sunrat Posted December 31, 2016 Share Posted December 31, 2016 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3750-1 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst December 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-phpmailer CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch proposed for CVE-2016-10033. Because the origial patch was not applied in Debian, Debian was not vulnerable to CVE-2016-10045. For the stable distribution (jessie), this problem has been fixed in version 5.2.9+dfsg-2+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 5.2.14+dfsg-2.1. Link to comment Share on other sites More sharing options...
sunrat Posted January 3, 2017 Share Posted January 3, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2016-9933 Debian Bug : 849038 A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u8. For the testing distribution (stretch), this problem has been fixed in version 2.2.2-29-g3c2b605-1. For the unstable distribution (sid), this problem has been fixed in version 2.2.2-29-g3c2b605-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 5, 2017 Share Posted January 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3750-2 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst January 3, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-phpmailer CVE ID : CVE-2016-10033 Debian Bug : 849365 A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem. The original advisory text follows for referecen. Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch proposed for CVE-2016-10033. Because the origial patch was not applied in Debian, Debian was not vulnerable to CVE-2016-10045. For the stable distribution (jessie), this problem has been fixed in version 5.2.9+dfsg-2+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 5.2.14+dfsg-2.2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3752-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pcsc-lite CVE ID : CVE-2016-10109 Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation. For the stable distribution (jessie), this problem has been fixed in version 1.8.13-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.8.20-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 5, 2017 Share Posted January 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3753-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvncserver CVE ID : CVE-2016-9941 CVE-2016-9942 Debian Bug : 850007 850008 It was discovered that libvncserver, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially execute arbitrary code on the client side. For the stable distribution (jessie), these problems have been fixed in version 0.9.9+dfsg2-6.1+deb8u2. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 0.9.11+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 8, 2017 Share Posted January 8, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3754-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2016-8745 It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3755-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2016-8745 It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u6. For the testing distribution (stretch), this problem has been fixed in version 8.5.9-1. For the unstable distribution (sid), this problem has been fixed in version 8.5.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 9, 2017 Share Posted January 9, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3756-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icoutils CVE ID : CVE-2017-5208 Choongwoo Han discovered that a programming error in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed. For the stable distribution (jessie), this problem has been fixed in version 0.31.0-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 0.31.0-4. Link to comment Share on other sites More sharing options...
sunrat Posted January 11, 2017 Share Posted January 11, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3757-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. For the stable distribution (jessie), these problems have been fixed in version 1:45.6.0-1~deb8u1. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3758-1 security@debian.org https://www.debian.org/security/ Florian Weimer January 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Debian Bug : 851062 851063 851065 Several denial-of-service vulnerabilities (assertion failures) were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure. CVE-2016-9444 Specially-crafted upstream responses with a DS record could cause an assertion failure. These vulnerabilities predominantly affect DNS servers providing recursive service. Client queries to authoritative-only servers cannot trigger these assertion failures. These vulnerabilities are present whether or not DNSSEC validation is enabled in the server configuration. For the stable distribution (jessie), these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u9. Link to comment Share on other sites More sharing options...
sunrat Posted January 13, 2017 Share Posted January 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-pysaml2 CVE ID : CVE-2016-10127 Debian Bug : 850716 Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. For the stable distribution (jessie), this problem has been fixed in version 2.0.0-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 3.0.0-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3760-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ikiwiki CVE ID : CVE-2016-9646 CVE-2016-10026 CVE-2017-0356 Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vulnerabilities can be found at https://ikiwiki.info/security/ For the stable distribution (jessie), these problems have been fixed in version 3.20141016.4. For the unstable distribution (sid), these problems have been fixed in version 3.20170111. Link to comment Share on other sites More sharing options...
sunrat Posted January 14, 2017 Share Posted January 14, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3761-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rabbitmq-server CVE ID : CVE-2016-9877 Debian Bug : 849849 It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn't correctly validate MQTT (MQ Telemetry Transport) connection authentication. This allowed anyone to login to an existing user account without having to provide a password. For the stable distribution (jessie), this problem has been fixed in version 3.3.5-1.1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 3.6.6-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3762-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts. If you use those tools in custom setups, consider using a different conversion/thumbnailing tool. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 4.0.7-4. For the unstable distribution (sid), these problems have been fixed in version 4.0.7-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3763-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns-recursor CVE ID : CVE-2016-7068 Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. For the stable distribution (jessie), this problem has been fixed in version 3.6.2-2+deb8u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3764-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns CVE ID : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. CVE-2016-7068 Florian Heinz and Martin Kluge reported that pdns parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. CVE-2016-7072 Mongo discovered that the webserver in pdns is susceptible to a denial-of-service vulnerability. A remote, unauthenticated attacker to cause a denial of service by opening a large number of f TCP connections to the web server. CVE-2016-7073 / CVE-2016-7074 Mongo discovered that pdns does not sufficiently validate TSIG signatures, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR. For the stable distribution (jessie), these problems have been fixed in version 3.4.1-4+deb8u7. For the unstable distribution (sid), these problems have been fixed in version 4.0.2-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 15, 2017 Share Posted January 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3765-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icoutils CVE ID : CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 Several programming errors in the wrestool tool of icoutils, a suite of tools to create and extract MS Windows icons and cursors, allow denial of service or the execution of arbitrary code if a malformed binary is parsed. For the stable distribution (jessie), these problems have been fixed in version 0.31.0-2+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 0.31.1-1. For the unstable distribution (sid), these problems have been fixed in version 0.31.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 15, 2017 Share Posted January 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3743-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bottle Debian Bug : 850176 The update for python-bottle issued as DSA-3743-1 would cause a crash if a unicode string was used as a header. Updated packages are now available to correct this issue. For the stable distribution (jessie), this problem has been fixed in version 0.12.7-1+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted January 20, 2017 Share Posted January 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3766-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mapserver CVE ID : CVE-2017-5522 It was discovered that mapserver, a CGI-based framework for Internet map services, was vulnerable to a stack-based overflow. This issue allowed a remote user to crash the service, or potentially execute arbitrary code. For the stable distribution (jessie), this problem has been fixed in version 6.4.1-5+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 7.0.4-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3767-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 Debian Bug : 851233 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.54, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html For the stable distribution (jessie), these problems have been fixed in version 5.5.54-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 20, 2017 Share Posted January 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3768-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjpeg2 CVE ID : CVE-2016-5159 CVE-2016-8332 CVE-2016-9572 CVE-2016-9573 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. For the stable distribution (jessie), these problems have been fixed in version 2.1.0-2+deb8u2. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted January 23, 2017 Share Posted January 23, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-swiftmailer CVE ID : CVE-2016-10074 Debian Bug : 849626 Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. For the stable distribution (jessie), this problem has been fixed in version 5.2.2-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 5.4.2-1.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3770-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 Debian Bug : 842895 851755 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/ For the stable distribution (jessie), these problems have been fixed in version 10.0.29-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 27, 2017 Share Posted January 27, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3771-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. For the stable distribution (jessie), these problems have been fixed in version 45.7.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxpm CVE ID : CVE-2016-10164 Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application. For the stable distribution (jessie), this problem has been fixed in version 1:3.5.12-0+deb8u1. This update is based on a new upstream version of libxpm including additional bug fixes. For the testing distribution (stretch) and the unstable distribution (sid), this problem has been fixed in version 1:3.5.12-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 27, 2017 Share Posted January 27, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u6. For the unstable distribution (sid), these problems have been fixed in version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 of the openssl1.0 source package. Link to comment Share on other sites More sharing options...
sunrat Posted January 29, 2017 Share Posted January 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3774-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lcms2 CVE ID : CVE-2016-10165 Debian Bug : 852627 Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in lcms2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applications using the lcms2 library. For the stable distribution (jessie), this problem has been fixed in version 2.6-3+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), this problem has been fixed in version 2.8-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3775-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tcpdump CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Multiple vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or the execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 4.9.0-1~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 4.9.0-1. For the unstable distribution (sid), these problems have been fixed in version 4.9.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 31, 2017 Share Posted January 31, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3776-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 31, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue. CVE-2017-5009 Sean Stanek and Chip Bradford discovered an out-of-bounds memory issue in the webrtc library. CVE-2017-5010 Mariusz Mlynski discovered a fourth cross-site scripting issue. CVE-2017-5011 Khalil Zhani discovered a way to access unauthorized files in the developer tools. CVE-2017-5012 Gergely Nagy discovered a heap overflow issue in the v8 javascript library. CVE-2017-5013 Haosheng Wang discovered a URL spoofing issue. CVE-2017-5014 sweetchip discovered a heap overflow issue in the skia library. CVE-2017-5015 Armin Razmdjou discovered a URL spoofing issue. CVE-2017-5016 Haosheng Wang discovered another URL spoofing issue. CVE-2017-5017 danberm discovered an uninitialized memory issue in support for webm video files. CVE-2017-5018 Rob Wu discovered a cross-site scripting issue. CVE-2017-5019 Wadih Matar discovered a use-after-free issue. CVE-2017-5020 Rob Wu discovered another cross-site scripting issue. CVE-2017-5021 Rob Wu discovered a use-after-free issue in extensions. CVE-2017-5022 PKAV Team discovered a way to bypass the Content Security Policy. CVE-2017-5023 UK's National Cyber Security Centre (NCSC) discovered a type confusion issue. CVE-2017-5024 Paul Mehta discovered a heap overflow issue in the ffmpeg library. CVE-2017-5025 Paul Mehta discovered another heap overflow issue in the ffmpeg library. CVE-2017-5026 Ronni Skansing discovered a user interface spoofing issue. For the stable distribution (jessie), these problems have been fixed in version 56.0.2924.76-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3777-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. For the stable distribution (jessie), these problems have been fixed in version 2.1.0-5+deb8u9. For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 2.2.4-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3778-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-archive-tar-minitar CVE ID : CVE-2016-10173 Debian Bug : 853249 Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. For the stable distribution (jessie), this problem has been fixed in version 0.5.2-2+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 2, 2017 Share Posted February 2, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3779-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 Debian Bug : 851310 852767 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims' credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u12. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 4.7.1+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3780-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntfs-3g CVE ID : CVE-2017-0358 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. For the stable distribution (jessie), this problem has been fixed in version 1:2014.2.15AR.2-1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 1:2016.2.22AR.1-4. Link to comment Share on other sites More sharing options...
sunrat Posted February 5, 2017 Share Posted February 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3781-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : svgsalamander CVE ID : CVE-2017-5617 Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. For the stable distribution (jessie), this problem has been fixed in version 0~svn95-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.1.1+dfsg-2. Link to comment Share on other sites More sharing options...
sunrat Posted February 9, 2017 Share Posted February 9, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3782-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel attacks. For the stable distribution (jessie), these problems have been fixed in version 7u121-2.6.8-2~deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3783-1 security@debian.org https://www.debian.org/security/ Luciano Bello February 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 Several issues have been discovered in PHP, a widely-used open source general-purpose scripting language. CVE-2016-10158 Loading a TIFF or JPEG malicious file can lead to a Denial-of-Service attack when the EXIF header is being parsed. CVE-2016-10159 Loading a malicious phar archive can cause an extensive memory allocation, leading to a Denial-of-Service attack on 32 bit computers. CVE-2016-10160 An attacker might remotely execute arbitrary code using a malicious phar archive. This is the consequence of an off-by-one memory corruption. CVE-2016-10161 An attacker with control of the unserialize() function argument can cause an out-of-bounce read. This could lead to a Denial-of-Service attack or a remote code execution. For the stable distribution (jessie), these problems have been fixed in version 5.6.30+dfsg-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 12, 2017 Share Posted February 12, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : viewvc CVE ID : CVE-2017-5938 Debian Bug : 854681 Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. For the stable distribution (jessie), this problem has been fixed in version 1.1.22-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.1.26-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3785-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. For the stable distribution (jessie), these problems have been fixed in version 1.900.1-debian1-2.4+deb8u2. Link to comment Share on other sites More sharing options...
sunrat Posted February 13, 2017 Share Posted February 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3786-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vim CVE ID : CVE-2017-5953 Debian Bug : 854969 Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. For the stable distribution (jessie), this problem has been fixed in version 2:7.4.488-7+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2:8.0.0197-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3787-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : not yet available Debian Bug : 851304 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3788-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : not yet available Debian Bug : 851304 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u7. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted February 15, 2017 Share Posted February 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3789-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libevent CVE ID : CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Debian Bug : 854092 Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution. For the stable distribution (jessie), these problems have been fixed in version 2.0.21-stable-2+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 2.0.21-stable-3. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2017 Share Posted February 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3790-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2016-9577 CVE-2016-9578 Debian Bug : 854336 Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf function. An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary code. CVE-2016-9578 Frediano Ziglio of Red Hat discovered that spice does not properly validate incoming messages. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. For the stable distribution (jessie), these problems have been fixed in version 0.12.5-1+deb8u4. For the unstable distribution (sid), these problems have been fixed in version 0.12.8-2.1. Link to comment Share on other sites More sharing options...
sunrat Posted February 22, 2017 Share Posted February 22, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3787-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 The update for tomcat7 issued as DSA-3787-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u9. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 The update for tomcat8 issued as DSA-3788-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3791-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618 CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 CVE-2017-6074 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileges. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3 CVE-2016-8405 Peter Pi of Trend Micro discovered that the frame buffer video subsystem does not properly check bounds while copying color maps to userspace, causing a heap buffer out-of-bounds read, leading to information disclosure. CVE-2016-9191 CAI Qian discovered that reference counting is not properly handled within proc_sys_readdir in the sysctl implementation, allowing a local denial of service (system hang) or possibly privilege escalation. CVE-2017-2583 Xiaohan Zhang reported that KVM for amd64 does not correctly emulate loading of a null stack selector. This can be used by a user in a guest VM for denial of service (on an Intel CPU) or to escalate privileges within the VM (on an AMD CPU). CVE-2017-2584 Dmitry Vyukov reported that KVM for x86 does not correctly emulate memory access by the SGDT and SIDT instructions, which can result in a use-after-free and information leak. CVE-2017-2596 Dmitry Vyukov reported that KVM leaks page references when emulating a VMON for a nested hypervisor. This can be used by a privileged user in a guest VM for denial of service or possibly to gain privileges in the host. CVE-2017-2618 It was discovered that an off-by-one in the handling of SELinux attributes in /proc/pid/attr could result in local denial of service. CVE-2017-5549 It was discovered that the KLSI KL5KUSB105 serial USB device driver could log the contents of uninitialised kernel memory, resulting in an information leak. CVE-2017-5551 Jan Kara found that changing the POSIX ACL of a file on tmpfs never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner. CVE-2017-5897 Andrey Konovalov discovered an out-of-bounds read flaw in the ip6gre_err function in the IPv6 networking code. CVE-2017-5970 Andrey Konovalov discovered a denial-of-service flaw in the IPv4 networking code. This can be triggered by a local or remote attacker if a local UDP or raw socket has the IP_RETOPTS option enabled. CVE-2017-6001 Di Shen discovered a race condition between concurrent calls to the performance events subsystem, allowing a local attacker to escalate privileges. This flaw exists because of an incomplete fix of CVE-2016-6786. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3 CVE-2017-6074 Andrey Konovalov discovered a use-after-free vulnerability in the DCCP networking code, which could result in denial of service or local privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false For the stable distribution (jessie), these problems have been fixed in version 3.16.39-1+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted February 24, 2017 Share Posted February 24, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3792-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2017-3157 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information. For the stable distribution (jessie), this problem has been fixed in version 1:4.3.3-2+deb8u6. For the testing distribution (stretch), this problem has been fixed in version 1:5.2.3-1. For the unstable distribution (sid), this problem has been fixed in version 1:5.2.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3793-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shadow CVE ID : CVE-2016-6252 CVE-2017-2616 Debian Bug : 832170 855943 Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap utility. CVE-2017-2616 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. For the stable distribution (jessie), these problems have been fixed in version 1:4.2-3+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2017 Share Posted February 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3794-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : munin CVE ID : CVE-2017-6188 Debian Bug : 855705 Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible accessible by the user running the cgi-process. For the stable distribution (jessie), this problem has been fixed in version 2.0.25-1+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 security@debian.org https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3135 Debian Bug : 855520 It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice. This update also corrects an additional regression caused by the fix for CVE-2016-8864, which was applied in a previous security update. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u10. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1:9.10.3.dfsg.P4-12. Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2017 Share Posted February 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3796-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Several vulnerabilities were discovered in the Apache2 HTTP server. CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. CVE-2016-2161 Maksim Malyutin discovered that malicious input to mod_auth_digest could cause the server to crash, causing a denial of service. CVE-2016-8743 David Dennerline, of IBM Security's X-Force Researchers, and Régis Leroy discovered problems in the way Apache handled a broad pattern of unusual whitespace patterns in HTTP requests. In some configurations, this could lead to response splitting or cache pollution vulnerabilities. To fix these issues, this update makes Apache httpd be more strict in what HTTP requests it accepts. If this causes problems with non-conforming clients, some checks can be relaxed by adding the new directive "HttpProtocolOptions unsafe" to the configuration. This update also fixes the issue where mod_reqtimeout was not enabled by default on new installations. For the stable distribution (jessie), these problems have been fixed in version 2.4.10-10+deb8u8. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 2.4.25-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 2, 2017 Share Posted March 2, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3797-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2016-8674 CVE-2017-5896 CVE-2017-5991 Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution (jessie), these problems have been fixed in version 1.5-1+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 1.9a+ds1-4. For the unstable distribution (sid), these problems have been fixed in version 1.9a+ds1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3798-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tnef CVE ID : CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 Debian Bug : 856117 Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution. For the stable distribution (jessie), these problems have been fixed in version 1.4.9-1+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3799-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2016-8707 CVE-2016-10062 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Debian Bug : 851485 851483 851380 848139 851383 851382 851381 851374 851376 849439 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u7. For the testing distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 8:6.9.7.4+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3794-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : munin Debian Bug : 856455 The update for munin issues as DSA-3794-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process. For the stable distribution (jessie), this problem has been fixed in version 2.0.25-1+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2.0.32-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libquicktime CVE ID : CVE-2016-2399 Debian Bug : 855099 Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application. For the stable distribution (jessie), this problem has been fixed in version 2:1.2.4-7+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.2.4-10. Link to comment Share on other sites More sharing options...
Recommended Posts