Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3699-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

October 25, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : virtualbox

 

Upstream support for the 4.3 release series has ended and since no

information is available which would allow backports of isolated

security fixes, security support for virtualbox in jessie needed to be

ended as well.

 

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3701-1 security@debian.org

https://www.debian.org/security/ Florian Weimer

October 25, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nginx

CVE ID : CVE-2016-1247

 

Dawid Golunski reported the nginx web server packages in Debian

suffered from a privilege escalation vulnerability (www-data to root)

due to the way log files are handled. This security update changes

ownership of the /var/log/nginx directory root. In addition,

/var/log/nginx has to be made accessible to local users, and local

users may be able to read the log files themselves local until the

next logrotate invocation.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.6.2-5+deb8u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3700-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

October 25, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : asterisk

CVE ID : CVE-2015-3008 CVE-2016-2232 CVE-2016-2316 CVE-2016-7551

 

Multiple vulnerabilities have been discovered in Asterisk, an open source

PBX and telephony toolkit, which may result in denial of service or

incorrect certificate validation.

 

For the stable distribution (jessie), these problems have been fixed in

version 1:11.13.1~dfsg-2+deb8u1.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3701-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

October 28, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nginx

Debian Bug : 842276

 

The update for nginx issued as DSA-3701-1 to address CVE-2016-1247

introduced a packaging issue, which prevents nginx from being

reinstalled or upgraded to a subsequent release. Updated packages are

now available to address this problem. For reference, the original

advisory text follows.

 

Dawid Golunski reported the nginx web server packages in Debian

suffered from a privilege escalation vulnerability (www-data to root)

due to the way log files are handled. This security update changes

ownership of the /var/log/nginx directory root. In addition,

/var/log/nginx has to be made accessible to local users, and local

users may be able to read the log files themselves local until the

next logrotate invocation.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.6.2-5+deb8u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3691-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

October 28, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ghostscript

Debian Bug : 840691

 

The update for ghostscript issued as DSA-3691-1 caused regressions for

certain Postscript document viewers (evince, zathura). Updated packages

are now available to address this problem. For reference, the original

advisory text follows.

 

Several vulnerabilities were discovered in Ghostscript, the GPL

PostScript/PDF interpreter, which may lead to the execution of arbitrary

code or information disclosure if a specially crafted Postscript file is

processed.

 

For the stable distribution (jessie), this problem has been fixed in

version 9.06~dfsg-2+deb8u4.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3702-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 01, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tar

CVE ID : CVE-2016-6321

Debian Bug : 842339

 

Harry Sintonen discovered that GNU tar does not properly handle member

names containing '..', thus allowing an attacker to bypass the path

names specified on the command line and replace files and directories in

the target directory.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.27.1-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.29b-1.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3703-1 security@debian.org

https://www.debian.org/security/ Florian Weimer

November 01, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bind9

CVE ID : CVE-2016-8864

Debian Bug : 842858

 

Tony Finch and Marco Davids reported an assertion failure in BIND, a

DNS server implementation, which causes the server process to

terminate. This denial-of-service vulnerability is related to a

defect in the processing of responses with DNAME records from

authoritative servers and primarily affects recursive resolvers.

 

For the stable distribution (jessie), this problem has been fixed in

version 1:9.9.5.dfsg-9+deb8u8.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3704-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 03, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : memcached

CVE ID : CVE-2016-8704 CVE-2016-8705 CVE-2016-8706

Debian Bug : 842811 842812 842814

 

Aleksandar Nikolic of Cisco Talos discovered several integer overflow

vulnerabilities in memcached, a high-performance memory object caching

system. A remote attacker can take advantage of these flaws to cause a

denial of service (daemon crash), or potentially to execute arbitrary

code.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.4.21-1.1+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3705-1 security@debian.org

https://www.debian.org/security/ Alessandro Ghedini

November 03, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618

CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622

CVE-2016-8623 CVE-2016-8624

 

Several vulnerabilities were discovered in cURL, an URL transfer library:

 

CVE-2016-8615

 

It was discovered that a malicious HTTP server could inject new

cookies for arbitrary domains into a cookie jar.

 

CVE-2016-8616

 

It was discovered that when re-using a connection, curl was doing case

insensitive comparisons of user name and password with the existing

connections.

 

CVE-2016-8617

 

It was discovered that on systems with 32-bit addresses in userspace

(e.g. x86, ARM, x32), the output buffer size value calculated in the

base64 encode function would wrap around if input size was at least

1GB of data, causing an undersized output buffer to be allocated.

 

CVE-2016-8618

 

It was discovered that the curl_maprintf() function could be tricked

into doing a double-free due to an unsafe size_t multiplication on

systems using 32 bit size_t variables.

 

CVE-2016-8619

 

It was discovered that that the Kerberos implementation could be

tricked into doing a double-free when reading one of the length fields

from a socket.

 

CVE-2016-8620

 

It was discovered that the curl tool's "globbing" feature could write

to invalid memory areas when parsing invalid ranges.

 

CVE-2016-8621

 

It was discovered that the function curl_getdate could read out of

bounds when parsing invalid date strings.

 

CVE-2016-8622

 

It was discovered that the URL percent-encoding decode function would

return a signed 32bit integer variable as length, even though it

allocated a destination buffer larger than 2GB, which would lead to

a out-of-bounds write.

 

CVE-2016-8623

 

It was discovered that libcurl could access an already-freed memory

area due to concurrent access to shared cookies. This could lead to

a denial of service or disclosure of sensitive information.

 

CVE-2016-8624

 

It was discovered that curl wouldn't parse the authority component of

a URL correctly when the host name part ends with a '#' character,

and could be tricked into connecting to a different host.

 

For the stable distribution (jessie), these problems have been fixed in

version 7.38.0-4+deb8u5.

 

For the unstable distribution (sid), these problems have been fixed in

version 7.51.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3706-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 07, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.5

CVE ID : CVE-2016-5584 CVE-2016-7440

Debian Bug : 841050

 

Several issues have been discovered in the MySQL database server. The

vulnerabilities are addressed by upgrading MySQL to the new upstream

version 5.5.53, which includes additional changes, such as performance

improvements, bug fixes, new features, and possibly incompatible

changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical

Patch Update advisory for further details:

 

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

 

For the stable distribution (jessie), these problems have been fixed in

version 5.5.53-0+deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3707-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 07, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582

CVE-2016-5597

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in breakouts

of the Java sandbox or denial of service.

 

For the stable distribution (jessie), this problem has been fixed in

version 7u111-2.6.7-2~deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3708-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 07, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mat

CVE ID : not yet available

Debian Bug : 826101

 

Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove

metadata from files did not remove metadata from images embededed in PDF

documents.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.5.2-3+deb8u1. This update disables PDF support in MAT

entirely.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3709-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 08, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxslt

CVE ID : CVE-2016-4738

Debian Bug : 842570

 

Nick Wellnhofer discovered that the xsltFormatNumberConversion function

in libxslt, an XSLT processing runtime library, does not properly check

for a zero byte terminating the pattern string. This flaw can be

exploited to leak a couple of bytes after the buffer that holds the

pattern string.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.1.28-2+deb8u2.

 

For the testing distribution (stretch), this problem has been fixed

in version 1.1.29-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.1.29-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3710-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 10, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pillow

CVE ID : CVE-2016-9189 CVE-2016-9190

 

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python

imaging library, which may result in the execution of arbitrary code or

information disclosure if a malformed image file is processed.

 

For the stable distribution (jessie), these problems have been fixed in

version 2.6.1-2+deb8u3.

 

For the testing distribution (stretch), these problems have been fixed

in version 3.4.2-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.4.2-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3711-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 11, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mariadb-10.0

CVE ID : CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624

CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440

CVE-2016-8283

 

Several issues have been discovered in the MariaDB database server. The

vulnerabilities are addressed by upgrading MariaDB to the new upstream

version 10.0.28. Please see the MariaDB 10.0 Release Notes for further

details:

 

https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

 

For the stable distribution (jessie), these problems have been fixed in

version 10.0.28-0+deb8u1.

 

For the testing distribution (stretch), these problems have been fixed

in version 10.0.28-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 10.0.28-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3712-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 13, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : terminology

CVE ID : CVE-2015-8971

 

Nicolas Braud-Santoni discovered that incorrect sanitising of character

escape sequences in the Terminology terminal emulator may result in the

execution of arbitrary commands.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.7.0-1+deb8u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3713-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 15, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gst-plugins-bad0.10

CVE ID : not yet available

 

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES

Sound Format files allowed the execution of arbitrary code. Further

details can be found in his advisory at

http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

 

For the stable distribution (jessie), this problem has been fixed in

version 0.10.23-7.4+deb8u1.

 

The unstable distribution (sid) no longer contains Gstreamer 0.10.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3715-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 15, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : moin

CVE ID : CVE-2016-7146 CVE-2016-7148 CVE-2016-9119

Debian Bug : 844338 844340 844341

 

Several cross-site scripting vulnerabilities were discovered in moin, a

Python clone of WikiWiki. A remote attacker can conduct cross-site

scripting attacks via the GUI editor's attachment dialogue

(CVE-2016-7146), the AttachFile view (CVE-2016-7148) and the GUI

editor's link dialogue (CVE-2016-9119).

 

For the stable distribution (jessie), these problems have been fixed in

version 1.9.8-1+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3714-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 15, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : akonadi

Debian Bug : 843534

 

In some configurations the MySQL storage backend for Akonadi, an

extensible cross-desktop Personal Information Management (PIM) storage

service failed to start after applying the MySQL 5.5.53 security upgrade.

 

This update extends the /etc/akonadi/mysql-global.conf configuration

file to restore compatibility (version 1.13.0-2+deb8u2).

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3716-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 16, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297

CVE-2016-9064 CVE-2016-9066 CVE-2016-9074

 

Multiple security issues have been found in the Mozilla Firefox web

browser: Multiple memory safety errors, buffer overflows and other

implementation errors may lead to the execution of arbitrary code or

bypass of the same-origin policy. Also, a man-in-the-middle attack in

the addon update mechanism has been fixed.

 

For the stable distribution (jessie), these problems have been fixed in

version 45.5.0esr-1~deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 45.5.0esr-1 and version 50.0-1 of the firefox source package.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3717-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 17, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gst-plugins-bad1.0 / gst-plugins-bad0.10

CVE ID : not yet available

 

Chris Evans discovered that the GStreamer plugin to decode VMware screen

capture files allowed the execution of arbitrary code.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.4.4-2.1+deb8u1 of gst-plugins-bad1.0 and version

0.10.23-7.4+deb8u2 of gst-plugins-bad0.10.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.10.1-1 of gst-plugins-bad1.0.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3718-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 17, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : not yet available

 

Multiple vulnerabilities has been found in the Drupal content management

framework. For additional information, please refer to the upstream a

dvisory at https://www.drupal.org/SA-CORE-2016-005

 

For the stable distribution (jessie), this problem has been fixed in

version 7.32-1+deb8u8.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.52-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3719-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

November 21, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376

 

It was discovered that wireshark, a network protocol analyzer,

contained several vulnerabilities in the dissectors for DCERPC,

AllJoyn, DTN, and OpenFlow, that could lead to various crashes,

denial-of-service, or execution of arbitrary code.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.12.1+g01b65bf-4+deb8u10.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.2.2+g9c5aae3-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3720-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 21, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat8

CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796

CVE-2016-6797

Debian Bug : 840685

 

Multiple security vulnerabilities have been discovered in the Tomcat

servlet and JSP engine, which may result in possible timing attacks to

determine valid user names, bypass of the SecurityManager, disclosure of

system properties, unrestricted access to global resources, arbitrary

file overwrites, and potentially escalation of privileges.

 

For the stable distribution (jessie), these problems have been fixed in

version 8.0.14-1+deb8u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3721-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 21, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat7

CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796

CVE-2016-6797

Debian Bug : 841655 842662 842663 842664 842665 842666

 

Multiple security vulnerabilities have been discovered in the Tomcat

servlet and JSP engine, which may result in possible timing attacks to

determine valid user names, bypass of the SecurityManager, disclosure of

system properties, unrestricted access to global resources, arbitrary

file overwrites, and potentially escalation of privileges.

 

For the stable distribution (jessie), these problems have been fixed in

version 7.0.56-3+deb8u5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3722-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 22, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vim

CVE ID : CVE-2016-1248

 

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi

editor, does not properly validate values for the the 'filetype',

'syntax' and 'keymap' options, which may result in the execution of

arbitrary code if a file with a specially crafted modeline is opened.

 

For the stable distribution (jessie), this problem has been fixed in

version 2:7.4.488-7+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3723-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 24, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gst-plugins-good1.0

CVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636

Debian Bug : 845375

 

Chris Evans discovered that the GStreamer 1.0 plugin used to decode

files in the FLIC format allowed execution of arbitrary code. Further

details can be found in his advisory at

https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

 

For the stable distribution (jessie), these problems have been fixed in

version 1.4.4-2+deb8u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.10.1-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3724-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

November 24, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gst-plugins-good0.10

CVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636

 

Chris Evans discovered that the GStreamer 0.10 plugin used to decode

files in the FLIC format allowed execution of arbitrary code. Further

details can be found in his advisory at

https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

 

This update removes the insecure FLIC file format plugin.

 

For the stable distribution (jessie), these problems have been fixed in

version 0.10.31-3+nmu4+deb8u2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3726-1 security@debian.org

https://www.debian.org/security/ Luciano Bello

November 26, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : imagemagick

CVE ID : CVE-2016-7799 CVE-2016-7906 CVE-2016-8677

Debian Bug : #840437 #845195 #845196 #845198 #845202 #845206 #845212

#845213 #845242 #845243 #845244 #845246 #840435

 

Several issues have been discovered in ImageMagick, a popular set of

programs and libraries for image manipulation. These issues include

several problems in memory handling that can result in a denial of

service attack or in execution of arbitrary code by an attacker with

control on the image input.

 

 

For the stable distribution (jessie), these problems have been fixed in

version 8:6.8.9.9-5+deb8u6.

 

For the unstable distribution (sid), these problems have been fixed in

version 8:6.9.6.5+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3725-1 security@debian.org

https://www.debian.org/security/ Luciano Bello

November 27, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icu

CVE ID : CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-0494

CVE-2016-6293 CVE-2016-7415

Debian Bug : 838694

 

Several vulnerabilities were discovered in the International Components

for Unicode (ICU) library.

 

CVE-2014-9911

 

Michele Spagnuolo discovered a buffer overflow vulnerability which

might allow remote attackers to cause a denial of service or possibly

execute arbitrary code via crafted text.

 

CVE-2015-2632

 

An integer overflow vulnerability might lead into a denial of service

or disclosure of portion of application memory if an attacker has

control on the input file.

 

CVE-2015-4844

 

Buffer overflow vulnerabilities might allow an attacker with control

on the font file to perform a denial of service attacker or,

possibly, execute arbitrary code.

 

CVE-2016-0494

 

Integer signedness issues were introduced as part of the

CVE-2015-4844 fix.

 

CVE-2016-6293

 

A buffer overflow might allow an attacker to perform a denial of

service or disclosure of portion of application memory.

 

CVE-2016-7415

 

A stack-based buffer overflow might allow an attacker with control on

the locale string to perform a denial of service and, possibly,

execute arbitrary code.

 

For the stable distribution (jessie), these problems have been fixed in

version 52.1-8+deb8u4.

 

For the unstable distribution (sid), these problems have been fixed in

version 57.1-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3727-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

November 30, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : hdf5

CVE ID : CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333

Debian Bug : 845301

 

Cisco Talos discovered that hdf5, a file format and library for

storing scientific data, contained several vulnerabilities that could

lead to arbitrary code execution when handling untrusted data.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.8.13+docs-15+deb8u1.

 

For the testing distribution (stretch) and unstable distribution

(sid), these problems have been fixed in version 1.10.0-patch1+docs-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3728-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 01, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2016-9079

 

A use-after-free vulnerability in the SVG Animation was discovered in

the Mozilla Firefox web browser, allowing a remote attacker to cause a

denial of service (application crash) or execute arbitrary code, if a

user is tricked into opening a specially crafted website.

 

For the stable distribution (jessie), this problem has been fixed in

version 45.5.1esr-1~deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3729-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 07, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2016-7777 CVE-2016-9379 CVE-2016-9380 CVE-2016-9382

CVE-2016-9383 CVE-2016-9385 CVE-2016-9386

Debian Bug : 845663 845664 845665 845668 845670

 

Multiple vulnerabilities have been discovered in the Xen hypervisor. The

Common Vulnerabilities and Exposures project identifies the following

problems:

 

CVE-2016-7777 (XSA-190)

 

Jan Beulich from SUSE discovered that Xen does not properly honor

CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest

users to read or modify FPU, MMX, or XMM register state information

belonging to arbitrary tasks on the guest by modifying an

instruction while the hypervisor is preparing to emulate it.

 

CVE-2016-9379, CVE-2016-9380 (XSA-198)

 

Daniel Richman and Gabor Szarka of the Cambridge University

Student-Run Computing Facility discovered that pygrub, the boot

loader emulator, fails to quote (or sanity check) its results when

reporting them to its caller. A malicious guest administrator can

take advantage of this flaw to cause an information leak or denial

of service.

 

CVE-2016-9382 (XSA-192)

 

Jan Beulich of SUSE discovered that Xen does not properly handle x86

task switches to VM86 mode. A unprivileged guest process can take

advantage of this flaw to crash the guest or, escalate its

privileges to that of the guest operating system.

 

CVE-2016-9383 (XSA-195)

 

George Dunlap of Citrix discovered that the Xen x86 64-bit bit test

instruction emulation is broken. A malicious guest can take

advantage of this flaw to modify arbitrary memory, allowing for

arbitrary code execution, denial of service (host crash), or

information leaks.

 

CVE-2016-9385 (XSA-193)

 

Andrew Cooper of Citrix discovered that Xen's x86 segment base write

emulation lacks canonical address checks. A malicious guest

administrator can take advantage of this flaw to crash the host,

leading to a denial of service.

 

CVE-2016-9386 (XSA-191)

 

Andrew Cooper of Citrix discovered that x86 null segments are not

always treated as unusable. An unprivileged guest user program

may be able to elevate its privilege to that of the guest

operating system.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.4.1-9+deb8u8.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3730-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 11, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297

CVE-2016-9066 CVE-2016-9074 CVE-2016-9079

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail client: Multiple memory safety errors,

same-origin policy bypass issues, integer overflows, buffer overflows

and use-after-frees may lead to the execution of arbitrary code or

denial of service.

 

For the stable distribution (jessie), these problems have been fixed in

version 1:45.5.1-1~deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:45.5.1-1 or earlier.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3731-1 security@debian.org

https://www.debian.org/security/ Michael Gilbert

December 11, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184

CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188

CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192

CVE-2016-5193 CVE-2016-5194 CVE-2016-5198 CVE-2016-5199

CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203

CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207

CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211

CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215

CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219

CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223

CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650

CVE-2016-9651 CVE-2016-9652

 

Several vulnerabilities have been discovered in the chromium web browser.

 

CVE-2016-5181

 

A cross-site scripting issue was discovered.

 

CVE-2016-5182

 

Giwan Go discovered a heap overflow issue.

 

CVE-2016-5183

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2016-5184

 

Another use-after-free issue was discovered in the pdfium library.

 

CVE-2016-5185

 

cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

 

CVE-2016-5186

 

Abdulrahman Alqabandi discovered an out-of-bounds read issue in the

developer tools.

 

CVE-2016-5187

 

Luan Herrera discovered a URL spoofing issue.

 

CVE-2016-5188

 

Luan Herrera discovered that some drop down menus can be used to

hide parts of the user interface.

 

CVE-2016-5189

 

xisigr discovered a URL spoofing issue.

 

CVE-2016-5190

 

Atte Kettunen discovered a use-after-free issue.

 

CVE-2016-5191

 

Gareth Hughes discovered a cross-site scripting issue.

 

CVE-2016-5192

 

haojunhou@gmail.com discovered a same-origin bypass.

 

CVE-2016-5193

 

Yuyang Zhou discovered a way to pop open a new window.

 

CVE-2016-5194

 

The chrome development team found and fixed various issues during

internal auditing.

 

CVE-2016-5198

 

Tencent Keen Security Lab discovered an out-of-bounds memory access

issue in the v8 javascript library.

 

CVE-2016-5199

 

A heap corruption issue was discovered in the ffmpeg library.

 

CVE-2016-5200

 

Choongwoo Han discovered an out-of-bounds memory access issue in

the v8 javascript library.

 

CVE-2016-5201

 

Rob Wu discovered an information leak.

 

CVE-2016-5202

 

The chrome development team found and fixed various issues during

internal auditing.

 

CVE-2016-5203

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2016-5204

 

Mariusz Mlynski discovered a cross-site scripting issue in SVG

image handling.

 

CVE-2016-5205

 

A cross-site scripting issue was discovered.

 

CVE-2016-5206

 

Rob Wu discovered a same-origin bypass in the pdfium library.

 

CVE-2016-5207

 

Mariusz Mlynski discovered a cross-site scripting issue.

 

CVE-2016-5208

 

Mariusz Mlynski discovered another cross-site scripting issue.

 

CVE-2016-5209

 

Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.

 

CVE-2016-5210

 

Ke Liu discovered an out-of-bounds write in the pdfium library.

 

CVE-2016-5211

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2016-5212

 

Khalil Zhani discovered an information disclosure issue in the

developer tools.

 

CVE-2016-5213

 

Khalil Zhani discovered a use-after-free issue in the v8 javascript

library.

 

CVE-2016-5214

 

Jonathan Birch discovered a file download protection bypass.

 

CVE-2016-5215

 

Looben Yang discovered a use-after-free issue.

 

CVE-2016-5216

 

A use-after-free issue was discovered in the pdfium library.

 

CVE-2016-5217

 

Rob Wu discovered a condition where data was not validated by

the pdfium library.

 

CVE-2016-5218

 

Abdulrahman Alqabandi discovered a URL spoofing issue.

 

CVE-2016-5219

 

Rob Wu discovered a use-after-free issue in the v8 javascript

library.

 

CVE-2016-5220

 

Rob Wu discovered a way to access files on the local system.

 

CVE-2016-5221

 

Tim Becker discovered an integer overflow issue in the angle

library.

 

CVE-2016-5222

 

xisigr discovered a URL spoofing issue.

 

CVE-2016-5223

 

Hwiwon Lee discovered an integer overflow issue in the pdfium

library.

 

CVE-2016-5224

 

Roeland Krak discovered a same-origin bypass in SVG image handling.

 

CVE-2016-5225

 

Scott Helme discovered a Content Security Protection bypass.

 

CVE-2016-5226

 

Jun Kokatsu discovered a cross-scripting issue.

 

CVE-2016-9650

 

Jakub Żoczek discovered a Content Security Protection information

disclosure.

 

CVE-2016-9651

 

Guang Gong discovered a way to access private data in the v8

javascript library.

 

CVE-2016-9652

 

The chrome development team found and fixed various issues during

internal auditing.

 

For the stable distribution (jessie), these problems have been fixed in

version 55.0.2883.75-1~deb8u1.

 

For the testing distribution (stretch), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 55.0.2883.75-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3732-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 13, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2016-9138 CVE-2016-9933 CVE-2016-9934

 

Several vulnerabilities were found in PHP, a general-purpose scripting

language commonly used for web application development.

 

The vulnerabilities are addressed by upgrading PHP to the new upstream

version 5.6.28, which includes additional bug fixes. Please refer to

the upstream changelog for more information:

 

https://secure.php.net/ChangeLog-5.php#5.6.28

 

For the stable distribution (jessie), these problems have been fixed in

version 5.6.28+dfsg-0+deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3733-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 13, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apt

CVE ID : CVE-2016-1252

 

Jann Horn of Google Project Zero discovered that APT, the high level

package manager, does not properly handle errors when validating

signatures on InRelease files. An attacker able to man-in-the-middle

HTTP requests to an apt repository that uses InRelease files

(clearsigned Release files), can take advantage of this flaw to

circumvent the signature of the InRelease file, leading to arbitrary

code execution.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.0.9.8.4.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4~beta2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3734-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

December 14, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898

CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902

CVE-2016-9904 CVE-2016-9905

 

Multiple security issues have been found in the Mozilla Firefox web

browser: Multiple memory safety errors, buffer overflows and other

implementation errors may lead to the execution of arbitrary code or

information leaks.

 

For the stable distribution (jessie), these problems have been fixed in

version 45.6.0esr-1~deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 45.6.0esr-1 of firefox-esr and version 50.1.0-1 of firefox.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3735-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

December 15, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : game-music-emu

CVE ID : not yet available

 

Chris Evans discovered that incorrect emulation of the SPC700 audio

co-processor of the Super Nintendo Entertainment System allows the

execution of arbitrary code if a malformed SPC music file is opened.

Further information can be found at

http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

 

For the stable distribution (jessie), this problem has been fixed in

version 0.5.5-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.6.0-4.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3736-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 16, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libupnp

CVE ID : CVE-2016-6255 CVE-2016-8863

Debian Bug : 831857 842093

 

Two vulnerabilities were discovered in libupnp, a portable SDK for

UPnP devices.

 

CVE-2016-6255

 

Matthew Garret discovered that libupnp by default allows any user to

write to the filesystem of the host running a libupnp-based server

application.

 

CVE-2016-8863

 

Scott Tenaglia discovered a heap buffer overflow vulnerability, that

can lead to denial of service or remote code execution.

 

For the stable distribution (jessie), these problems have been fixed in

version 1:1.6.19+git20141001-1+deb8u1.

 

For the testing (stretch) and unstable (sid) distributions, these

problems have been fixed in version 1:1.6.19+git20160116-1.2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3737-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 16, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2016-9935

 

Several vulnerabilities were found in PHP, a general-purpose scripting

language commonly used for web application development.

 

The vulnerabilities are addressed by upgrading PHP to the new upstream

version 5.6.29, which includes additional bug fixes. Please refer to the

upstream changelog for more information:

 

https://php.net/ChangeLog-5.php#5.6.29

 

For the stable distribution (jessie), this problem has been fixed in

version 5.6.29+dfsg-0+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3738-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 18, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat7

CVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775

Debian Bug : 802312 845385 845393

 

Multiple security vulnerabilities were discovered in the Tomcat

servlet and JSP engine, as well as in its Debian-specific maintainer

scripts. Those flaws allowed for privilege escalation, information

disclosure, and remote code execution.

 

As part of this update, several regressions stemming from incomplete

fixes for previous vulnerabilities were also fixed.

 

For the stable distribution (jessie), these problems have been fixed in

version 7.0.56-3+deb8u6.

 

For the testing (stretch) and unstable (sid) distributions, these

problems have been fixed in version 7.0.72-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3739-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 18, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat8

CVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775

Debian Bug : 802312 845385 845393

 

Multiple security vulnerabilities were discovered in the Tomcat

servlet and JSP engine, as well as in its Debian-specific maintainer

scripts. Those flaws allowed for privilege escalation, information

disclosure, and remote code execution.

 

As part of this update, several regressions stemming from incomplete

fixes for previous vulnerabilities were also fixed.

 

For the stable distribution (jessie), these problems have been fixed in

version 8.0.14-1+deb8u5.

 

For the testing (stretch) and unstable (sid) distributions, these

problems have been fixed in version 8.5.8-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3741-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 20, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

CVE ID : CVE-2016-1254

Debian Bug : 848847

 

It was discovered that Tor, a connection-based low-latency anonymous

communication system, may read one byte past a buffer when parsing

hidden service descriptors. This issue may enable a hostile hidden

service to crash Tor clients depending on hardening options and malloc

implementation.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.2.5.12-4.

 

For the testing (stretch) and unstable (sid) distributions, this

problem has been fixed in version 0.2.9.8-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3742-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

December 20, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : flightgear

CVE ID : CVE-2016-9956

 

It was discovered that the Flight Gear flight simulator performs

insufficient sanitising of Nasal scripts which allows a malicious script

to overwrite arbitrary files with the privileges of the user running

Flight Gear.

 

For the stable distribution (jessie), this problem has been fixed in

version 3.0.0-5+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2016.4.3+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3743-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 20, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-bottle

CVE ID : CVE-2016-9964

Debian Bug : 848392

 

It was discovered that bottle, a WSGI-framework for the Python

programming language, did not properly filter "\r\n" sequences when

handling redirections. This allowed an attacker to perform CRLF

attacks such as HTTP header injection.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.12.7-1+deb8u1.

 

For the testing (stretch) and unstable (sid) distributions, this

problem has been fixed in version 0.12.11-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3732-2 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 21, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php-ssh2

Debian Bug : 848632

 

The update for php5 issued as DSA-3732-1 caused segfaults in

php-ssh2. Updated packages are now available to correct this issue.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.12-3+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3744-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 23, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

CVE ID : CVE-2016-4658 CVE-2016-5131

Debian Bug : 840553 840554

 

Several vulnerabilities were discovered in libxml2, a library providing

support to read, modify and write XML and HTML files. A remote attacker

could provide a specially crafted XML or HTML file that, when processed

by an application using libxml2, would cause a denial-of-service against

the application, or potentially, the execution of arbitrary code with

the privileges of the user running the application.

 

For the stable distribution (jessie), these problems have been fixed in

version 2.9.1+dfsg1-5+deb8u4.

 

For the testing distribution (stretch), these problems have been fixed

in version 2.9.4+dfsg1-2.1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.9.4+dfsg1-2.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3745-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 24, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squid3

CVE ID : CVE-2016-10002

Debian Bug : 848493

 

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board

discovered that Squid3, a fully featured web proxy cache, does not

properly process responses to If-None-Modified HTTP conditional

requests, leading to client-specific Cookie data being leaked to other

clients. A remote attacker can take advantage of this flaw to discover

private and sensitive information about another clients browsing

session.

 

For the stable distribution (jessie), this problem has been fixed in

version 3.4.8-6+deb8u4. In addition, this update includes a fix for

#819563.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.5.23-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3746-1 security@debian.org

https://www.debian.org/security/ Luciano Bello

December 24, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : graphicsmagick

CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714

CVE-2016-3715 CVE-2016-5118 CVE-2016-5240 CVE-2016-7800

CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683

CVE-2016-8684 CVE-2016-9830

Debian Bug : 814732 825800 847055

 

Several vulnerabilities have been discovered in GraphicsMagick, a

collection of image processing tool, which can cause denial of service

attacks, remote file deletion, and remote command execution.

 

This security update removes the full support of PLT/Gnuplot decoder to

prevent Gnuplot-shell based shell exploits for fixing the CVE-2016-3714

vulnerability.

 

The undocumented "TMP" magick prefix no longer removes the argument file

after it has been read for fixing the CVE-2016-3715 vulnerability. Since

the "TMP" feature was originally implemented, GraphicsMagick added a

temporary file management subsystem which assures that temporary files

are removed so this feature is not needed.

 

Remove support for reading input from a shell command, or writing output

to a shell command, by prefixing the specified filename (containing the

command) with a '|' for fixing the CVE-2016-5118 vulnerability.

 

CVE-2015-8808

 

Gustavo Grieco discovered an out of bound read in the parsing of GIF

files which may cause denial of service.

 

CVE-2016-2317

 

Gustavo Grieco discovered a stack buffer overflow and two heap buffer

overflows while processing SVG images which may cause denial of service.

 

CVE-2016-2318

 

Gustavo Grieco discovered several segmentation faults while processing

SVG images which may cause denial of service.

 

CVE-2016-5240

 

Gustavo Grieco discovered an endless loop problem caused by negative

stroke-dasharray arguments while parsing SVG files which may cause

denial of service.

 

CVE-2016-7800

 

Marco Grassi discovered an unsigned underflow leading to heap overflow

when parsing 8BIM chunk often attached to JPG files which may cause

denial of service.

 

CVE-2016-7996

 

Moshe Kaplan discovered that there is no check that the provided

colormap is not larger than 256 entries in the WPG reader which may

cause denial of service.

 

CVE-2016-7997

 

Moshe Kaplan discovered that an assertion is thrown for some files in

the WPG reader due to a logic error which may cause denial of service.

 

CVE-2016-8682

 

Agostino Sarubbo of Gentoo discovered a stack buffer read overflow

while reading the SCT header which may cause denial of service.

 

CVE-2016-8683

 

Agostino Sarubbo of Gentoo discovered a memory allocation failure in the

PCX coder which may cause denial of service.

 

CVE-2016-8684

 

Agostino Sarubbo of Gentoo discovered a memory allocation failure in the

SGI coder which may cause denial of service.

 

CVE-2016-9830

 

Agostino Sarubbo of Gentoo discovered a memory allocation failure in

MagickRealloc() function which may cause denial of service.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.3.20-3+deb8u2.

 

For the testing distribution (stretch), these problems (with the

exception of CVE-2016-9830) have been fixed in version 1.3.25-5.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.3.25-6.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3747-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 25, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : exim4

CVE ID : CVE-2016-9963

 

Bjoern Jacke discovered that Exim, Debian's default mail transfer agent,

may leak the private DKIM signing key to the log files if specific

configuration options are met.

 

For the stable distribution (jessie), this problem has been fixed in

version 4.84.2-2+deb8u2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3748-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 26, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libcrypto++

CVE ID : CVE-2016-9939

Debian Bug : 848009

 

Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a C++

cryptographic library, contained a bug in several ASN.1 parsing

routines. This would allow an attacker to remotely cause a denial of

service.

 

For the stable distribution (jessie), this problem has been fixed in

version 5.6.1-6+deb8u3.

 

For the testing (stretch) and unstable (sid) distributions, this

problem has been fixed in version 5.6.4-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3749-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

December 29, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dcmtk

CVE ID : CVE-2015-8979

Debian Bug : 848830

 

Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection

of libraries implementing the DICOM standard, did not properly handle

the size of data received the network. This could lead to

denial-of-service (via application crash) or arbitrary code execution.

 

For the stable distribution (jessie), this problem has been fixed in

version 3.6.0-15+deb8u1.

 

For the testing (stretch) and unstable (sid) distributions, this

problem has been fixed in version 3.6.1~20160216-2.

Link to comment
Share on other sites

×
×
  • Create New...