[SECURITY] [DLA 1269-1] dokuwiki security update

Package : dokuwiki Version : 0.0.20120125b-2+deb7u2 CVE ID : CVE-2017-18123 Debian Bug : 889281 It was discovered that an XHR/AJAX call did not properly encode user input in the "dokuwiki" wiki platform. This resulted in a reflected file download vulnerability. For Debian 7 "Wheezy", this issue h...

[SECURITY] [DLA 1268-1] p7zip security update

Package : p7zip Version : 9.20.1dfsg.1-4+deb7u3 CVE ID : CVE-2017-17969 Debian Bug : 888297 The p7zip package has a heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows remote attackers to cause a denial of service out-of-bounds write or potentiall...

[SECURITY] [DLA 1267-1] squid security update

Package : squid Version : 2.7.STABLE9-4.1+deb7u3 CVE ID : CVE-2018-1000027 Debian Bug : 888720 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading...

[SECURITY] [DLA 1266-1] squid3 security update

Package : squid3 Version : 3.1.20-2.2+deb7u8 CVE ID : CVE-2018-1000024 CVE-2018-1000027 Debian Bug : 888719 888720 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA...

[SECURITY] [DLA 1249-2] smarty3 regression update

Package : smarty3 Version : 3.1.10-2+deb7u3 CVE ID : CVE-2017-1000480 Debian Bug : 886460 It was previously discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially-crafted filename in comments could result in arbitrary code execution. However, t...

[SECURITY] [DSA 4103-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4103-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 31, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1265-1] krb5 security update

Package : krb5 Version : 1.10.1+dfsg-5+deb7u9 CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120 Debian Bug : 728845 762479 773226 778647 819468 832572 Kerberos, a system for authenticating users and services on a network, was affected by several...

[SECURITY] [DSA 4102-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4102-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4094-2] smarty3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4094-2 [email protected] https://www.debian.org/security/ January 30, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4094-2] smarty3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4094-2 [email protected] https://www.debian.org/security/ January 30, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DLA 1264-1] unbound security update

Package : unbound Version : 1.4.17-3+deb7u3 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence NXDOMAIN answe...

[SECURITY] [DLA 1263-1] curl security update

Package : curl Version : 7.26.0-1+wheezy24 CVE ID : CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects. For Debian 7 "Wheezy", these problems have been fixed in version 7.26.0-1+wheezy24. We recommend that you upgra...

[SECURITY] [DLA 1263-1] debian-security-support update

Package : debian-security-support Version : 2018.01.29deb7u1 This update marks several packages as no longer supported by wheezy-lts: teamspeak-server, teamspeak-client, libstruts1.2-java, nvidia-graphics-drivers, glassfish, jbossas4, libnet-ping-external-perl, mp3gain, tor, jasperreports. For th...

[SECURITY] [DLA 1262-1] thunderbird security update

Package : thunderbird Version : 1:52.6.0-1deb7u1 CVE ID : CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Debian Bug : 885157 885158 887766 Multiple security issues have been found in the Mozilla Thunderbi...

[SECURITY] [DSA 4101-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4101-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 28, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1261-1] clamav security update

Package : clamav Version : 0.99.2+dfsg-0+deb7u4 CVE ID : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 Debian Bug : 888484 824196 Multiple vulnerabilities have been discovered in clamav, the ClamAV AntiVirus toolkit for Unix. Effects rang...

[SECURITY] [DLA 1260-1] tiff3 security update

Package : tiff3 Version : 3.9.6-11+deb7u9 CVE ID : CVE-2017-18013 Debian Bug : 885985 A vulnerability has been discovered in the libtiff image processing library which may result in an application crash and denial of service. CVE-2017-18013 NULL pointer dereference via crafted TIFF image For Debi...

[SECURITY] [DLA 1259-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u18 CVE ID : CVE-2017-18013 Debian Bug : 885985 A vulnerability has been discovered in the libtiff image processing library which may result in an application crash and denial of service. CVE-2017-18013 NULL pointer dereference via crafted TIFF image For Debia...

[SECURITY] [DSA 4100-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4100-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4099-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4099-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1258-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u9 CVE ID : CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 Kamil Frankowicz and Young found that several parsers of wireshark could be crashed by malformed packets. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DLA 1257-1] openssh security update

Package : openssh Version : 1:6.0p1-4+deb7u7 CVE ID : CVE-2016-10708 OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack. For Debian 7 "Wheezy", these problems have been fixed in version 1:6.0p1-4+deb7u7. We...

[SECURITY] [DSA 4098-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4098-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini January 26, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4097-1] poppler security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4097-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4096-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4096-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1256-1] firefox-esr security update

Package : firefox-esr Version : 52.6.0esr-1deb7u1 CVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Several security issues have been found in the Mozilla Firefox web browser: Multiple...

[SECURITY] [DSA 4095-1] gcab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4095-1] gcab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4094-1] smarty3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4094-1 [email protected] https://www.debian.org/security/ January 22, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4094-1] smarty3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4094-1 [email protected] https://www.debian.org/security/ January 22, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DLA 1255-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 CVE ID : CVE-2017-3145 Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and...

[SECURITY] [DLA 1254-1] lucene-solr security update

Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u3 CVE ID : CVE-2017-12629 Michael Stepankin and Olga Barinova discovered a remote code execution vulnerability in Apache Solr by exploiting XML External Entity processing XXE in conjunction with use of a Config API add-listener command to reach th...

[SECURITY] [DLA 1253-1] openocd security update

Package : openocd Version : 0.5.0-1+deb7u1 CVE ID : CVE-2018-5704 Debian Bug : 887488 OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks...

[SECURITY] [DLA 1252-1] couchdb security update

Package : couchdb Version : 1.2.0-5+deb7u1 CVE ID : CVE-2017-12635 CVE-2017-12636 CVE-2017-12635 Prevent non-admin users to give themselves admin privileges. CVE-2017-12636 Blacklist some configuration options to prevent execution of arbitrary shell commands as the CouchDB user For Debian 7...

[SECURITY] [DLA 1251-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u12 CVE ID : CVE-2018-5712 It was discovered that PHP5 was vulnerable to a reflected cross-site scripting XSS attack on the PHAR 404 error page by manipulating the URI of a request for a .phar file. This issue is only exploitable if the web server is configur...

[SECURITY] [DLA 1250-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.59-0+deb7u1 CVE ID : CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes...

[SECURITY] [DLA 1249-1] smarty3 security update

Package : smarty3 Version : 3.1.10-2+deb7u2 CVE ID : CVE-2017-1000480 Debian Bug : 886460 It was discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially-crafted filename in comments could result in arbitray code execution. Thanks to Mike Gabriel...

[SECURITY] [DSA 4092-1] awstats security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4092-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 19, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4092-1] awstats security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4092-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 19, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1248-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u11 CVE ID : CVE-2018-5711 Debian Bug : 887485 It was discovered that there was a denial-of-service attack in the libgd2 image library. A corrupt file could have exploited a signedness confusion leading to an infinite loop. For Debian 7 "Wheezy",...

[SECURITY] [DLA 1247-1] rsync security update

Package : rsync Version : 3.0.9-4+deb7u2 CVE ID : CVE-2018-5764 Debian Bug : 887588 It was discovered that there was an injection vulnerability in the rsync file-copying tool. For Debian 7 "Wheezy", this issue has been fixed in rsync version 3.0.9-4+deb7u2. We recommend that you upgrade your rsyn...

[SECURITY] [DLA 1246-1] transmission security update

Package : transmission Version : 2.52-3+nmu3 CVE ID : CVE-2018-5702 Debian Bug : 886990 Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if ...

[SECURITY] [DSA 4091-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4091-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 18, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4091-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4091-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 18, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4090-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4090-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4090-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4090-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4089-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4089-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 16, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4089-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4089-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 16, 2018 https://www.debian.org/security/faq -...