[SECURITY] [DSA 4122-1] squid3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4122-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4092-1] awstats security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4092-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 19, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1218-1] rsync security update

Package : rsync Version : 3.0.9-4+deb7u1 CVE ID : CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 Several vulnerabilities were discovered in rsync, a fast, versatile, remote and local file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. F...

[SECURITY] [DLA 1159-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u13 CVE ID : CVE-2017-16352 CVE-2017-16353 Maor Shwartz, Jeremy Heng and Terry Chia discovered two security vulnerabilities in Graphicsmagick, a collection of image processing tool s. CVE-2017-16352 Graphicsmagick was vulnerable to a heap-based...

[SECURITY] [DLA 1145-1] zoneminder security update

Package : zoneminder Version : 1.25.0-4+deb7u2 CVE ID : CVE-2017-5595 Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability CVE-2017-5595. The application has been found to suffer from many other problems such as SQL injection...

[SECURITY] [DLA 1134-1] sdl-image1.2 security update

Package : sdl-image1.2 Version : 1.2.12-2+deb7u1 CVE ID : CVE-2017-2887 Debian Bug : 878267 It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow resulting in potential co...

[SECURITY] [DLA 1120-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy6 CVE ID : CVE-2017-14867 Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The...

[SECURITY] [DSA 3952-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3928-2] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3928-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 16, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1048-1] ghostscript security update

Package : ghostscript Version : 9.05dfsg-6.3+deb7u7 CVE ID : CVE-2017-7207 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2017-11714 Debian Bug : 858350 869977 869907 869910 869913 869915 869916 869917 Several issues were found in Ghostscript, the GPL...

[SECURITY] [DSA 3922-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3922-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1025-2] bind9 regression update

Package : bind9 The security update announced as DLA-1025-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. F...

[SECURITY] [DSA 3913-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3903-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3903-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 990-1] expat security update

Package : expat Version : 2.1.0-1+deb7u5 CVE ID : CVE-2017-9233 It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library: https://libexpat.github.io/doc/cve-2017-9233/ For Debian 7 "Wheezy", this issue has been fixed in expat version 2.1.0-1+deb7u5. We...

[SECURITY] [DLA 984-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u14 CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 Debian Bug : 863185 850316 tiff was affected by multiple memory leaks CVE-2017-9403, CVE-2017-9404 that could result in denial of service. Furthermore, while the current version in Debian wa...

[SECURITY] [DLA 975-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...

[SECURITY] [DSA 3872-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3872-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 960-1] imagemagick security update

Package : imagemagick Version : 6.7.7.10-5+deb7u14 CVE ID : CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9841 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348...

[SECURITY] [DLA 959-1] libical security update

Package : libical Version : 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : 860451, 852034 It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a special...

[SECURITY] [DSA 3862-1] puppet security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3862-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 952-1] kde4libs security update

Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...

[SECURITY] [DSA 3838-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3838-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 916-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.55-0+deb7u1 CVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Debian Bug : 854713 860544 Several issues have been discover...

[SECURITY] [DLA 911-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u12 CVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Debian Bug : 859998 860000 860001 860003 Multiple security issues have been found in the tiff...

[SECURITY] [DLA 910-1] libreoffice security update

Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u9 CVE ID : CVE-2017-3157 CVE-2017-7870 CVE-2017-3157 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157...

[SECURITY] [DSA 3780-1] ntfs-3g security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3780-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3774-1] lcms2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3754-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 773-3] python-crypto regression update

Package : python-crypto Version : 2.6-4+deb7u6 CVE ID : CVE-2013-7459 Debian Bug : 849495, 850025, 850077 It was discovered that the previous attempt to fix the regression in python-crypto, a cryptographic algorithms and protocols for Python, was incorrect. This regression was initially introduce...

[SECURITY] [DSA 3749-1] dcmtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3749-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3744-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3744-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 750-1] game-music-emu security update

Package : game-music-emu Version : 0.5.5-2+deb7u1 CVE ID : CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 Chris Evans found several issues in the emulation code in game-music-emu that could lead to arbitrary code execution. For Debian 7 "Wheezy", these problems have been...

[SECURITY] [DLA 727-1] gst-plugins-good0.10 security update

Package : gst-plugins-good0.10 Version : 0.10.31-3+nmu1+deb7u1 CVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at...

[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 708-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.53-0+deb7u1 CVE ID : CVE-2016-5584 CVE-2016-7440 Debian Bug : 841050 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such...

[SECURITY] [DLA 696-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 CVE ID : CVE-2016-8864 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processi...

[SECURITY] [DLA 690-1] tar security update

Package : tar Version : 1.26+dfsg-0.1+deb7u1 CVE ID : CVE-2016-6321 Debian Bug : 842339 A vulnerability has been discovered in the tar package that could allow an attacker to overwrite arbitrary files through crafted files. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DLA 680-2] bash version number correction

Package : bash Version : 4.2+dfsg-0.1+deb7u4 CVE ID : CVE-2016-7543 This is a correction of DLA 680-1 that mentioned that bash 4.2+dfsg-0.1+deb7u3 was corrected. The corrected package version was 4.2+dfsg-0.1+deb7u4. For completeness the text from DLA 680-1 available below with only corrected...

[SECURITY] [DSA 3701-2] nginx regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3701-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-1 [email protected] https://www.debian.org/security/ Florian Weimer October 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 661-1] libarchive security update

Package : libarchive Version : 3.0.4-3+wheezy5 CVE ID : CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 Debian Bug : 840934 840935 840936 Agostino Sarubbo of Gentoo discovered several security vulnerabilities in libarchive, a multi-format archive and compression library. An attacker could take advantag...

[SECURITY] [DSA 3660-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3660-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3657-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3657-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 585-1] firefox-esr security update

Package : firefox-esr Version : 45.3.0esr-1deb7u1 CVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 Multiple security issues have been found in the Mozilla Firefox web...

[SECURITY] [DSA 3632-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 563-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u5 CVE ID : CVE-2016-6161 A global out of bounds read when encoding gif from malformed input was found in this software. When given invalid inputs, we might be fed the EOF marker before it is actually the EOF. The gif logic assumes once it sees the...

[SECURITY] [DSA 3624-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3624-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 536-1] wget security update

Package : wget Version : 1.13.4-3+deb7u3 CVE ID : CVE-2016-4971 Debian Bug : 827003 On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a...