sunrat Posted July 6, 2017 Share Posted July 6, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3902-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jabberd2 CVE ID : CVE-2017-10807 Debian Bug : 867032 It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration. For the stable distribution (stretch), this problem has been fixed in version 2.4.0-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3903-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 CVE-2017-9936 CVE-2017-10688 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 4.0.8-2+deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.0.8-3. For the unstable distribution (sid), these problems have been fixed in version 4.0.8-3. Link to comment Share on other sites More sharing options...
sunrat Posted July 9, 2017 Share Posted July 9, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3904-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3142 CVE-2017-3143 Debian Bug : 866564 Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: - providing an AXFR of a zone to an unauthorized recipient - accepting bogus NOTIFY packets CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. For the oldstable distribution (jessie), these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u12. For the stable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.4. Link to comment Share on other sites More sharing options...
sunrat Posted July 11, 2017 Share Posted July 11, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3905-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2017-10971 CVE-2017-10972 Debian Bug : 867492 Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. For the oldstable distribution (jessie), these problems have been fixed in version 2:1.16.4-1+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 2:1.19.2-1+deb9u1. Setups running root-less X are not affected. For the testing distribution (buster), these problems have been fixed in version 2:1.19.3-2. For the unstable distribution (sid), these problems have been fixed in version 2:1.19.3-2. Link to comment Share on other sites More sharing options...
sunrat Posted July 12, 2017 Share Posted July 12, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3906-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : undertow CVE ID : CVE-2017-2666 CVE-2017-2670 Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling. For the stable distribution (stretch), these problems have been fixed in version 1.4.8-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 1.4.18-1. For the unstable distribution (sid), these problems have been fixed in version 1.4.18-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3907-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2017-7506 Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 0.12.5-1+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 0.12.8-2.1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted July 13, 2017 Share Posted July 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2017-7529 An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted July 16, 2017 Share Posted July 16, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3909-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2017-11103 Debian Bug : 868209 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center (KDC-REP) component and could be used by an attacker on the network path to impersonate a server. More details can be found on the vulnerability website (https://orpheus-lyre.info/) and on the Samba project website (https://www.samba.org/samba/security/CVE-2017-11103.html) For the oldstable distribution (jessie), this problem has been fixed in version 2:4.2.14+dfsg-0+deb8u7. For the stable distribution (stretch), this problem has been fixed in version 2:4.5.8+dfsg-2+deb9u1. For the testing distribution (buster), this problem has been fixed in version 2:4.6.5+dfsg-4. For the unstable distribution (sid), this problem has been fixed in version 2:4.6.5+dfsg-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3911-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : evince CVE ID : CVE-2017-1000083 Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely For the oldstable distribution (jessie), this problem has been fixed in version 3.14.1-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 3.22.1-3+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 3.22.1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3910-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : knot CVE ID : CVE-2017-11104 Debian Bug : 865678 Clément Berthaux from Synaktiv discovered a signature forgery vulnerability in knot, an authoritative-only DNS server. This vulnerability allows an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.0-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.4.0-3+deb9u1. For the testing (buster) and unstable (sid), this problem will be fixed in a later update. Link to comment Share on other sites More sharing options...
sunrat Posted July 17, 2017 Share Posted July 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : heimdal CVE ID : CVE-2017-11103 Debian Bug : 868208 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker can use this flaw to impersonate services to the client. See https://orpheus-lyre.info/ for details. For the oldstable distribution (jessie), this problem has been fixed in version 1.6~rc2+dfsg-9+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 7.1.0+dfsg-13+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 7.4.0.dfsg.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted July 19, 2017 Share Posted July 19, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2017-9788 Debian Bug : 868467 Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type 'Digest' between successive key=value assignments, leading to information disclosure or denial of service. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.10-10+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 2.4.25-3+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 2.4.27-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3914-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11360 CVE-2017-11188 Debian Bug : 863126 867367 867778 867721 864273 864274 867806 868264 868184 867810 867808 867811 867812 867896 867798 867821 867824 867825 867826 867893 867823 867894 867897 This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed. For the oldstable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u10. For the stable distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 8:6.9.7.4+dfsg-12. Link to comment Share on other sites More sharing options...
sunrat Posted July 23, 2017 Share Posted July 23, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3915-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond July 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-mixlib-archive CVE ID : CVE-2017-1000026 Debian Bug : 868572 It was discovered that ruby-mixlib-archive, a Chef Software's library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing ".." in its entries. For the stable distribution (stretch), this problem has been fixed in version 0.2.0-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3916-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : atril CVE ID : CVE-2017-1000083 Debian Bug : 868500 It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. For the oldstable distribution (jessie), this problem has been fixed in version 1.8.1+dfsg1-4+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.16.1-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted July 24, 2017 Share Posted July 24, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3917-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : catdoc CVE ID : CVE-2017-11110 Debian Bug : 867717 A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed. For the oldstable distribution (jessie), this problem has been fixed in version 0.94.4-1.1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1:0.95-3. For the unstable distribution (sid), this problem has been fixed in version 1:0.95-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3904-2 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 Debian Bug : 868952 The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. For the oldstable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u13. For the stable distribution (stretch), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u2. For the testing distribution (buster), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.5. For the unstable distribution (sid), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.5. Link to comment Share on other sites More sharing options...
sunrat Posted July 25, 2017 Share Posted July 25, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3918-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases (ESR) of Thunderbird. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases. For the oldstable distribution (jessie), these problems have been fixed in version 1:52.2.1-4~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:52.2.1-4~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3919-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification. For the stable distribution (stretch), these problems have been fixed in version 8u141-b15-1~deb9u1. For the unstable distribution (sid), these problems have been fixed in version 8u141-b15-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3920-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9524 CVE-2017-10664 CVE-2017-10911 Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-2017-9374 Denial of service via memory leak in USB EHCI emulation. CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-9524 Denial of service in qemu-nbd server. CVE-2017-10664 Denial of service in qemu-nbd server. CVE-2017-10911 Information leak in Xen blkif response handling. For the oldstable distribution (jessie), a separate DSA will be issued. For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u1. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted July 29, 2017 Share Posted July 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : enigmail Debian Bug : 869774 In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility. For the oldstable distribution (jessie), this problem has been fixed in version 2:1.9.8.1-1~deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2:1.9.8.1-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3922-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Debian Bug : 868788 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html For the oldstable distribution (jessie), these problems have been fixed in version 5.5.57-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 6, 2017 Share Posted August 6, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3923-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freerdp CVE ID : CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Debian Bug : 869880 Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol (RDP), contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side. For the oldstable distribution (jessie), these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-14. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3924-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : varnish CVE ID : not yet assigned Debian Bug : 870467 A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. See https://varnish-cache.org/security/VSV00001.html for details. For the oldstable distribution (jessie), this problem has been fixed in version 4.0.2-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 5.0.0-7+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3925-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2017-9524 CVE-2017-10806 CVE-2017-11334 CVE-2017-11443 Debian Bug : 865755 869171 869173 867751 869945 Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations CVE-2017-11443 Out-of-band memory access in SLIRP/DHCP For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3926-1 security@debian.org https://www.debian.org/security/ Michael Gilbert August 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. CVE-2017-5091 Ned Williamson discovered a use-after-free issue in IndexedDB. CVE-2017-5092 Yu Zhou discovered a use-after-free issue in PPAPI. CVE-2017-5093 Luan Herrera discovered a user interface spoofing issue. CVE-2017-5094 A type confusion issue was discovered in extensions. CVE-2017-5095 An out-of-bounds write issue was discovered in the pdfium library. CVE-2017-5097 An out-of-bounds read issue was discovered in the skia library. CVE-2017-5098 Jihoon Kim discover a use-after-free issue in the v8 javascript library. CVE-2017-5099 Yuan Deng discovered an out-of-bounds write issue in PPAPI. CVE-2017-5100 A use-after-free issue was discovered in Chrome Apps. CVE-2017-5101 Luan Herrera discovered a URL spoofing issue. CVE-2017-5102 An uninitialized variable was discovered in the skia library. CVE-2017-5103 Another uninitialized variable was discovered in the skia library. CVE-2017-5104 Khalil Zhani discovered a user interface spoofing issue. CVE-2017-5105 Rayyan Bijoora discovered a URL spoofing issue. CVE-2017-5106 Jack Zac discovered a URL spoofing issue. CVE-2017-5107 David Kohlbrenner discovered an information leak in SVG file handling. CVE-2017-5108 Guang Gong discovered a type confusion issue in the pdfium library. CVE-2017-5109 Jose Maria Acuna Morgado discovered a user interface spoofing issue. CVE-2017-5110 xisigr discovered a way to spoof the payments dialog. CVE-2017-7000 Chaitin Security Research Lab discovered an information disclosure issue in the sqlite library. For the stable distribution (stretch), these problems have been fixed in version 60.0.3112.78-1~deb9u1. For the unstable distribution (sid), these problems have been fixed in version 60.0.3112.78-1 or earlier versions. Link to comment Share on other sites More sharing options...
sunrat Posted August 8, 2017 Share Posted August 8, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3927-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000365 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges. CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation. CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. CVE-2017-10810 Li Qiang discovered a memory leak flaw within the VirtIO GPU driver resulting in denial of service (memory consumption). CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a user-space close of a Netlink socket to cause a denial of service or potentially cause other impact. CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code. For the oldstable distribution (jessie), these problems will be fixed in a subsequent DSA. For the stable distribution (stretch), these problems have been fixed in version 4.9.30-2+deb9u3. Link to comment Share on other sites More sharing options...
sunrat Posted August 10, 2017 Share Posted August 10, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3928-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CSP. For the oldstable distribution (jessie), these problems have been fixed in version 52.3.0esr-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 52.3.0esr-1~deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3929-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libsoup2.4 CVE ID : CVE-2017-2885 Debian Bug : 871650 Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash (denial of service), or potentially execute arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 2.48.0-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.56.0-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3930-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freeradius CVE ID : CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 Debian Bug : 868765 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All those issues are covered by this single DSA, but it's worth noting that not all issues affect all releases: - CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch - CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982 affect only jessie - CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987 affect only stretch. For the oldstable distribution (jessie), these problems have been fixed in version 2.2.5+dfsg-0.2+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 3.0.12+dfsg-5+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3933-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pjproject CVE ID : CVE-2017-9359 CVE-2017-9372 Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0.0.ast20130823-1+deb8u1. For the stable distribution (stretch), these problems had been fixed prior to the initial release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3932-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2016-8734 CVE-2017-9800 Several problems were discovered in Subversion, a centralised version control system. CVE-2016-8734 (jessie only) Subversion's mod_dontdothat server module and Subversion clients using http(s):// were vulnerable to a denial-of-service attack caused by exponential XML entity expansion. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:externals properties or when using 'svnsync sync'. For the oldstable distribution (jessie), these problems have been fixed in version 1.8.10-6+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.9.5-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2017-1000117 Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For the oldstable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1:2.11.0-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3935-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put() function ignored ACLs. For more in-depth descriptions of the security vulnerabilities, please see https://www.postgresql.org/about/news/1772/ For the oldstable distribution (jessie), these problems have been fixed in version 9.4.13-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3936-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put() function ignored ACLs. For more in-depth descriptions of the security vulnerabilities, please see https://www.postgresql.org/about/news/1772/ For the stable distribution (stretch), these problems have been fixed in version 9.6.4-0+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 12, 2017 Share Posted August 12, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3937-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zabbix CVE ID : CVE-2017-2824 CVE-2017-2825 Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.7+dfsg-2+deb8u3. For the stable distribution (stretch), these problems have been fixed prior to the initial release. Link to comment Share on other sites More sharing options...
sunrat Posted August 14, 2017 Share Posted August 14, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3938-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2017-7890 Debian Bug : 869263 Matviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed. For the oldstable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 2.2.4-2+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3939-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : botan1.10 CVE ID : CVE-2017-2801 Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate. For the oldstable distribution (jessie), this problem has been fixed in version 1.10.8-2+deb8u2. For the stable distribution (stretch), this problem has been fixed prior to the initial release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cvs CVE ID : CVE-2017-12836 Debian Bug : 871810 It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command. For the oldstable distribution (jessie), this problem has been fixed in version 2:1.12.13+real-15+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2:1.12.13+real-22+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iortcw CVE ID : CVE-2017-11721 A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. For the stable distribution (stretch), this problem has been fixed in version 1.50a+dfsg1-3+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3942-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : supervisor CVE ID : CVE-2017-11610 Debian Bug : 870187 Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as the same user as supervisord. The vulnerability has been fixed by disabling nested namespace lookup entirely. supervisord will now only call methods on the object registered to handle XML-RPC requests and not any child objects it may contain, possibly breaking existing setups. No publicly available plugins are currently known that use nested namespaces. Plugins that use a single namespace will continue to work as before. Details can be found on the upstream issue at https://github.com/Supervisor/supervisor/issues/964 . For the oldstable distribution (jessie), this problem has been fixed in version 3.0r1-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 3.3.1-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3943-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim CVE ID : CVE-2016-10376 Debian Bug : 863445 Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the 'remote_commands' option. For the oldstable distribution (jessie), this problem has been fixed in version 0.16-1+deb8u2. For the stable distribution (stretch), this problem has been fixed prior to the initial release. Link to comment Share on other sites More sharing options...
sunrat Posted August 17, 2017 Share Posted August 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3928-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 The update shipped in DSA 3928-1 failed to build on the mips, mipsel and powerpc architectures for the oldstable distribution (jessie). This has been fixed in 52.3.0esr-1~deb8u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3944-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.32. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/ For the oldstable distribution (jessie), these problems have been fixed in version 10.0.32-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3945-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363 CVE-2017-1000365 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escalate privileges. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges. CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation. CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code. CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact. CVE-2017-1000363 Roee Hay reported that the lp driver does not properly bounds-check passed arguments, allowing a local attacker with write access to the kernel command line arguments to execute arbitrary code. CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.43-2+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted August 20, 2017 Share Posted August 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3946-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libmspack CVE ID : CVE-2017-6419 CVE-2017-11423 Debian Bug : 868956 871263 It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 0.5-1+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 0.5-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : newsbeuter CVE ID : CVE-2017-12904 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. For the oldstable distribution (jessie), this problem has been fixed in version 2.8-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.9-5+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3948-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ioquake3 CVE ID : CVE-2017-11721 A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. For the oldstable distribution (jessie), this problem has been fixed in version 1.36+u20140802+gca9eebb-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.36+u20161101+dfsg1-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 22, 2017 Share Posted August 22, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3949-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : augeas CVE ID : CVE-2017-7555 Debian Bug : 872400 Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings. A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 1.2.0-0.2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.8.0-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3950-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libraw CVE ID : CVE-2017-6886 CVE-2017-6887 Debian Bug : 864183 Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file. For the oldstable distribution (jessie), these problems have been fixed in version 0.16.0-9+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 0.17.2-6+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 23, 2017 Share Posted August 23, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3951-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : smb4k CVE ID : CVE-2017-8849 Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation. For the oldstable distribution (jessie), this problem has been fixed in version 1.2.1-2~deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Debian Bug : 863018 863019 863021 863022 870865 870867 870870 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, information leaks, or potentially, the execution of arbitrary code with the privileges of the user running the application. For the oldstable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-3.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : aodh CVE ID : CVE-2017-12440 Debian Bug : 872605 Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions by adding alarm actions. For the stable distribution (stretch), this problem has been fixed in version 3.0.0-4+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 26, 2017 Share Posted August 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3954-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or bypassing Jar verification. For the oldstable distribution (jessie), these problems have been fixed in version 7u151-2.6.11-1~deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 29, 2017 Share Posted August 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3955-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.1 CVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.26. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/ For the stable distribution (stretch), these problems have been fixed in version 10.1.26-0+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 10.1.26-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3956-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : connman CVE ID : CVE-2017-12865 Debian Bug : 872844 Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service. For the oldstable distribution (jessie), this problem has been fixed in version 1.21-1.2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.33-3+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1.33-3+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1.35-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3957-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2017-9608 CVE-2017-9993 CVE-2017-11399 CVE-2017-11665 CVE-2017-11719 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafted MOV file. CVE-2017-9993 Thierry Foucu discovered that it was possible to leak information from files and symlinks ending in common multimedia extensions, using the HTTP Live Streaming. CVE-2017-11399 Liu Bingchang of IIE discovered an integer overflow in the APE decoder that can be triggered by a crafted APE file. CVE-2017-11665 JunDong Xie of Ant-financial Light-Year Security Lab discovered that an attacker able to craft a RTMP stream can crash FFmpeg. CVE-2017-11719 Liu Bingchang of IIE discovered an out-of-bound access that can be triggered by a crafted DNxHD file. For the stable distribution (stretch), these problems have been fixed in version 7:3.2.7-1~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted August 30, 2017 Share Posted August 30, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3958-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fontforge CVE ID : CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 Debian Bug : 869614 It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 20120731.b-5+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:20161005~dfsg-4+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3959-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-0379 Debian Bug : 873383 Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. See https://eprint.iacr.org/2017/806 for details. For the stable distribution (stretch), this problem has been fixed in version 1.7.6-2+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 1.7.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted September 1, 2017 Share Posted September 1, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3960-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg CVE ID : CVE-2017-7526 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. For the oldstable distribution (jessie), this problem has been fixed in version 1.4.18-7+deb8u4. Link to comment Share on other sites More sharing options...
sunrat Posted September 3, 2017 Share Posted September 3, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3961-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2017-6362 A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. For the oldstable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 2.2.4-2+deb9u2. For the unstable distribution (sid), this problem has been fixed in version 2.2.5-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3962-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez September 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2017-11185 Debian Bug : 872155 A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process crash. For the oldstable distribution (jessie), this problem has been fixed in version 5.2.1-6+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 5.5.1-4+deb9u1. For the testing distribution (buster), this problem has been fixed in version 5.6.0-1. For the unstable distribution (sid), this problem has been fixed in version 5.6.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted September 5, 2017 Share Posted September 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mercurial CVE ID : CVE-2017-9462 CVE-2017-1000115 CVE-2017-1000116 Debian Bug : 861243 871709 871710 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 (fixed in stretch only) Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial's symlink auditing was incomplete, and could be abused to write files outside the repository. CVE-2017-1000116 Joern Schneeweisz discovered that Mercurial did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. For the oldstable distribution (jessie), these problems have been fixed in version 3.1.2-2+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 4.0-1+deb9u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3964-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk CVE ID : CVE-2017-14099 CVE-2017-14100 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands. For additional information please refer to the upstream advisories: http://downloads.asterisk.org/pub/security/AST-2017-005.html http://downloads.asterisk.org/pub/security/AST-2017-006.html For the oldstable distribution (jessie), these problems have been fixed in version 1:11.13.1~dfsg-2+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 1:13.14.1~dfsg-2+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 5, 2017 Share Posted September 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3965-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2017-1000249 Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. For the stable distribution (stretch), this problem has been fixed in version 1:5.30-1+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1:5.32-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3966-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.3 CVE ID : CVE-2015-9096 CVE-2016-7798 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-14064 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0901 Potential file overwrite in the RubyGems client. CVE-2017-0902 DNS hijacking in the RubyGems client. CVE-2017-14064 Heap memory disclosure in the JSON library. For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u1. This update also hardens RubyGems against malicious termonal escape sequences (CVE-2017-0899). Link to comment Share on other sites More sharing options...
sunrat Posted September 12, 2017 Share Posted September 12, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3967-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mbedtls CVE ID : CVE-2017-14032 Debian Bug : 873557 An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates. For the stable distribution (stretch), this problem has been fixed in version 2.4.2-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 2.6.0-1. For the unstable distribution (sid), this problem has been fixed in version 2.6.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3968-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 52.3.0-4~deb8u2. For the stable distribution (stretch), these problems have been fixed in version 52.3.0-4~deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted September 13, 2017 Share Posted September 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3969-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation. CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation. CVE-2017-10915 Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation. CVE-2017-10916 Andrew Cooper discovered an information leak in the handling of the the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch. CVE-2017-10917 Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service. CVE-2017-10918 Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak. CVE-2017-10919 Julien Grall discovered that that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service. CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation CVE-2017-12135 Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation. CVE-2017-12136 Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch. CVE-2017-12137 Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation. CVE-2017-12855 Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use. XSA-235 (no CVE yet) Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u10. For the stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3970-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs24 CVE ID : not yet available Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients). For the oldstable distribution (jessie), this problem has been fixed in version 24.4+1-5+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 24.5+1-11+deb9u1. Link to comment Share on other sites More sharing options...
Recommended Posts