Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3842-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 03, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat7

CVE ID : CVE-2017-5647 CVE-2017-5648

 

Two vulnerabilities were discovered in tomcat7, a servlet and JSP

engine.

 

CVE-2017-5647

 

Pipelined requests were processed incorrectly, which could result in

some responses appearing to be sent for the wrong request.

 

CVE-2017-5648

 

Some application listeners calls were issued against the wrong

objects, allowing untrusted applications running under a

SecurityManager to bypass that protection mechanism and access or

modify information associated with other web applications.

 

For the stable distribution (jessie), these problems have been fixed in

version 7.0.56-3+deb8u10.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 7.0.72-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3843-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 03, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat8

CVE ID : CVE-2017-5647 CVE-2017-5648

Debian Bug : 860068 860069

 

Two vulnerabilities were discovered in tomcat8, a servlet and JSP

engine.

 

CVE-2017-5647

 

Pipelined requests were processed incorrectly, which could result in

some responses appearing to be sent for the wrong request.

 

CVE-2017-5648

 

Some application listeners calls were issued against the wrong

objects, allowing untrusted applications running under a

SecurityManager to bypass that protection mechanism and access or

modify information associated with other web applications.

 

For the stable distribution (jessie), these problems have been fixed in

version 8.0.14-1+deb8u9.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 8.5.11-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3844-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 03, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tiff

CVE ID : CVE-2016-3658 CVE-2016-9535 CVE-2016-10266

CVE-2016-10267 CVE-2016-10269 CVE-2016-10270

CVE-2017-5225 CVE-2017-7592 CVE-2017-7593

CVE-2017-7594 CVE-2017-7595 CVE-2017-7596

CVE-2017-7597 CVE-2017-7598 CVE-2017-7599

CVE-2017-7600 CVE-2017-7601 CVE-2017-7602

 

Multiple vulnerabilities have been discovered in the libtiff library and

the included tools, which may result in denial of service, memory

disclosure or the execution of arbitrary code.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.0.3-12.3+deb8u3.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 4.0.7-6.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.0.7-6.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3845-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 08, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libtirpc

CVE ID : CVE-2017-8779

 

Guido Vranken discovered that incorrect memory management in libtirpc,

a transport-independent RPC library used by rpcbind and other programs

may result in denial of service via memory exhaustion (depending on

memory management settings).

 

For the stable distribution (jessie), this problem has been fixed in

version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.

 

For the upcoming stable distribution (stretch), this problem has been

fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3846-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 09, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libytnef

CVE ID : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301

CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305

CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802

Debian Bug :

 

Several issues were discovered in libytnef, a library used to decode

application/ms-tnef e-mail attachments. Multiple heap overflows,

out-of-bound writes and reads, NULL pointer dereferences and infinite

loops could be exploited by tricking a user into opening a maliciously

crafted winmail.dat file.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.5-6+deb8u1.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 1.9.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3847-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 09, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024

CVE-2017-7228

 

Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen

hypervisor, which may lead to privilege escalation, guest-to-host

breakout, denial of service or information leaks.

 

In additional to the CVE identifiers listed above, this update also

addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.4.1-9+deb8u9.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 4.8.1-1+deb9u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.8.1-1+deb9u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3848-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 10, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : git

CVE ID : CVE-2017-8386

 

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted

login shell for Git-only SSH access, allows a user to run an interactive

pager by causing it to spawn "git upload-pack --help".

 

For the stable distribution (jessie), this problem has been fixed in

version 1:2.1.4-2.1+deb8u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2.11.0-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3849-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 12, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : kde4libs

CVE ID : CVE-2017-6410 CVE-2017-8422

Debian Bug : 856890

 

Several vulnerabilities were discovered in kde4libs, the core libraries

for all KDE 4 applications. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2017-6410

 

Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs

reported that URLs are not sanitized before passing them to

FindProxyForURL, potentially allowing a remote attacker to obtain

sensitive information via a crafted PAC file.

 

CVE-2017-8422

 

Sebastian Krahmer from SUSE discovered that the KAuth framework

contains a logic flaw in which the service invoking dbus is not

properly checked. This flaw allows spoofing the identity of the

caller and gaining root privileges from an unprivileged account.

 

For the stable distribution (jessie), these problems have been fixed in

version 4:4.14.2-5+deb8u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 4:4.14.26-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3850-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 12, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rtmpdump

CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

 

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small

dumper/library for RTMP media streams, which may result in denial of

service or the execution of arbitrary code if a malformed stream is

dumped.

 

For the stable distribution (jessie), these problems have been fixed in

version 2.4+20150115.gita107cef-1+deb8u1.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 2.4+20151223.gitfa8646d.1-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.4+20151223.gitfa8646d.1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3851-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 12, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-9.4

CVE ID : CVE-2017-7484 CVE-2017-7485 CVE-2017-7486

 

Several vulnerabilities have been found in the PostgreSQL database

system:

 

CVE-2017-7484

 

Robert Haas discovered that some selectivity estimators did not

validate user privileges which could result in information

disclosure.

 

CVE-2017-7485

 

Daniel Gustafsson discovered that the PGREQUIRESSL environment

variable did no longer enforce a TLS connection.

 

CVE-2017-7486

 

Andrew Wheelwright discovered that user mappings were insufficiently

restricted.

 

For the stable distribution (jessie), these problems have been fixed in

version 9.4.12-0+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3852-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 13, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squirrelmail

CVE ID : CVE-2017-7692

 

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a

webmail application, incorrectly handled a user-supplied value. This

would allow a logged-in user to run arbitrary commands on the server.

 

For the stable distribution (jessie), this problem has been fixed in

version 2:1.4.23~svn20120406-2+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3854-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 14, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bind9

CVE ID : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138

Debian Bug : 860224 860225 860226

 

Several vulnerabilities were discovered in BIND, a DNS server

implementation. The Common Vulnerabilities and Exposures project

identifies the following problems:

 

CVE-2017-3136

 

Oleg Gorokhov of Yandex discovered that BIND does not properly

handle certain queries when using DNS64 with the "break-dnssec yes;"

option, allowing a remote attacker to cause a denial-of-service.

 

CVE-2017-3137

 

It was discovered that BIND makes incorrect assumptions about the

ordering of records in the answer section of a response containing

CNAME or DNAME resource records, leading to situations where BIND

exits with an assertion failure. An attacker can take advantage of

this condition to cause a denial-of-service.

 

CVE-2017-3138

 

Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a

REQUIRE assertion failure if it receives a null command string on

its control channel. Note that the fix applied in Debian is only

applied as a hardening measure. Details about the issue can be found

at https://kb.isc.org/article/AA-01471 .

 

For the stable distribution (jessie), these problems have been fixed in

version 1:9.9.5.dfsg-9+deb8u11.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:9.10.3.dfsg.P4-12.3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3853-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 15, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bitlbee

CVE ID : CVE-2016-10188 CVE-2016-10189

 

It was discovered that bitlbee, an IRC to other chat networks gateway,

contained issues that allowed a remote attacker to cause a denial of

service (via application crash), or potentially execute arbitrary

commands.

 

For the stable distribution (jessie), these problems have been fixed in

version 3.2.2-2+deb8u1.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 3.5-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3793-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 17, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : shadow

Debian Bug : 862806

 

The update for the shadow suite issued as DSA-3793-1 introduced a

regression in su signal handling. If su receives a signal like SIGTERM,

it is not propagated to the child. Updated packages are now available to

correct this issue.

 

For the stable distribution (jessie), this problem has been fixed in

version 1:4.2-3+deb8u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3855-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 18, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jbig2dec

CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976

Debian Bug : 860460 860787 860788

 

Multiple security issues have been found in the JBIG2 decoder library,

which may lead to denial of service, disclosure of sensitive information

from process memory or the execution of arbitrary code if a malformed

image file (usually embedded in a PDF document) is opened.

 

For the stable distribution (jessie), these problems have been fixed in

version 0.13-4~deb8u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.13-4.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3856-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 18, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : deluge

CVE ID : CVE-2017-7178 CVE-2017-9031

 

Two vulnerabilities have been discovered in the web interface of the

Deluge BitTorrent client (directory traversal and cross-site request

forgery).

 

For the stable distribution (jessie), these problems have been fixed in

version 1.3.10-3+deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.3.13+git20161130.48cedf63-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3857-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 18, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-connector-java

CVE ID : CVE-2017-3586 CVE-2017-3589

 

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

 

For the stable distribution (jessie), these problems have been fixed in

version 5.1.42-1~deb8u1.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 5.1.42-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 5.1.42-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3858-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533

CVE-2017-3539 CVE-2017-3544

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in privilege

escalation, denial of service, newline injection in SMTP or use of

insecure cryptography.

 

For the stable distribution (jessie), these problems have been fixed in

version 7u131-2.6.9-2~deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3859-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dropbear

CVE ID : CVE-2017-9078 CVE-2017-9079

 

Two vulnerabilities were found in Dropbear, a lightweight SSH2 server

and client:

 

CVE-2017-9078

 

Mark Shepard discovered a double free in the TCP listener cleanup

which could result in denial of service by an authenticated user if

Dropbear is running with the "-a" option.

 

CVE-2017-9079

 

Jann Horn discovered a local information leak in parsing the

.authorized_keys file.

 

For the stable distribution (jessie), these problems have been fixed in

version 2014.65-1+deb8u2.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3860-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 24, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : samba

CVE ID : CVE-2017-7494

 

steelo discovered a remote code execution vulnerability in Samba, a

SMB/CIFS file, print, and login server for Unix. A malicious client with

access to a writable share, can take advantage of this flaw by uploading

a shared library and then cause the server to load and execute it.

 

For the stable distribution (jessie), this problem has been fixed in

version 2:4.2.14+dfsg-0+deb8u6.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3861-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

May 24, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libtasn1-6

CVE ID : CVE-2017-6891

Debian Bug : 863186

 

Jakub Jirasek of Secunia Research discovered that libtasn1, a library

used to handle Abstract Syntax Notation One structures, did not

properly validate its input. This would allow an attacker to cause a

crash by denial-of-service, or potentially execute arbitrary code, by

tricking a user into processing a maliciously crafted assignments

file.

 

For the stable distribution (jessie), this problem has been fixed in

version 4.2-3+deb8u3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3862-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 25, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : puppet

CVE ID : CVE-2017-2295

 

It was discovered that unrestricted YAML deserialisation of data sent

from agents to the server in the Puppet configuration management system

could result in the execution of arbitrary code.

 

Note that this fix breaks backward compability with Puppet agents older

than 3.2.2 and there is no safe way to restore it. This affects puppet

agents running on Debian wheezy; we recommend to update the the

puppet version shipped in wheezy-backports.

 

For the stable distribution (jessie), this problem has been fixed in

version 3.7.2-4+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 4.8.2-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3863-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 25, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : imagemagick

CVE ID : CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7943

CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346

CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350

CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354

CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765

CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142

CVE-2017-9143 CVE-2017-9144

Debian Bug : 860736 862577 859771 859769 860734 862572 862574 862573

862575 862590 862589 862587 862632 862633 862634 862635

862636 862578 860735 862653 862637 863126 863125 863124

863123 862967

 

This update fixes several vulnerabilities in imagemagick: Various memory

handling problems and cases of missing or incomplete input sanitising

may result in denial of service, memory disclosure or the execution of

arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,

PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

 

For the stable distribution (jessie), these problems have been fixed in

version 8:6.8.9.9-5+deb8u9.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 8:6.9.7.4+dfsg-8.

 

For the unstable distribution (sid), these problems have been fixed in

version 8:6.9.7.4+dfsg-8.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3864-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 27, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : fop

CVE ID : CVE-2017-5661

 

It was discovered that an XML external entities vulnerability in the

Apache FOP XML formatter may result in information disclosure.

 

For the stable distribution (jessie), this problem has been fixed in

version 1:1.1.dfsg2-1+deb8u1.

 

For the upcoming stable distribution (stretch), this problem has been

fixed in version 1:2.1-6.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2.1-6.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3865-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 29, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mosquitto

CVE ID : CVE-2017-7650

 

It was discovered that pattern-based ACLs in the Mosquitto MQTT broker

could be bypassed.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.3.4-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4.10-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3866-1 security@debian.org

https://www.debian.org/security/ Yves-Alexis Perez

May 30, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : strongswan

CVE ID : CVE-2017-9022 CVE-2017-9023

 

Two denial of service vulnerabilities were identified in strongSwan, an

IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

 

CVE-2017-9022

 

RSA public keys passed to the gmp plugin aren't validated sufficiently

before attempting signature verification, so that invalid input might

lead to a floating point exception and crash of the process.

A certificate with an appropriately prepared public key sent by a peer

could be used for a denial-of-service attack.

 

CVE-2017-9023

 

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when

parsing X.509 certificates with extensions that use such types. This could

lead to infinite looping of the thread parsing a specifically crafted

certificate.

 

A fix for a build failure was additionally included in the 5.2.1-6+deb8u4

revision of the strongSwan package.

 

For the stable distribution (jessie), these problems have been fixed in

version 5.2.1-6+deb8u3.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 5.5.1-4

 

For the unstable distribution (sid), these problems have been fixed in

version 5.5.1-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3867-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

May 30, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sudo

CVE ID : CVE-2017-1000367

Debian Bug : 863731

 

The Qualys Security team discovered that sudo, a program designed to

provide limited super user privileges to specific users, does not

properly parse "/proc/[pid]/stat" to read the device number of the tty

from field 7 (tty_nr). A sudoers user can take advantage of this flaw on

an SELinux-enabled system to obtain full root privileges.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.8.10p3-1+deb8u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3868-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 30, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openldap

CVE ID : CVE-2017-9287

Debian Bug : 863563

 

Karsten Heymann discovered that the OpenLDAP directory server can be

crashed by performing a paged search with a page size of 0, resulting in

denial of service. This vulnerability is limited to the MDB storage

backend.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.4.40+dfsg-1+deb8u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.44+dfsg-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3869-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 01, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tnef

CVE ID : CVE-2017-8911

Debian Bug : 862442

 

It was discovered that tnef, a tool used to unpack MIME attachments of

type "application/ms-tnef", did not correctly validate its input. An

attacker could exploit this by tricking a user into opening a

malicious attachment, which would result in a denial-of-service by

application crash.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.4.9-1+deb8u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4.12-1.2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3870-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 01, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063

CVE-2017-9064 CVE-2017-9065

Debian Bug : 862053 862816

 

Several vulnerabilities were discovered in wordpress, a web blogging

tool. They would allow remote attackers to force password resets, and

perform various cross-site scripting and cross-site request forgery

attacks.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.1+dfsg-1+deb8u13.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 4.7.5+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3871-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 01, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : zookeeper

CVE ID : CVE-2017-5637

 

It was discovered that Zookeeper, a service for maintaining

configuration information, didn't restrict access to the computationally

expensive wchp/wchc commands which could result in denial of service by

elevated CPU consumption.

 

This update disables those two commands by default. The new

configuration option "4lw.commands.whitelist" can be used to whitelist

commands selectively (and the full set of commands can be restored

with '*')

 

For the stable distribution (jessie), this problem has been fixed in

version 3.4.5+dfsg-2+deb8u2.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3872-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 01, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nss

CVE ID : CVE-2017-5461 CVE-2017-5462 CVE-2017-7502

 

Several vulnerabilities were discovered in NSS, a set of cryptographic

libraries, which may result in denial of service or information

disclosure.

 

For the stable distribution (jessie), these problems have been fixed in

version 2:3.26-1+debu8u2.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3873-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 05, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : perl

CVE ID : CVE-2017-6512

Debian Bug : 863870

 

The cPanel Security Team reported a time of check to time of use

(TOCTTOU) race condition flaw in File::Path, a core module from Perl to

create or remove directory trees. An attacker can take advantage of this

flaw to set the mode on an attacker-chosen file to a attacker-chosen

value.

 

For the stable distribution (jessie), this problem has been fixed in

version 5.20.2-3+deb8u7.

 

For the upcoming stable distribution (stretch), this problem has been

fixed in version 5.24.1-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.24.1-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3874-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 09, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ettercap

CVE ID : CVE-2017-6430 CVE-2017-8366

Debian Bug : 857035 861604

 

Agostino Sarubbo and AromalUllas discovered that ettercap, a network

security tool for traffic interception, contains vulnerabilities that

allowed an attacker able to provide maliciously crafted filters to

cause a denial-of-service via application crash.

 

For the stable distribution (jessie), these problems have been fixed in

version 1:0.8.1-3+deb8u1.

 

For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 1:0.8.2-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3875-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 09, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libmwaw

CVE ID : CVE-2017-9433

 

It was discovered that a buffer overflow in libmwaw, a library to open

old Mac text documents might result in the execution of arbitrary code

if a malformed document is opened.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.3.1-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.3.9-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3876-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 09, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : otrs2

CVE ID : CVE-2017-9324

 

Joerg-Thomas Vogt discovered that the SecureMode was insufficiently

validated in the OTRS ticket system, which could allow agents to

escalate their privileges.

 

For the stable distribution (jessie), this problem has been fixed in

version 3.3.9-3+deb8u1.

 

For the upcoming stable distribution (stretch), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.0.20-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3877-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 10, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

CVE ID : CVE-2017-0376

Debian Bug : 864424

 

It has been discovered that Tor, a connection-based low-latency

anonymous communication system, contain a flaw in the hidden service

code when receiving a BEGIN_DIR cell on a hidden service rendezvous

circuit. A remote attacker can take advantage of this flaw to cause a

hidden service to crash with an assertion failure (TROVE-2017-005).

 

For the stable distribution (jessie), this problem has been fixed in

version 0.2.5.14-1.

 

For the upcoming stable distribution (stretch), this problem will be

fixed in version 0.2.9.11-1~deb9u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.2.9.11-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3878-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 12, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : zziplib

CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978

CVE-2017-5979 CVE-2017-5980 CVE-2017-5981

 

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a

library to access Zip archives, which could result in denial of service

and potentially the execution of arbitrary code if a malformed archive

is processed.

 

For the stable distribution (jessie), these problems have been fixed in

version 0.13.62-3+deb8u1.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 0.13.62-3.1.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.13.62-3.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3879-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 13, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libosip2

CVE ID : CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853

 

Multiple security vulnerabilities have been found in oSIP, a library

implementing the Session Initiation Protocol, which might result in

denial of service through malformed SIP messages.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.1.0-2+deb8u1.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 4.1.0-2.1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.1.0-2.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3880-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 14, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgcrypt20

CVE ID : CVE-2017-9526

 

It was discovered that a side channel attack in the EdDSA session key

handling in Libgcrypt may result in information disclosure.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.6.3-2+deb8u3.

 

For the upcoming stable distribution (stretch), this problem has been

fixed in version 1.7.6-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.7.6-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3881-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 14, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firefox-esr

CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750

CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756

CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771

CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775

CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

 

Several security issues have been found in the Mozilla Firefox web

browser: Multiple memory safety errors, use-after-frees, buffer overflows

and other implementation errors may lead to the execution of arbitrary

code, denial of service or domain spoofing.

 

Debian follows the extended support releases (ESR) of Firefox. Support

for the 45.x series has ended, so starting with this update we're now

following the 52.x releases.

 

For the stable distribution (jessie), these problems have been fixed in

version 52.2.0esr-1~deb8u1.

 

For the upcoming stable distribution (stretch), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 52.2.0esr-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3882-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 15, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : request-tracker4

CVE ID : CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944

 

Multiple vulnerabilities have been discovered in Request Tracker, an

extensible trouble-ticket tracking system. The Common Vulnerabilities

and Exposures project identifies the following problems:

 

CVE-2016-6127

 

It was discovered that Request Tracker is vulnerable to a cross-site

scripting (XSS) attack if an attacker uploads a malicious file with

a certain content type. Installations which use the

AlwaysDownloadAttachments config setting are unaffected by this

flaw. The applied fix addresses all existant and future uploaded

attachments.

 

CVE-2017-5361

 

It was discovered that Request Tracker is vulnerable to timing

side-channel attacks for user passwords.

 

CVE-2017-5943

 

It was discovered that Request Tracker is prone to an information

leak of cross-site request forgery (CSRF) verification tokens if a

user is tricked into visiting a specially crafted URL by an

attacker.

 

 

CVE-2017-5944

 

It was discovered that Request Tracker is prone to a remote code

execution vulnerability in the dashboard subscription interface. A

privileged attacker can take advantage of this flaw through

carefully-crafted saved search names to cause unexpected code to be

executed. The applied fix addresses all existant and future saved

searches.

 

Additionally to the above mentioned CVEs, this update workarounds

CVE-2015-7686 in Email::Address which could induce a denial of service

of Request Tracker itself.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.2.8-3+deb8u2.

 

For the upcoming stable distribution (stretch), these problems have been

fixed in version 4.4.1-3+deb9u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.4.1-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3883-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 15, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rt-authen-externalauth

CVE ID : CVE-2017-5361

 

It was discovered that RT::Authen::ExternalAuth, an external

authentication module for Request Tracker, is vulnerable to timing

side-channel attacks for user passwords. Only ExternalAuth in DBI

(database) mode is vulnerable.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.25-1+deb8u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3884-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 16, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnutls28

CVE ID : CVE-2017-7507

Debian Bug : 864560

 

Hubert Kario discovered that GnuTLS, a library implementing the TLS and

SSL protocols, does not properly decode a status response TLS extension,

allowing a remote attacker to cause an application using the GnuTLS

library to crash (denial of service).

 

For the stable distribution (jessie), this problem has been fixed in

version 3.3.8-6+deb8u6.

 

For the upcoming stable distribution (stretch), this problem has been

fixed in version 3.5.8-5+deb9u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.5.8-6.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3885-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 18, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : irssi

CVE ID : CVE-2017-9468 CVE-2017-9469

Debian Bug : 864400

 

Multiple vulnerabilities have been discovered in Irssi, a terminal based

IRC client. The Common Vulnerabilities and Exposures project identifies

the following problems:

 

CVE-2017-9468

 

Joseph Bisch discovered that Irssi does not properly handle DCC

messages without source nick/host. A malicious IRC server can take

advantage of this flaw to cause Irssi to crash, resulting in a

denial of service.

 

CVE-2017-9469

 

Joseph Bisch discovered that Irssi does not properly handle

receiving incorrectly quoted DCC files. A remote attacker can take

advantage of this flaw to cause Irssi to crash, resulting in a

denial of service.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 0.8.17-1+deb8u4.

 

For the stable distribution (stretch), these problems have been fixed in

version 1.0.2-1+deb9u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.3-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3887-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : glibc

CVE ID : CVE-2017-1000366

 

The Qualys Research Labs discovered various problems in the dynamic

linker of the GNU C Library which allow local privilege escalation by

clashing the stack. For the full details, please refer to their advisory

published at:

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 

For the oldstable distribution (jessie), this problem has been fixed

in version 2.19-18+deb8u10.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.24-11+deb9u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3888-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : exim4

CVE ID : CVE-2017-1000369

 

The Qualys Research Labs discovered a memory leak in the Exim mail

transport agent. This is not a security vulnerability in Exim by itself,

but can be used to exploit a vulnerability in stack handling. For the

full details, please refer to their advisory published at:

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 

For the oldstable distribution (jessie), this problem has been fixed

in version 4.84.2-2+deb8u4.

 

For the stable distribution (stretch), this problem has been fixed in

version 4.89-2+deb9u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3886-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895

CVE-2017-8064 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925

CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077

CVE-2017-9242 CVE-2017-1000364

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

 

CVE-2017-0605

 

A buffer overflow flaw was discovered in the trace subsystem.

 

CVE-2017-7487

 

Li Qiang reported a reference counter leak in the ipxitf_ioctl

function which may result into a use-after-free vulnerability,

triggerable when a IPX interface is configured.

 

CVE-2017-7645

 

Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that

the NFSv2 and NFSv3 server implementations are vulnerable to an

out-of-bounds memory access issue while processing arbitrarily long

arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of

service.

 

CVE-2017-7895

 

Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3

server implementations do not properly handle payload bounds

checking of WRITE requests. A remote attacker with write access to a

NFS mount can take advantage of this flaw to read chunks of

arbitrary memory from both kernel-space and user-space.

 

CVE-2017-8064

 

Arnd Bergmann found that the DVB-USB core misused the device

logging system, resulting in a use-after-free vulnerability, with

unknown security impact.

 

CVE-2017-8890

 

It was discovered that the net_csk_clone_lock() function allows a

remote attacker to cause a double free leading to a denial of

service or potentially have other impact.

 

CVE-2017-8924

 

Johan Hovold found that the io_ti USB serial driver could leak

sensitive information if a malicious USB device was connected.

 

CVE-2017-8925

 

Johan Hovold found a reference counter leak in the omninet USB

serial driver, resulting in a use-after-free vulnerability. This

can be triggered by a local user permitted to open tty devices.

 

CVE-2017-9074

 

Andrey Konovalov reported that the IPv6 fragmentation

implementation could read beyond the end of a packet buffer. A

local user or guest VM might be able to use this to leak sensitive

information or to cause a denial of service (crash).

 

CVE-2017-9075

 

Andrey Konovalov reported that the SCTP/IPv6 implementation

wrongly initialised address lists on connected sockets, resulting

in a use-after-free vulnerability, a similar issue to

CVE-2017-8890. This can be triggered by any local user.

 

CVE-2017-9076 / CVE-2017-9077

 

Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations

wrongly initialised address lists on connected sockets, a similar

issue to CVE-2017-9075.

 

CVE-2017-9242

 

Andrey Konovalov reported a packet buffer overrun in the IPv6

implementation. A local user could use this for denial of service

(memory corruption; crash) and possibly for privilege escalation.

 

CVE-2017-1000364

 

The Qualys Research Labs discovered that the size of the stack guard

page is not sufficiently large. The stack-pointer can jump over the

guard-page and moving from the stack into another memory region

without accessing the guard-page. In this case no page-fault

exception is raised and the stack extends into the other memory

region. An attacker can exploit this flaw for privilege escalation.

 

The default stack gap protection is set to 256 pages and can be

configured via the stack_guard_gap kernel parameter on the kernel

command line.

 

Further details can be found at

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 

For the oldstable distribution (jessie), these problems have been fixed

in version 3.16.43-2+deb8u1.

 

For the stable distribution (stretch), these problems have been fixed in

version 4.9.30-2+deb9u1 or earlier versions before the stretch release.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3889-1 security@debian.org

https://www.debian.org/security/ Yves-Alexis Perez

June 19, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libffi

CVE ID : CVE-2017-1000376

Debian Bug : 751907

 

libffi, a library used to call code written in one language from code written

in a different language, was enforcing an executable stack on the i386

architecture. While this might not be considered a vulnerability by itself,

this could be leveraged when exploiting other vulnerabilities, like for example

the "stack clash" class of vulnerabilities discovered by Qualys Research Labs.

For the full details, please refer to their advisory published at:

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.1-2+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.2.1-4.

 

For the testing distribution (buster), this problem has been fixed

in version 3.2.1-4.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.2.1-4.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3890-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 21, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : spip

CVE ID : CVE-2017-9736

Debian Bug : 864921

 

Emeric Boit of ANSSI reported that SPIP, a website engine for

publishing, insufficiently sanitises the value from the X-Forwarded-Host

HTTP header field. An unauthenticated attacker can take advantage of

this flaw to cause remote code execution.

 

For the stable distribution (stretch), this problem has been fixed in

version 3.1.4-3~deb9u1.

 

For the testing distribution (buster), this problem has been fixed

in version 3.1.4-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.1.4-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3891-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat8

CVE ID : CVE-2017-5664

Debian Bug : 864447 802312

 

Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and

JSP engine, static error pages used the original request's HTTP method

to serve content, instead of systematically using the GET method. This

could under certain conditions result in undesirable results,

including the replacement or removal of the custom error page.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 8.0.14-1+deb8u10.

 

For the stable distribution (stretch), this problem has been fixed in

version 8.5.14-1+deb9u1.

 

For the testing distribution (buster), this problem has been fixed

in version 8.5.14-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.5.14-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3892-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat7

CVE ID : CVE-2017-5664

Debian Bug : 864447 802312

 

Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and

JSP engine, static error pages used the original request's HTTP method

to serve content, instead of systematically using the GET method. This

could under certain conditions result in undesirable results,

including the replacement or removal of the custom error page.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 7.0.56-3+deb8u11.

 

For the stable distribution (stretch), this problem has been fixed in

version 7.0.72-3.

 

For the testing distribution (buster), this problem has been fixed

in version 7.0.72-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.0.72-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3893-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jython

CVE ID : CVE-2016-4000

Debian Bug : 864859

 

Alvaro Munoz and Christian Schneider discovered that jython, an

implementation of the Python language seamlessly integrated with Java,

is prone to arbitrary code execution triggered when sending a serialized

function to the deserializer.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 2.5.3-3+deb8u1.

 

For the stable distribution (stretch), this problem has been fixed in

version 2.5.3-16+deb9u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.5.3-17.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3894-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : graphite2

CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774

CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

 

Multiple vulnerabilities have been found in the Graphite font rendering

engine which might result in denial of service or the execution of

arbitrary code if a malformed font file is processed.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 1.3.10-1~deb8u1.

 

For the stable distribution (stretch), these problems have been fixed

prior to the initial release.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3895-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : flatpak

CVE ID : CVE-2017-9780

 

It was discovered that Flatpak, an application deployment framework for

desktop apps insufficiently restricted file permissinons in third-party

repositories, which could result in privilege escalation.

 

For the stable distribution (stretch), this problem has been fixed in

version 0.8.5-2+deb9u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.8.7-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3896-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apache2

CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668

CVE-2017-7679

 

Several vulnerabilities have been found in the Apache HTTPD server.

 

CVE-2017-3167

 

Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by

third-party modules outside of the authentication phase may lead to

authentication requirements being bypassed.

 

CVE-2017-3169

 

Vasileios Panopoulos of AdNovum Informatik AG discovered that

mod_ssl may dereference a NULL pointer when third-party modules call

ap_hook_process_connection() during an HTTP request to an HTTPS port

leading to a denial of service.

 

CVE-2017-7659

 

Robert Swiecki reported that a specially crafted HTTP/2 request

could cause mod_http2 to dereference a NULL pointer and crash the

server process.

 

CVE-2017-7668

 

Javier Jimenez reported that the HTTP strict parsing contains a

flaw leading to a buffer overread in ap_find_token(). A remote

attacker can take advantage of this flaw by carefully crafting a

sequence of request headers to cause a segmentation fault, or to

force ap_find_token() to return an incorrect value.

 

CVE-2017-7679

 

ChenQin and Hanno Boeck reported that mod_mime can read one byte

past the end of a buffer when sending a malicious Content-Type

response header.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not

affected by CVE-2017-7659.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.4.25-3+deb9u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.4.25-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3897-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 24, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : CVE-2015-7943 CVE-2017-6922

Debian Bug : 865498

 

Two vulnerabilities were discovered in Drupal, a fully-featured content

management framework. The Common Vulnerabilities and Exposures project

identifies the following issues:

 

CVE-2015-7943

 

Samuel Mortenson and Pere Orga discovered that the overlay module

does not sufficiently validate URLs prior to displaying their

contents, leading to an open redirect vulnerability.

 

More information can be found at

https://www.drupal.org/SA-CORE-2015-004

 

CVE-2017-6922

 

Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files

uploaded by anonymous users into a private file system can be

accessed by other anonymous users leading to an access bypass

vulnerability.

 

More information can be found at

https://www.drupal.org/SA-CORE-2017-003

 

For the oldstable distribution (jessie), these problems have been fixed

in version 7.32-1+deb8u9.

 

For the stable distribution (stretch), these problems have been fixed in

version 7.52-2+deb9u1. For the stable distribution (stretch),

CVE-2015-7943 was already fixed before the initial release.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3898-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 25, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : expat

CVE ID : CVE-2016-9063 CVE-2017-9233

 

Multiple vulnerabilities have been discovered in Expat, an XML parsing C

library. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

 

CVE-2016-9063

 

Gustavo Grieco discovered an integer overflow flaw during parsing of

XML. An attacker can take advantage of this flaw to cause a denial

of service against an application using the Expat library.

 

CVE-2017-9233

 

Rhodri James discovered an infinite loop vulnerability within the

entityValueInitProcessor() function while parsing malformed XML

in an external entity. An attacker can take advantage of this

flaw to cause a denial of service against an application using

the Expat library.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2.1.0-6+deb8u4.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.2.0-2+deb9u1. For the stable distribution (stretch),

CVE-2016-9063 was already fixed before the initial release.

 

For the testing distribution (buster), these problems have been fixed

in version 2.2.1-1 or earlier version.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.2.1-1 or earlier version.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3899-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 27, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vlc

CVE ID : CVE-2017-8310 CVE-2017-8311 CVE-2017-8312 CVE-2017-8313

 

Several vulnerabilities have been found in VLC, the VideoLAN project's

media player. Processing malformed subtitles or movie files could lead

to denial of service and potentially the execution of arbitrary code.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2.2.6-1~deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3886-2 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

June 27, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

Debian Bug : 865303

 

The security update announced as DSA-3886-1 caused regressions for some

applications using Java - including jsvc, LibreOffice and Scilab - due

to the fix for CVE-2017-1000364. Updated packages are now available to

correct this issue. For reference, the relevant part of the original

advisory text follows.

 

CVE-2017-1000364

 

The Qualys Research Labs discovered that the size of the stack guard

page is not sufficiently large. The stack-pointer can jump over the

guard-page and moving from the stack into another memory region

without accessing the guard-page. In this case no page-fault

exception is raised and the stack extends into the other memory

region. An attacker can exploit this flaw for privilege escalation.

 

The default stack gap protection is set to 256 pages and can be

configured via the stack_guard_gap kernel parameter on the kernel

command line.

 

Further details can be found at

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 

For the oldstable distribution (jessie), this problem has been fixed

in version 3.16.43-2+deb8u2.

 

For the stable distribution (stretch), this problem has been fixed in

version 4.9.30-2+deb9u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3900-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

June 27, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openvpn

CVE ID : CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521

Debian Bug : 865480

 

Several issues were discovered in openvpn, a virtual private network

application.

 

CVE-2017-7479

 

It was discovered that openvpn did not properly handle the

rollover of packet identifiers. This would allow an authenticated

remote attacker to cause a denial-of-service via application

crash.

 

CVE-2017-7508

 

Guido Vranken discovered that openvpn did not properly handle

specific malformed IPv6 packets. This would allow a remote

attacker to cause a denial-of-service via application crash.

 

CVE-2017-7520

 

Guido Vranken discovered that openvpn did not properly handle

clients connecting to an HTTP proxy with NTLMv2

authentication. This would allow a remote attacker to cause a

denial-of-service via application crash, or potentially leak

sensitive information like the user's proxy password.

 

CVE-2017-7521

 

Guido Vranken discovered that openvpn did not properly handle

some x509 extensions. This would allow a remote attacker to cause

a denial-of-service via application crash.

 

For the oldstable distribution (jessie), these problems have been fixed

in version 2.3.4-5+deb8u2.

 

For the stable distribution (stretch), these problems have been fixed in

version 2.4.0-6+deb9u1.

 

For the testing distribution (buster), these problems have been fixed

in version 2.4.3-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.4.3-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3901-1 security@debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

July 02, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgcrypt20

CVE ID : CVE-2017-7526

 

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot

Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and

Yuval Yarom discovered that Libgcrypt is prone to a local side-channel

attack allowing full key recovery for RSA-1024.

 

See https://eprint.iacr.org/2017/627 for details.

 

For the oldstable distribution (jessie), this problem has been fixed

in version 1.6.3-2+deb8u4.

 

For the stable distribution (stretch), this problem has been fixed in

version 1.7.6-2+deb9u1.

 

For the testing distribution (buster), this problem has been fixed

in version 1.7.8-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.7.8-1.

Link to comment
Share on other sites

×
×
  • Create New...