sunrat Posted May 4, 2017 Share Posted May 4, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3842-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2017-5647 CVE-2017-5648 Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications. For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u10. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3843-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2017-5647 CVE-2017-5648 Debian Bug : 860068 860069 Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications. For the stable distribution (jessie), these problems have been fixed in version 8.0.14-1+deb8u9. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 8.5.11-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3844-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-3658 CVE-2016-9535 CVE-2016-10266 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u3. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.0.7-6. For the unstable distribution (sid), these problems have been fixed in version 4.0.7-6. Link to comment Share on other sites More sharing options...
sunrat Posted May 8, 2017 Share Posted May 8, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3845-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtirpc CVE ID : CVE-2017-8779 Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings). For the stable distribution (jessie), this problem has been fixed in version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind. For the upcoming stable distribution (stretch), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind. For the unstable distribution (sid), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind. Link to comment Share on other sites More sharing options...
sunrat Posted May 9, 2017 Share Posted May 9, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3846-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libytnef CVE ID : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 Debian Bug : Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file. For the stable distribution (jessie), these problems have been fixed in version 1.5-6+deb8u1. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 1.9.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024 CVE-2017-7228 Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks. In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u9. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 4.8.1-1+deb9u1. Link to comment Share on other sites More sharing options...
sunrat Posted May 10, 2017 Share Posted May 10, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For the stable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 1:2.11.0-3. Link to comment Share on other sites More sharing options...
sunrat Posted May 13, 2017 Share Posted May 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kde4libs CVE ID : CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file. CVE-2017-8422 Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account. For the stable distribution (jessie), these problems have been fixed in version 4:4.14.2-5+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 4:4.14.26-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3850-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rtmpdump CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272 Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. For the stable distribution (jessie), these problems have been fixed in version 2.4+20150115.gita107cef-1+deb8u1. For the upcoming stable distribution (stretch), these problems have been fixed in version 2.4+20151223.gitfa8646d.1-1. For the unstable distribution (sid), these problems have been fixed in version 2.4+20151223.gitfa8646d.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3851-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. For the stable distribution (jessie), these problems have been fixed in version 9.4.12-0+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted May 13, 2017 Share Posted May 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3852-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squirrelmail CVE ID : CVE-2017-7692 Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. For the stable distribution (jessie), this problem has been fixed in version 2:1.4.23~svn20120406-2+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted May 14, 2017 Share Posted May 14, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3854-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Debian Bug : 860224 860225 860226 Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break-dnssec yes;" option, allowing a remote attacker to cause a denial-of-service. CVE-2017-3137 It was discovered that BIND makes incorrect assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records, leading to situations where BIND exits with an assertion failure. An attacker can take advantage of this condition to cause a denial-of-service. CVE-2017-3138 Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a REQUIRE assertion failure if it receives a null command string on its control channel. Note that the fix applied in Debian is only applied as a hardening measure. Details about the issue can be found at https://kb.isc.org/article/AA-01471 . For the stable distribution (jessie), these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u11. For the unstable distribution (sid), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3. Link to comment Share on other sites More sharing options...
sunrat Posted May 16, 2017 Share Posted May 16, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3853-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bitlbee CVE ID : CVE-2016-10188 CVE-2016-10189 It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands. For the stable distribution (jessie), these problems have been fixed in version 3.2.2-2+deb8u1. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 3.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 21, 2017 Share Posted May 21, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3793-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shadow Debian Bug : 862806 The update for the shadow suite issued as DSA-3793-1 introduced a regression in su signal handling. If su receives a signal like SIGTERM, it is not propagated to the child. Updated packages are now available to correct this issue. For the stable distribution (jessie), this problem has been fixed in version 1:4.2-3+deb8u4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3855-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jbig2dec CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 Debian Bug : 860460 860787 860788 Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened. For the stable distribution (jessie), these problems have been fixed in version 0.13-4~deb8u2. For the unstable distribution (sid), these problems have been fixed in version 0.13-4.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3856-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : deluge CVE ID : CVE-2017-7178 CVE-2017-9031 Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery). For the stable distribution (jessie), these problems have been fixed in version 1.3.10-3+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 1.3.13+git20161130.48cedf63-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3857-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-connector-java CVE ID : CVE-2017-3586 CVE-2017-3589 Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. For the stable distribution (jessie), these problems have been fixed in version 5.1.42-1~deb8u1. For the upcoming stable distribution (stretch), these problems have been fixed in version 5.1.42-1. For the unstable distribution (sid), these problems have been fixed in version 5.1.42-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3858-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography. For the stable distribution (jessie), these problems have been fixed in version 7u131-2.6.9-2~deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3859-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dropbear CVE ID : CVE-2017-9078 CVE-2017-9079 Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client: CVE-2017-9078 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the "-a" option. CVE-2017-9079 Jann Horn discovered a local information leak in parsing the .authorized_keys file. For the stable distribution (jessie), these problems have been fixed in version 2014.65-1+deb8u2. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted May 25, 2017 Share Posted May 25, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3860-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2017-7494 steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. For the stable distribution (jessie), this problem has been fixed in version 2:4.2.14+dfsg-0+deb8u6. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3861-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-6 CVE ID : CVE-2017-6891 Debian Bug : 863186 Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file. For the stable distribution (jessie), this problem has been fixed in version 4.2-3+deb8u3. Link to comment Share on other sites More sharing options...
sunrat Posted May 26, 2017 Share Posted May 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3862-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet CVE ID : CVE-2017-2295 It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way to restore it. This affects puppet agents running on Debian wheezy; we recommend to update the the puppet version shipped in wheezy-backports. For the stable distribution (jessie), this problem has been fixed in version 3.7.2-4+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 4.8.2-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3863-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Debian Bug : 860736 862577 859771 859769 860734 862572 862574 862573 862575 862590 862589 862587 862632 862633 862634 862635 862636 862578 860735 862653 862637 863126 863125 863124 863123 862967 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u9. For the upcoming stable distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-8. For the unstable distribution (sid), these problems have been fixed in version 8:6.9.7.4+dfsg-8. Link to comment Share on other sites More sharing options...
sunrat Posted May 28, 2017 Share Posted May 28, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3864-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fop CVE ID : CVE-2017-5661 It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure. For the stable distribution (jessie), this problem has been fixed in version 1:1.1.dfsg2-1+deb8u1. For the upcoming stable distribution (stretch), this problem has been fixed in version 1:2.1-6. For the unstable distribution (sid), this problem has been fixed in version 1:2.1-6. Link to comment Share on other sites More sharing options...
sunrat Posted May 29, 2017 Share Posted May 29, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3865-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mosquitto CVE ID : CVE-2017-7650 It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. For the stable distribution (jessie), this problem has been fixed in version 1.3.4-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.4.10-3. Link to comment Share on other sites More sharing options...
sunrat Posted May 31, 2017 Share Posted May 31, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3866-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez May 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2017-9022 CVE-2017-9023 Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. CVE-2017-9023 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. A fix for a build failure was additionally included in the 5.2.1-6+deb8u4 revision of the strongSwan package. For the stable distribution (jessie), these problems have been fixed in version 5.2.1-6+deb8u3. For the upcoming stable distribution (stretch), these problems have been fixed in version 5.5.1-4 For the unstable distribution (sid), these problems have been fixed in version 5.5.1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sudo CVE ID : CVE-2017-1000367 Debian Bug : 863731 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges. For the stable distribution (jessie), this problem has been fixed in version 1.8.10p3-1+deb8u4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3868-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openldap CVE ID : CVE-2017-9287 Debian Bug : 863563 Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend. For the stable distribution (jessie), this problem has been fixed in version 2.4.40+dfsg-1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 2.4.44+dfsg-5. Link to comment Share on other sites More sharing options...
sunrat Posted June 1, 2017 Share Posted June 1, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tnef CVE ID : CVE-2017-8911 Debian Bug : 862442 It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash. For the stable distribution (jessie), this problem has been fixed in version 1.4.9-1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 1.4.12-1.2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u13. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 4.7.5+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3871-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zookeeper CVE ID : CVE-2017-5637 It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively (and the full set of commands can be restored with '*') For the stable distribution (jessie), this problem has been fixed in version 3.4.5+dfsg-2+deb8u2. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3872-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2017-5461 CVE-2017-5462 CVE-2017-7502 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure. For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u2. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted June 5, 2017 Share Posted June 5, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3873-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2017-6512 Debian Bug : 863870 The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value. For the stable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u7. For the upcoming stable distribution (stretch), this problem has been fixed in version 5.24.1-3. For the unstable distribution (sid), this problem has been fixed in version 5.24.1-3. Link to comment Share on other sites More sharing options...
sunrat Posted June 9, 2017 Share Posted June 9, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3874-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ettercap CVE ID : CVE-2017-6430 CVE-2017-8366 Debian Bug : 857035 861604 Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash. For the stable distribution (jessie), these problems have been fixed in version 1:0.8.1-3+deb8u1. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 1:0.8.2-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3875-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libmwaw CVE ID : CVE-2017-9433 It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened. For the stable distribution (jessie), this problem has been fixed in version 0.3.1-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 0.3.9-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3876-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2017-9324 Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges. For the stable distribution (jessie), this problem has been fixed in version 3.3.9-3+deb8u1. For the upcoming stable distribution (stretch), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.0.20-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 10, 2017 Share Posted June 10, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3877-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : CVE-2017-0376 Debian Bug : 864424 It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005). For the stable distribution (jessie), this problem has been fixed in version 0.2.5.14-1. For the upcoming stable distribution (stretch), this problem will be fixed in version 0.2.9.11-1~deb9u1. For the unstable distribution (sid), this problem has been fixed in version 0.2.9.11-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 12, 2017 Share Posted June 12, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3878-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zziplib CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed. For the stable distribution (jessie), these problems have been fixed in version 0.13.62-3+deb8u1. For the upcoming stable distribution (stretch), these problems have been fixed in version 0.13.62-3.1. For the unstable distribution (sid), these problems have been fixed in version 0.13.62-3.1. Link to comment Share on other sites More sharing options...
sunrat Posted June 13, 2017 Share Posted June 13, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3879-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libosip2 CVE ID : CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages. For the stable distribution (jessie), these problems have been fixed in version 4.1.0-2+deb8u1. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.1.0-2.1. For the unstable distribution (sid), these problems have been fixed in version 4.1.0-2.1. Link to comment Share on other sites More sharing options...
sunrat Posted June 15, 2017 Share Posted June 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3880-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-9526 It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure. For the stable distribution (jessie), this problem has been fixed in version 1.6.3-2+deb8u3. For the upcoming stable distribution (stretch), this problem has been fixed in version 1.7.6-2. For the unstable distribution (sid), this problem has been fixed in version 1.7.6-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3881-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases (ESR) of Firefox. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases. For the stable distribution (jessie), these problems have been fixed in version 52.2.0esr-1~deb8u1. For the upcoming stable distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 52.2.0esr-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 15, 2017 Share Posted June 15, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3882-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker4 CVE ID : CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6127 It was discovered that Request Tracker is vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file with a certain content type. Installations which use the AlwaysDownloadAttachments config setting are unaffected by this flaw. The applied fix addresses all existant and future uploaded attachments. CVE-2017-5361 It was discovered that Request Tracker is vulnerable to timing side-channel attacks for user passwords. CVE-2017-5943 It was discovered that Request Tracker is prone to an information leak of cross-site request forgery (CSRF) verification tokens if a user is tricked into visiting a specially crafted URL by an attacker. CVE-2017-5944 It was discovered that Request Tracker is prone to a remote code execution vulnerability in the dashboard subscription interface. A privileged attacker can take advantage of this flaw through carefully-crafted saved search names to cause unexpected code to be executed. The applied fix addresses all existant and future saved searches. Additionally to the above mentioned CVEs, this update workarounds CVE-2015-7686 in Email::Address which could induce a denial of service of Request Tracker itself. For the stable distribution (jessie), these problems have been fixed in version 4.2.8-3+deb8u2. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.4.1-3+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 4.4.1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rt-authen-externalauth CVE ID : CVE-2017-5361 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable. For the stable distribution (jessie), this problem has been fixed in version 0.25-1+deb8u1. Link to comment Share on other sites More sharing options...
sunrat Posted June 17, 2017 Share Posted June 17, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls28 CVE ID : CVE-2017-7507 Debian Bug : 864560 Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service). For the stable distribution (jessie), this problem has been fixed in version 3.3.8-6+deb8u6. For the upcoming stable distribution (stretch), this problem has been fixed in version 3.5.8-5+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 3.5.8-6. Link to comment Share on other sites More sharing options...
sunrat Posted June 18, 2017 Share Posted June 18, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3885-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : irssi CVE ID : CVE-2017-9468 CVE-2017-9469 Debian Bug : 864400 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9468 Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. CVE-2017-9469 Joseph Bisch discovered that Irssi does not properly handle receiving incorrectly quoted DCC files. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 0.8.17-1+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-1+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.3-1. Link to comment Share on other sites More sharing options...
sunrat Posted June 20, 2017 Share Posted June 20, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3887-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : glibc CVE ID : CVE-2017-1000366 The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For the oldstable distribution (jessie), this problem has been fixed in version 2.19-18+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 2.24-11+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3888-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2017-1000369 The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For the oldstable distribution (jessie), this problem has been fixed in version 4.84.2-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 4.89-2+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3886-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895 CVE-2017-8064 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 CVE-2017-1000364 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0605 A buffer overflow flaw was discovered in the trace subsystem. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured. CVE-2017-7645 Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service. CVE-2017-7895 Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space. CVE-2017-8064 Arnd Bergmann found that the DVB-USB core misused the device logging system, resulting in a use-after-free vulnerability, with unknown security impact. CVE-2017-8890 It was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact. CVE-2017-8924 Johan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected. CVE-2017-8925 Johan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices. CVE-2017-9074 Andrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash). CVE-2017-9075 Andrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user. CVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075. CVE-2017-9242 Andrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation. CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation. The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line. Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For the oldstable distribution (jessie), these problems have been fixed in version 3.16.43-2+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 4.9.30-2+deb9u1 or earlier versions before the stretch release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3889-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez June 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libffi CVE ID : CVE-2017-1000376 Debian Bug : 751907 libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for example the "stack clash" class of vulnerabilities discovered by Qualys Research Labs. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For the oldstable distribution (jessie), this problem has been fixed in version 3.1-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 3.2.1-4. For the testing distribution (buster), this problem has been fixed in version 3.2.1-4. For the unstable distribution (sid), this problem has been fixed in version 3.2.1-4. Link to comment Share on other sites More sharing options...
sunrat Posted June 22, 2017 Share Posted June 22, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3890-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2017-9736 Debian Bug : 864921 Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. For the stable distribution (stretch), this problem has been fixed in version 3.1.4-3~deb9u1. For the testing distribution (buster), this problem has been fixed in version 3.1.4-3. For the unstable distribution (sid), this problem has been fixed in version 3.1.4-3. Link to comment Share on other sites More sharing options...
sunrat Posted June 26, 2017 Share Posted June 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3891-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2017-5664 Debian Bug : 864447 802312 Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page. For the oldstable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 8.5.14-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 8.5.14-2. For the unstable distribution (sid), this problem has been fixed in version 8.5.14-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3892-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2017-5664 Debian Bug : 864447 802312 Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page. For the oldstable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 7.0.72-3. For the testing distribution (buster), this problem has been fixed in version 7.0.72-3. For the unstable distribution (sid), this problem has been fixed in version 7.0.72-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3893-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jython CVE ID : CVE-2016-4000 Debian Bug : 864859 Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.5.3-16+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 2.5.3-17. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3894-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphite2 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For the oldstable distribution (jessie), these problems have been fixed in version 1.3.10-1~deb8u1. For the stable distribution (stretch), these problems have been fixed prior to the initial release. Link to comment Share on other sites More sharing options...
sunrat Posted June 26, 2017 Share Posted June 26, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3895-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flatpak CVE ID : CVE-2017-9780 It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. For the stable distribution (stretch), this problem has been fixed in version 0.8.5-2+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 0.8.7-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service. CVE-2017-7659 Robert Swiecki reported that a specially crafted HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. CVE-2017-7668 Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. CVE-2017-7679 ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. For the oldstable distribution (jessie), these problems have been fixed in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not affected by CVE-2017-7659. For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 2.4.25-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3897-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2015-7943 CVE-2017-6922 Debian Bug : 865498 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2015-004 CVE-2017-6922 Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2017-003 For the oldstable distribution (jessie), these problems have been fixed in version 7.32-1+deb8u9. For the stable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u1. For the stable distribution (stretch), CVE-2015-7943 was already fixed before the initial release. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3898-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2016-9063 CVE-2017-9233 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 2.2.0-2+deb9u1. For the stable distribution (stretch), CVE-2016-9063 was already fixed before the initial release. For the testing distribution (buster), these problems have been fixed in version 2.2.1-1 or earlier version. For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier version. Link to comment Share on other sites More sharing options...
sunrat Posted July 2, 2017 Share Posted July 2, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3899-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : CVE-2017-8310 CVE-2017-8311 CVE-2017-8312 CVE-2017-8313 Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 2.2.6-1~deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3886-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux Debian Bug : 865303 The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation. The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line. Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For the oldstable distribution (jessie), this problem has been fixed in version 3.16.43-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 4.9.30-2+deb9u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3900-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openvpn CVE ID : CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Debian Bug : 865480 Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-7508 Guido Vranken discovered that openvpn did not properly handle specific malformed IPv6 packets. This would allow a remote attacker to cause a denial-of-service via application crash. CVE-2017-7520 Guido Vranken discovered that openvpn did not properly handle clients connecting to an HTTP proxy with NTLMv2 authentication. This would allow a remote attacker to cause a denial-of-service via application crash, or potentially leak sensitive information like the user's proxy password. CVE-2017-7521 Guido Vranken discovered that openvpn did not properly handle some x509 extensions. This would allow a remote attacker to cause a denial-of-service via application crash. For the oldstable distribution (jessie), these problems have been fixed in version 2.3.4-5+deb8u2. For the stable distribution (stretch), these problems have been fixed in version 2.4.0-6+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2.4.3-1. For the unstable distribution (sid), these problems have been fixed in version 2.4.3-1. Link to comment Share on other sites More sharing options...
sunrat Posted July 2, 2017 Share Posted July 2, 2017 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3901-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-7526 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.3-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1.7.6-2+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1.7.8-1. For the unstable distribution (sid), this problem has been fixed in version 1.7.8-1. Link to comment Share on other sites More sharing options...
Recommended Posts