable distribution (sid), this problem has been fixed in version 0.16.5-0.1. Link to comment Share on other sites More sharing options...
sunrat Posted February 27, 2016 Share Posted February 27, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3494-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2015-8377 CVE-2015-8604 Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. For the oldstable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u8. For the stable distribution (jessie), these problems have been fixed in version 0.8.8b+dfsg-8+deb8u4. For the testing distribution (stretch), these problems have been fixed in version 0.8.8f+ds1-4. For the unstable distribution (sid), these problems have been fixed in version 0.8.8f+ds1-4. Link to comment Share on other sites More sharing options...
sunrat Posted February 28, 2016 Share Posted February 28, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3492-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim Debian Bug : 816158 The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows. Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. For the oldstable distribution (wheezy), this problem has been fixed in version 0.15.1-4.1+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3496-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-horde-core CVE ID : CVE-2015-8807 Debian Bug : 813590 It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability. For the stable distribution (jessie), this problem has been fixed in version 2.15.0+debian0-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 2.22.4+debian0-1. For the unstable distribution (sid), this problem has been fixed in version 2.22.4+debian0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3497-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-horde CVE ID : CVE-2016-2228 Debian Bug : 813573 It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability. For the stable distribution (jessie), this problem has been fixed in version 5.2.1+debian0-2+deb8u3. For the testing distribution (stretch), this problem has been fixed in version 5.2.9+debian0-1. For the unstable distribution (sid), this problem has been fixed in version 5.2.9+debian0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3498-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : not yet available Multiple security vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-001 For the oldstable distribution (wheezy), this problem has been fixed in version 7.14-2+deb7u12. For the stable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u6. For the unstable distribution (sid), this problem has been fixed in version 7.43-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3499-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pillow CVE ID : CVE-2016-0740 CVE-2016-0775 CVE-2016-2533 Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed. For the oldstable distribution (wheezy), this problem has been fixed in version 1.1.7-4+deb7u2 of the python-imaging source package. For the stable distribution (jessie), this problem has been fixed in version 2.6.1-2+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 3.1.1-1. For the unstable distribution (sid), this problem has been fixed in version 3.1.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 29, 2016 Share Posted February 29, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3495-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xymon CVE ID : CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2057 CVE-2016-2058 Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054 The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service (via application crash) or remote code execution. CVE-2016-2055 The incorrect handling of user-supplied input in the "config" command can lead to an information leak by serving sensitive configuration files to a remote user. CVE-2016-2056 The commands handling password management do not properly validate user-supplied input, and are thus vulnerable to shell command injection by a remote user. CVE-2016-2057 Incorrect permissions on an internal queuing system allow a user with a local account on the xymon master server to bypass all network-based access control lists, and thus inject messages directly into xymon. CVE-2016-2058 Incorrect escaping of user-supplied input in status webpages can be used to trigger reflected cross-site scripting attacks. For the stable distribution (jessie), these problems have been fixed in version 4.3.17-6+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 2, 2016 Share Posted March 2, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3500-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys. CVE-2016-0705 Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources. CVE-2016-0797 Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources. CVE-2016-0798 Emilia Käsper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function. CVE-2016-0799 Guido Vranken discovered an integer overflow in the BIO_*printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_*printf functions. Additionally the EXPORT and LOW ciphers were disabled since thay could be used as part of the DROWN (CVE-2016-0800) and SLOTH (CVE-2015-7575) attacks, but note that the oldstable (wheezye) and stable (jessie) distributions are not affected by those attacks since the SSLv2 protocol has already been dropped in the openssl package version 1.0.0c-2. For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u20. For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u4. For the unstable distribution (sid), these problems will be fixed shortly. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3501-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2016-2381 Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking. With this update Perl changes the behavior to match the following: a) %ENV is populated with the first environment variable, as getenv would return. Duplicate environment entries are removed. For the oldstable distribution (wheezy), this problem has been fixed in version 5.14.2-21+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u4. For the unstable distribution (sid), this problem will be fixed in version 5.22.1-8. Link to comment Share on other sites More sharing options...
sunrat Posted March 4, 2016 Share Posted March 4, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3502-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez March 03, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundup CVE ID : CVE-2014-6276 Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator should ensure the instanced versions (in /var/lib/roundup usually) are also updated, either by patching them manually or by recreating them. More info can be found in the upstream documentation at http://www.roundup-tracker.org/docs/upgrading.html#user-data-visibility For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.20-1.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.4.20-1.1+deb8u1. For the testing (stretch) and unstable (sid) distribution, this problem has not yet been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3426-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ctdb Debian Bug : 813406 The update for linux issued as DSA-3426-1 and DSA-3434-1 to address CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store temporary data, leading to broken clusters. Updated packages are now available to address this problem. For the oldstable distribution (wheezy), this problem has been fixed in version 1.12+git20120201-5. For the stable distribution (jessie), this problem has been fixed in version 2.5.4+debian0-4+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3503-1 security@debian.org https://www.debian.org/security/ Ben Hutchings March 03, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2015-8830 CVE-2016-0723 CVE-2016-0774 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2550 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local (Unix) sockets to allocate an unfair share of kernel memory, leading to denial-of-service (resource exhaustion). This issue was previously mitigated for the stable suite by limiting the total number of files queued by each user on local sockets. The new kernel version in both suites includes that mitigation plus limits on the total size of pipe buffers allocated for each user. CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected. CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake. CVE-2015-8785 It was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel). CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation. CVE-2015-8816 A use-after-free vulnerability was discovered in the USB hub driver. This may be used by a physically present user for privilege escalation. CVE-2015-8830 Ben Hawkes of Google Project Zero reported that the AIO interface permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated. CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service. CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. CVE-2016-2069 Andy Lutomirski discovered a race condition in flushing of the TLB when switching tasks on an x86 system. On an SMP system this could possibly lead to a crash, information leak or privilege escalation. CVE-2016-2384 Andrey Konovalov found that a crafted USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation. CVE-2016-2543 Dmitry Vyukov found that the core sound sequencer driver (snd-seq) lacked a necessary check for a null pointer, allowing a user with access to a sound sequencer device to cause a denial-of- service (crash). CVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548 Dmitry Vyukov found various race conditions in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use these to cause a denial-of-service (crash or hang) or possibly for privilege escalation. CVE-2016-2545 Dmitry Vyukov found a flaw in list manipulation in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use this to cause a denial-of-service (crash or hang) or possibly for privilege escalation. CVE-2016-2549 Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s use of high resolution timers. A user with access to sound devices could use this to cause a denial-of-service (hang). CVE-2016-2550 The original mitigation of CVE-2013-4312, limiting the total number of files a user could queue on local sockets, was flawed. A user given a local socket opened by another user, for example through the systemd socket activation mechanism, could make use of the other user's quota, again leading to a denial-of-service (resource exhaustion). This is fixed by accounting queued files to the sender rather than the socket opener. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.73-2+deb7u3. The oldstable distribution (wheezy) is not affected by CVE-2015-8830. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u4. CVE-2015-7566, CVE-2015-8767 and CVE-2016-0723 were already fixed in DSA-3448-1. CVE-2016-0774 does not affect the stable distribution. Link to comment Share on other sites More sharing options...
sunrat Posted March 5, 2016 Share Posted March 5, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3504-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 04, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bsh CVE ID : CVE-2016-2510 Alvaro Muñoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source. For the oldstable distribution (wheezy), this problem has been fixed in version 2.0b4-12+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.0b4-15+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 2.0b4-16. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3505-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8732 CVE-2015-8733 Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy17. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u4. For the testing distribution (stretch), these problems have been fixed in version 2.0.2+ga16e22e-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.2+ga16e22e-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3506-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav CVE ID : CVE-2016-1897 CVE-2016-1898 CVE-2016-2326 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. For the oldstable distribution (wheezy), these problems have been fixed in version 6:0.8.17-2. For the stable distribution (jessie), libav has been updated to 11.6-1~deb8u1 which brings several further bugfixes as detailed in the upstream changelog: https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.6 Link to comment Share on other sites More sharing options...
sunrat Posted March 5, 2016 Share Posted March 5, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3507-1 security@debian.org https://www.debian.org/security/ Michael Gilbert March 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the Pepper Plugin API. CVE-2016-1632 A bad cast was discovered. CVE-2016-1633 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1634 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1635 Rob Wu discovered a use-after-free issue in Blink/Webkit. CVE-2016-1636 A way to bypass SubResource Integrity validation was discovered. CVE-2016-1637 Keve Nagy discovered an information leak in the skia library. CVE-2016-1638 Rob Wu discovered a WebAPI bypass issue. CVE-2016-1639 Khalil Zhani discovered a use-after-free issue in the WebRTC implementation. CVE-2016-1640 Luan Herrera discovered an issue with the Extensions user interface. CVE-2016-1641 Atte Kettunen discovered a use-after-free issue in the handling of favorite icons. CVE-2016-1642 The chrome 49 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.26. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.75-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.75-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 6, 2016 Share Posted March 6, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3508-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 06, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2016-1577 CVE-2016-2089 CVE-2016-2116 Debian Bug : 812978 816625 816626 Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1577 Jacob Baines discovered a double-free flaw in the jas_iccattrval_destroy function. A remote attacker could exploit this flaw to cause an application using the JasPer library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application. CVE-2016-2089 The Qihoo 360 Codesafe Team discovered a NULL pointer dereference flaw within the jas_matrix_clip function. A remote attacker could exploit this flaw to cause an application using the JasPer library to crash, resulting in a denial-of-service. CVE-2016-2116 Tyler Hicks discovered a memory leak flaw in the jas_iccprof_createfrombuf function. A remote attacker could exploit this flaw to cause the JasPer library to consume memory, resulting in a denial-of-service. For the oldstable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u4. For the stable distribution (jessie), these problems have been fixed in version 1.900.1-debian1-2.4+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 10, 2016 Share Posted March 10, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3509-1 security@debian.org https://www.debian.org/security/ Luciano Bello March 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2016-2097 CVE-2016-2098 Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from arbitrary locations, including files beyond the application's view directory. This vulnerability is the result of an incomplete fix of CVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze from Makandra. CVE-2016-2098 If a web applications does not properly sanitize user inputs, an attacker might control the arguments of the render method in a controller or a view, resulting in the possibility of executing arbitrary ruby code. This bug was found by Tobias Kraze from Makandra and joernchen of Phenoelit. For the stable distribution (jessie), these problems have been fixed in version 2:4.1.8-1+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 2:4.2.5.2-1. For the unstable distribution (sid), these problems have been fixed in version 2:4.2.5.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3510-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwriting local files. For the oldstable distribution (wheezy), these problems have been fixed in version 38.7.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.7.0esr-1~deb8u1. For the unstable distribution (sid), Debian is in the process of moving back towards using the Firefox name. These problems will soon be fixed in the firefox-esr source package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3511-1 security@debian.org https://www.debian.org/security/ Michael Gilbert March 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2016-1285 CVE-2016-1286 Two vulnerabilites have been discovered in ISC's BIND DNS server. CVE-2016-1285 A maliciously crafted rdnc, a way to remotely administer a BIND server, operation can cause named to crash, resulting in denial of service. CVE-2016-1286 An error parsing DNAME resource records can cause named to crash, resulting in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 9.8.4.dfsg.P1-6+nmu2+deb7u10. For the stable distribution (jessie), these problems have been fixed in version 9.9.5.dfsg-9+deb8u6. For the testing (stretch) and unstable (sid) distributions, these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3512-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libotr CVE ID : CVE-2016-2851 Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record (OTR) messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks (application crash), or potentially, execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (wheezy), this problem has been fixed in version 3.2.1-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 4.1.0-2+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3513-1 security@debian.org https://www.debian.org/security/ Michael Gilbert March 10, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1643 cloudfuzzer discovered a type confusion issue in Blink/Webkit. CVE-2016-1644 Atte Kettunen discovered a use-after-free issue in Blink/Webkit. CVE-2016-1645 An out-of-bounds write issue was discovered in the pdfium library. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.87-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.87-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 12, 2016 Share Posted March 12, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3514-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 12, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2015-7560 CVE-2016-0771 Debian Bug : 812429 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles getting and setting ACLs on a symlink path. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory linked to. CVE-2016-0771 Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba is vulnerable to an out-of-bounds read issue during DNS TXT record handling, if Samba is deployed as an AD DC and chosen to run the internal DNS server. A remote attacker can exploit this flaw to cause a denial of service (Samba crash), or potentially, to allow leakage of memory from the server in the form of a DNS TXT reply. Additionally this update includes a fix for a regression introduced due to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the share path is '/'. For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not affected by CVE-2016-0771. For the stable distribution (jessie), these problems have been fixed in version 2:4.1.17+dfsg-2+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 2:4.3.6+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 13, 2016 Share Posted March 13, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3515-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphite2 CVE ID : CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For the oldstable distribution (wheezy), these problems have been fixed in version 1.3.6-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 1.3.6-1~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.3.6-1. For the unstable distribution (sid), these problems have been fixed in version 1.3.6-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3516-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 13, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2015-8731 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 Multiple vulnerabilities were discovered in the dissectors/parsers for DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy18. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u5. For the testing distribution (stretch), these problems have been fixed in version 2.0.2+ga16e22e-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.2+ga16e22e-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 15, 2016 Share Posted March 15, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3517-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2016-1531 A local root privilege escalation vulnerability was found in Exim, Debian's default mail transfer agent, in configurations using the 'perl_startup' option (Only Exim via exim4-daemon-heavy enables Perl support). To address the vulnerability, updated Exim versions clean the complete execution environment by default, affecting Exim and subprocesses such as transports calling other programs, and thus may break existing installations. New configuration options (keep_environment, add_environment) were introduced to adjust this behavior. More information can be found in the upstream advisory at https://www.exim.org/static/doc/CVE-2016-1531.txt For the oldstable distribution (wheezy), this problem has been fixed in version 4.80-7+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 4.84.2-1. For the testing distribution (stretch), this problem has been fixed in version 4.86.2-1. For the unstable distribution (sid), this problem has been fixed in version 4.86.2-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 17, 2016 Share Posted March 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3518-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2016-3153 CVE-2016-3154 Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection. CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content. CVE-2016-3154 Gilles Vincent discovered that deserializing untrusted content could result in arbitrary objects injection. For the oldstable distribution (wheezy), these problems have been fixed in version 2.1.17-1+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 3.0.17-2+deb8u2. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 3.0.22-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 17, 2016 Share Posted March 17, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3519-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8550 CVE-2015-8555 CVE-2016-1570 CVE-2016-1571 CVE-2016-2270 CVE-2016-2271 Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution (wheezy) will be updated in a separate DSA. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted March 18, 2016 Share Posted March 18, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3520-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-1950 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 38.7.0-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.7.0-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.7.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 19, 2016 Share Posted March 19, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3521-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2016-2315 CVE-2016-2324 Debian Bug : 818318 Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 1:1.7.10.4-1+wheezy3. For the stable distribution (jessie), these problems have been fixed in version 1:2.1.4-2.1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 1:2.8.0~rc3-1. CVE-2016-2315 was already fixed in version 1:2.7.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 20, 2016 Share Posted March 20, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3522-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squid3 CVE ID : CVE-2016-2571 Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit). For the oldstable distribution (wheezy), this problem has been fixed in version 3.1.20-2.2+deb7u4. For the stable distribution (jessie), this problem has been fixed in version 3.4.8-6+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 3.5.15-1. For the unstable distribution (sid), this problem has been fixed in version 3.5.15-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3523-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : not available This update disables the Graphite font shaping library in Iceweasel, Debian's version of the Mozilla Firefox web browser. For the oldstable distribution (wheezy), this problem has been fixed in version 38.7.1esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 38.7.1esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 45.0.1esr-1 of the firefox-esr source package. Link to comment Share on other sites More sharing options...
sunrat Posted March 21, 2016 Share Posted March 21, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3524-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : activemq CVE ID : CVE-2015-5254 It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation. For additional information, please refer to the upstream advisory at http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt For the oldstable distribution (wheezy), this problem has been fixed in version 5.6.0+dfsg-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 5.6.0+dfsg1-4+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 5.13.2+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 5.13.2+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 23, 2016 Share Posted March 23, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3525-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pixman CVE ID : CVE-2014-9766 Vincent LE GARREC discovered an integer overflow in pixman, a pixel-manipulation library for X and cairo. A remote attacker can exploit this flaw to cause an application using the pixman library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (wheezy), this problem has been fixed in version 0.26.0-4+deb7u2. For the stable distribution (jessie), the testing distribution (stretch) and the unstable distribution (sid), this problem was already fixed in version 0.32.6-1. Link to comment Share on other sites More sharing options...
Recommended Posts