[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA-1169-1] postgresql-common security update

Package : postgresql-common Version : 134wheezy6 A security vulnerability has been found in postgresql-common, Debians PostgreSQL database cluster management tools. CVE-2017-8806 It was discovered that the pgctlcluster, pgcreatecluster and pgupgradecluster commands handled symbolic links insecure...

[SECURITY] [DSA 4006-2] mupdf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 [email protected] https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4006-2] mupdf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 [email protected] https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DLA 1168-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u14 CVE ID : CVE-2017-16669 A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries. A specially crafted file can be used to produce a heap-based buffer overfl...

[SECURITY] [DLA 1166-2] tomcat7 regression update

Package : tomcat7 Version : 7.0.28-4+deb7u17 Debian Bug : 881162 The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every request, including for the root document /, returned HTTP status 404. Updated packages are now available to address this problem. For reference, the...

[SECURITY] [DSA 4029-1] postgresql-common security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4029-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4028-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4028-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4027-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4027-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4030-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4030-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4026-1] bchunk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4026-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4026-1] bchunk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4026-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA-1157-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb7u3 CVE ID : CVE-2017-3735 A security vulnerability was discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an...

[SECURITY] [DLA 1167-1] ruby-yajl security update

Package : ruby-yajl Version : 1.1.0-2+deb7u1 CVE ID : CVE-2017-16516 Debian Bug : 880691 A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT ...

[SECURITY] [DSA 4025-1] libpam4j security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4025-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4022-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4022-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4024-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4024-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4024-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4024-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4023-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4023-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4021-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4021-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1166-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u16 CVE ID : CVE-2017-12617 A remote code execution vulnerability has been discovered in tomcat7. When HTTP PUT was enabled e.g., via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the...

[SECURITY] [DLA 1165-1] libpam4j security update

Package : libpam4j Version : 1.4-2+deb7u1 CVE ID : CVE-2017-12197 Debian Bug : 879001 It was discovered that libpam4j, a Java binding for libpam.so, does not call pamacctmgmt. As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabl...

[SECURITY] [DLA 1164-1] mupdf security update

Package : mupdf Version : 0.9-2+deb7u4 CVE ID : CVE-2017-14687 CVE-2017-15587 Debian Bug : 877379 879055 Two security issues were discovered in mupdf, a lightweight PDF viewer. CVE-2017-14687 MuPDF allows attackers to cause a denial of service or possibly have unspecified other impact via a craft...

[SECURITY] [DSA 4020-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4020-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4020-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4020-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1163-1] apr-util security update

Package : apr-util Version : 1.4.1-3+deb7u1 CVE ID : CVE-2017-12618 Debian Bug : 879996 It was discovered that there was an out-of-bounds read access in apr-util, a support/portability library used by many applications. A local user with write access to the database could have made a process usin...

[SECURITY] [DLA 1162-1] apr security update

Package : apr Version : 1.4.6-3+deb7u2 CVE ID : CVE-2017-12613 Debian Bug : 879708 It was discovered that there was an out-of-bounds memory vulnerability in apr, a support/portability library for various applications. When the aprexptime or aprosexptime functions were invoked with an invalid mont...

[SECURITY] [DSA 4019-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4019-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1161-1] redis security update

Package : redis Version : 2:2.4.14-1+deb7u2 CVE ID : CVE-2016-1051 It was discovered that there was a "Cross Protocol Scripting" attack in the Redis key-value database. "POST" and "Host:" command strings which are not valid in the Redis protocol were not immediately rejected when an attacker make...

[SECURITY] [DLA 1160-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u18 CVE ID : CVE-2017-16510 Debian Bug : 880528 WordPress, a web blogging tool, was affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a...

[SECURITY] [DSA 4018-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4018-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4018-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4018-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4017-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4017-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4017-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4017-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1159-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u13 CVE ID : CVE-2017-16352 CVE-2017-16353 Maor Shwartz, Jeremy Heng and Terry Chia discovered two security vulnerabilities in Graphicsmagick, a collection of image processing tool s. CVE-2017-16352 Graphicsmagick was vulnerable to a heap-based...

[SECURITY] [DSA 4016-1] irssi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4016-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4016-1] irssi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4016-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1158-1] bchunk security update

Package : bchunk Version : 1.2.0-12+deb7u1 CVE ID : CVE-2017-15953 CVE-2017-15954 CVE-2017-15955 Debian Bug : 880116 Several vulnerabilities were discovered in bchunk, a tool to convert a CD image in .bin/.cue format into a set of .iso and .cdr/.wav tracks. It was possible to trigger a heap-based...

[SECURITY] [DSA 4015-1] openjdk-8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4015-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 02, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4014-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4014-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1153-1] icedove/thunderbird security update

Package : thunderbird Version : 1:52.4.0-1deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors,...

[SECURITY] [DSA 4013-1] openjpeg2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4013-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1156-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2017c This update includes the changes in tzdata 2017c for the Perl bindings. For the list of changes, see DLA-1156-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2017c. We recommend that you upgrade your...

[SECURITY] [DLA 1155-1] tzdata new upstream version

Package : tzdata Version : 2017c-0+deb7u1 This update includes the changes in tzdata 2017b. Notable changes are: - Northern Cyprus resumed EU rules starting 2017-10-29. - Namibia will switch from +01 with DST to +02 all year, affecting UT offsets starting 2018-04-01. - Sudan will switch from +03 ...

[SECURITY] [DLA 1154-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u12 CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 CVE-2017-14994 CVE-2017-14997 CVE-2017-15930 Debian Bug : 879999 Multiple vulnerabilities were found in graphicsmagick. CVE-2017-14103 The ReadJNGImage and ReadOneJNGImage...

[SECURITY] [DLA 1151-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u17 CVE ID : CVE-2016-9263 CVE-2017-14718 CVE-2017-14719 CVE-2017-14720 CVE-2017-14721 CVE-2017-14722 CVE-2017-14723 CVE-2017-14725 CVE-2017-14990 Debian Bug : 876274 877629 Several vulnerabilities were discovered in wordpress, a web blogging tool. Th...

[SECURITY] [DLA 1152-1] quagga security update

Package : quagga Version : quagga0.99.22.4-1+wheezy3+deb7u2 CVE ID : CVE-2017-16227 Debian Bug : 879474 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment ASPATH UPDATE messages, causing bgpd to drop a session and potentially...