[SECURITY] [DLA 1243-1] xbmc security update

Package : xbmc Version : 2:11.0git20120510.82388d5-1+deb7u1 CVE ID : CVE-2017-8314 Debian Bug : 863230 The Check Point Research Team discovered that the XBMC media center allows arbitrary file write when a malicious subtitle file is downloaded in zip format. This update requires the new dependenc...

[SECURITY] [DLA 1245-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u17 CVE ID : CVE-2018-5685 Debian Bug : 887158 A vulnerability has been discovered in GraphicsMagick, a collection of image processing tools, which may result in a denial of service. CVE-2018-5685: An infinite loop and application hang has been...

[SECURITY] [DLA 1244-1] ca-certificates update

Package : ca-certificates Version : 20130119+deb7u2 Debian Bug : 858064 858539 This release does a complete update of the CA list. This includes removing the StartCom and WoSign certificates to as they are now untrusted by the major browser vendors. This includes 1024-bit root certificates 858064...

[SECURITY] [DSA 4088-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4088-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1242-1] xmltooling security update

Package : xmltooling Version : 1.4.2-5+deb7u2 CVE ID : CVE-2018-0486 Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to...

[SECURITY] [DSA 4087-1] transmission security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4087-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1241-1] libkohana2-php security update

Package : libkohana2-php Version : 2.3.4-2+deb7u1 CVE ID : CVE-2016-10510 David Sopas discovered that Kohana, a PHP framework, was vulnerable to a Cross-site scripting XSS attack that allowed remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection...

[SECURITY] [DSA 4086-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4086-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4086-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4086-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4085-1] xmltooling security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4085-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4084-1] gifsicle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4084-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4084-1] gifsicle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4084-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1240-1] ming security update

Package : ming Version : 1:0.4.4-1.1+deb7u6 CVE ID : CVE-2017-11732 CVE-2017-16883 CVE-2017-16898 Multiple vulnerabilities have been discovered in Ming: CVE-2017-11732 heap-based buffer overflow vulnerability in the function dcputs util/decompile.c in Ming = 0.4.8, which allows attackers to cause...

[SECURITY] [DSA 4083-1] poco security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4083-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 11, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4083-1] poco security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4083-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 11, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1239-1] poco security update

Package : poco Version : 1.3.6p1-4+deb7u1 CVE ID : CVE-2017-1000472...

[SECURITY] [DLA 1238-1] awstats security update

Package : awstats Version : 7.0dfsg-7+deb7u1 CVE ID : CVE-2017-1000501 Debian Bug : 885835 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. For Debian 7 "Wheezy", the...

[SECURITY] [DLA 1237-1] plexus-utils2 security update

Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject...

[SECURITY] [DLA 1236-1] plexus-utils security update

Package : plexus-utils Version : 1:1.5.15-4+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to injec...

[SECURITY] [DLA 1234-2] gdk-pixbuf regression update

Package : gdk-pixbuf Version : 2.26.1-1+deb7u8 Debian Bug : 886721 The patch introduced in DLA-1234-1 had a problem that caused gdk-pixbufs gif module to fail to load. For Debian 7 "Wheezy", these problems have been fixed in version 2.26.1-1+deb7u8. We recommend that you upgrade your gdk-pixbuf...

[SECURITY] [DSA 4082-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4082-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 09, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4082-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4082-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 09, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4081-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4080-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4080-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1235-1] opencv security update

Package : opencv Version : 2.3.1-11+deb7u3 CVE ID : CVE-2017-17760 CVE-2017-1000450 Opencv 3.3 and earlier has problems while reading data, which might result in either buffer overflows or integer overflows. For Debian 7 "Wheezy", these problems have been fixed in version 2.3.1-11+deb7u3. We...

[SECURITY] [DLA 1234-1] gdk-pixbuf security update

Package : gdk-pixbuf Version : 2.26.1-1+deb7u7 CVE ID : CVE-2017-1000422 It was discovered that there were several integer overflows in gdk-pixbuf, a library to manipulate images for the GTK graphics toolkit. This could have led to memory corruption and potential code execution. For Debian 7...

[SECURITY] [DLA 1233-1] gifsicle security update

Package : gifsicle Version : 1.67-1.1deb7u1 CVE ID : CVE-2017-1000421 It was discovered that there was a use-after-free vulnerability in gifsicle, a command-line tool for manipulating GIF images. For Debian 7 "Wheezy", this issue has been fixed in gifsicle version 1.67-1.1deb7u1. We recommend tha...

[SECURITY] [DLA 1231-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u16 CVE ID : CVE-2017-17498 CVE-2017-17500 CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 CVE-2017-17912 CVE-2017-17915 Debian Bug : 884905 The NSFocus Security Team discovered multiple security issues in Graphicsmagick, a collection ...

[SECURITY] [DLA 1232-1] linux security update

Package : linux Version : 3.2.96-3 CVE ID : CVE-2017-5754 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5754...

[SECURITY] [DSA 4079-1] poppler security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4079-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1230-1] xen security update

Package : xen Version : 4.1.6.lts1-11 CVE ID : CVE-2017-17044 CVE-2017-17045 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the...

[SECURITY] [DSA 4078-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4078-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 04, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1229-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u20 CVE ID : CVE-2017-1000445, CVE-2017-1000476 Debian Bug : 886281 It was discovered that there were two vulnerabilities in the imagemagick image manipulation program: CVE-2017-1000445: A null pointer dereference in the MagickCore component which...

[SECURITY] [DLA 1228-1] poppler security update

Package : poppler Version : 0.18.4-6+deb7u5 CVE ID : CVE-2017-1000456 Jason Crain discovered a overflow vulnerability in the poppler PDF rendering library. For Debian 7 "Wheezy", this issue has been fixed in poppler version 0.18.4-6+deb7u5. We recommend that you upgrade your poppler packages...

[SECURITY] [DLA 1227-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u19 CVE ID : CVE-2017-17504 CVE-2017-17682 CVE-2017-17879 CVE-2017-17914 Debian Bug : 885340 885942 885125 Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause a denial...

[SECURITY] [DLA 1226-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u8 CVE ID : CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARPMPA, NetBIOS, Profinet I/O and...

[SECURITY] [DLA 1225-1] asterisk security update

Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u8 CVE ID : CVE-2017-17090 Debian Bug : 883342 A vulnerability has been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in resource exhaustion and denial of service. CVE-2017-17090: memory leak from chanskinny. ...

[SECURITY] [DSA 4077-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4077-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4076-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4076-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4075-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4075-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1224-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u6 CVE ID : CVE-2017-17458 A vulnerability was found in the Mercurial version control system which could lead to remote arbitrary code execution. CVE-2017-17458 A specially malformed Mercurial repository could cause Git subrepositories to run arbitrary co...

[SECURITY] [DSA 4074-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4074-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1223-1] thunderbird security update

Package : thunderbird Version : 1:52.5.2-1deb7u1 CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7...

[SECURITY] [DLA 1221-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u7 CVE ID : CVE-2017-17405 CVE-2017-17790 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-17405 A command injection...

[SECURITY] [DLA 1222-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u5 CVE ID : CVE-2017-17405 CVE-2017-17790 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-17405 A command injection...

[SECURITY] [DSA 4073-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4073-1 [email protected] https://www.debian.org/security/ Ben Hutchings December 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1220-1] gimp security update

Package : gimp Version : 2.8.2-2+deb7u3 CVE ID : CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 Hanno Böck found several buffer overflows in GIMP, the GNU Image Manipulation Program, which could lead to application crash or other unspecified behaviour if...

[SECURITY] [DLA 1217-1] irssi security update

Package : irssi Version : 0.8.15-5+deb7u4 CVE ID : CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 Debian Bug : 879521 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client, which may lead to denial of service or...

[SECURITY] [DLA 1219-1] enigmail security update

Package : enigmail Version : 2:1.9.9-1deb7u1 CVE ID : CVE-2017-17843 CVE-2017-17844 CVE-2017-17845 CVE-2017-17846 CVE-2017-17847 CVE-2017-17848 Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked...

[SECURITY] [DLA 1218-1] rsync security update

Package : rsync Version : 3.0.9-4+deb7u1 CVE ID : CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 Several vulnerabilities were discovered in rsync, a fast, versatile, remote and local file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. F...