[SECURITY] [DSA 4180-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4180-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4180-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4180-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4178-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4178-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1353-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u10 CVE ID : CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7332 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 It was discovered that wireshark, a network protocol...

[SECURITY] [DLA 1346-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u19 CVE ID : CVE-2018-7456 Debian Bug : 891288 A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function tifprint.c when using the tiffinfo tool to print crafted TIFF information. This vulnerability could be leveraged by remote attackers to...

[SECURITY] [DLA 1327-1] thunderbird security update

Package : thunderbird Version : 1:52.7.0-1deb7u1 CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. Fo...

[SECURITY] [DSA 4154-1] net-snmp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4154-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1320-1] samba security update

Package : samba Version : 3.6.6-6+deb7u16 CVE ID : CVE-2018-1050 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba i...

[SECURITY] [DLA 1312-1] libvorbisidec security update

Package : libvorbisidec Version : 1.0.2+svn18153-0.2+deb7u1 CVE ID : CVE-2018-5147 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opene...

[SECURITY] [DLA 1311-1] adminer security update

Package : adminer Version : 3.3.3-1+deb7u1 CVE ID : CVE-2018-7667 Debian Bug : 893668 It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary systems and...

[SECURITY] [DLA 1303-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u4 CVE ID : CVE-2018-7536 CVE-2018-7537 Several functions were extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in several regular expressions. CVE-2018-7536 The django.utils.html.urlize function was extremel...

[SECURITY] [DSA 4133-1] isc-dhcp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4133-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1286-1] quagga security update

Package : quagga Version : 0.99.22.4-1+wheezy3+deb7u3 CVE ID : CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that...

[SECURITY] [DSA 4112-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4112-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1263-1] curl security update

Package : curl Version : 7.26.0-1+wheezy24 CVE ID : CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects. For Debian 7 "Wheezy", these problems have been fixed in version 7.26.0-1+wheezy24. We recommend that you upgra...

[SECURITY] [DLA 1259-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u18 CVE ID : CVE-2017-18013 Debian Bug : 885985 A vulnerability has been discovered in the libtiff image processing library which may result in an application crash and denial of service. CVE-2017-18013 NULL pointer dereference via crafted TIFF image For Debia...

[SECURITY] [DSA 4074-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4074-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4072-1] bouncycastle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4072-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1211-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy12 CVE ID : CVE-2017-15412 CVE-2017-15412 It was detected that some function calls in the XPath extensions functions could result in memory corruption due to "use after free". For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 4068-1] rsync security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4068-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1199-1] thunderbird security update

Package : thunderbird Version : 1:52.5.0-1deb7u1 CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution o...

[SECURITY] [DLA 1195-1] curl security update

Package : curl Version : 7.26.0-1+wheezy23 CVE ID : CVE-2017-8817 CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern,...

[SECURITY] [DLA 1189-1] python2.7 security update

Package : python2.7 Version : 2.7.3-6+deb7u4 CVE ID : CVE-2017-1000158 A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython the reference implementation of Python also commonly known as simply Python version...

[SECURITY] [DSA 4035-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1151-2] wordpress regression update

Package : wordpress Version : 3.6.1+dfsg-1deb7u19 Debian Bug : 881088 The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed a...

[SECURITY] [DSA 4024-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4024-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4023-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4020-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4020-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1154-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u12 CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 CVE-2017-14994 CVE-2017-14997 CVE-2017-15930 Debian Bug : 879999 Multiple vulnerabilities were found in graphicsmagick. CVE-2017-14103 The ReadJNGImage and ReadOneJNGImage...

[SECURITY] [DLA 1144-1] git-annex security update

Package : git-annex Version : 3.20120629+deb7u1 CVE ID : CVE-2017-12976 Debian Bug : 873088 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related...

[SECURITY] [DLA 1103-1] bluez security update

Package : bluez Version : 4.99-2+deb7u1 CVE ID : CVE-2017-1000250 Debian Bug : 875633 The SDP server in BlueZ is vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the...

[SECURITY] [DSA 3982-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3942-1] supervisor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1045-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u8 CVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-11643 Debian Bug : 867077 867746 870149 Multiple security vulnerabilities, NULL pointer...

[SECURITY] [DLA 1046-1] lucene-solr security update

Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u2 CVE ID : CVE-2017-3163 Debian Bug : 867712 lucene-solr handler supports an HTTP API /replication?command=filecontent&file=filename which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user...

[SECURITY] [DSA 3904-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3904-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 945-1] mysql-connector-java security update

Package : mysql-connector-java Version : 5.1.42-1deb7u1 CVE ID : CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 Several issues were discovered in mysql-connector-java that allow attackers to execute arbitrary code, insert or delete access to some of MySQL Connectors accessible data as well as...

[SECURITY] [DSA 3848-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3839-1] freetype security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 918-1] freetype security update

Package : freetype Version : 2.4.9-1.1+deb7u6 CVE ID : CVE-2017-8105 Debian Bug : 861220 860303 It was found that an out of bounds write caused by a heap-based buffer overflow could be triggered in freetype via a crafted font. This update also reverts the fix for CVE-2016-10328, as it was...

[SECURITY] [DLA 896-1] icedove/thunderbird security update

Package : icedove Version : 1:45.8.0-3deb7u1 CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...

[SECURITY] [DLA 868-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u12 CVE ID : CVE-2016-10062 CVE-2017-6498 CVE-2017-6500 Debian Bug : 849439 856878 856879 Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include denial of service and...

[SECURITY] [DSA 3816-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3816-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 806-1] zoneminder security update

Package : zoneminder Version : 1.25.0-4+deb7u1 CVE ID : CVE-2016-10140 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web...

[SECURITY] [DLA 744-1] icu security update

Package : icu Version : 4.8.1.1-12+deb7u6 CVE ID : CVE-2014-9911 CVE-2016-7415 Debian Bug : 838694 Brief introduction CVE-2014-9911 Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via...

[SECURITY] [DSA 3715-1] moin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3715-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3707-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3691-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 648-1] c-ares security update

Package : c-ares Version : 1.9.1-3+deb7u1 CVE ID : CVE-2016-5180 Debian Bug : 839151 Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to...

[SECURITY] [DLA 640-1] icedove security update

Package : icedove Version : 1:45.3.0-1deb7u1 CVE ID : CVE-2016-2836 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For Debian 7 "Wheezy",...