[SECURITY] [DLA 1126-1] libxfont security update

Package : libxfont Version : 1:1.4.5-5+deb7u1 CVE IDs : CVE-2017-13720 CVE-2017-13722 It was discovered that there two vulnerabilities the library providing font selection and rasterisation, libxfont: CVE-2017-13720: If a pattern contained a ? character any character in the string is skipped even...

[SECURITY] [DSA 3993-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3993-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 06, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1125-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u4 CVE ID : CVE-2017-14737 CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys. For Debian 7 "Wheezy", these problems have been fixed in version 1.10.5-1+deb7u4. We recommend that you upgrade your...

[SECURITY] [DSA 3992-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3992-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 06, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3992-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3992-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 06, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1124-1] dnsmasq security update

Package : dnsmasq Version : 2.62-3+deb7u4 CVE ID : CVE-2017-14491 CVE-2017-14492 CVE-2017-14494 Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and...

[SECURITY] [DLA 1123-1] golang security update

Package : golang Version : 2:1.0.2-1.1+deb7u1 CVE ID : CVE-2017-1000098 It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 "Wheezy", this issue has been fix...

[SECURITY] [DLA 1122-1] asterisk security update

Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u7 CVE ID : CVE-2017-14100 Debian Bug : 873908 A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. The appminivm module has an "externnotify" program...

[SECURITY] [DLA 1121-1] curl security update

Package : curl Version : 7.26.0-1+wheezy21 CVE ID : CVE-2017-1000254 Debian Bug : 877671 It was discovered that there was a out-of-bounds read vulnerability in curl, a command-line and library for transferring data over HTTP/FTP, etc. A malicious FTP server could abuse this to prevent curl-based...

[SECURITY] [DSA 3991-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3991-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3990-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3990-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1120-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy6 CVE ID : CVE-2017-14867 Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The...

[SECURITY] [DSA 3989-1] dnsmasq security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3989-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 02, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3989-1] dnsmasq security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3989-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 02, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1119-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1deb7u1 CVE ID : CVE-2014-1695 CVE-2014-2553 CVE-2014-2554 CVE-2017-14635 Debian Bug : 876462 An attacker who is logged into OTRS, a Ticket Request System, as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead t...

[SECURITY] [DSA 3988-1] libidn2-0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3988-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3988-1] libidn2-0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3988-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1118-1] firefox-esr security update

Package : firefox-esr Version : 52.4.0esr-2deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees,...

[SECURITY] [DSA 3987-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3987-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3986-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3986-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3986-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3986-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1117-1] opencv security update

Package : opencv Version : 2.3.1-11+deb7u2 CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 OpenCV through version 3.3 has out-of-bounds...

[SECURITY] [DSA 3985-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3985-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3985-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3985-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1116-1] poppler security update

Package : poppler Version : 0.18.4-6+deb7u3 CVE ID : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617 Debian Bug : 876086 876385 876079 It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service application crash, null pointer dereferences and memory corruption...

[SECURITY] [DLA 1115-1] debsecan update

Package : debsecan Version : 0.4.16+nmu1+deb7u1 Debian Bug : 842428 Debsecan in Wheezy in its default configuration currently fails to download recent vulnerability data due to an URL change. For Debian 7 "Wheezy", these problems have been fixed in version 0.4.16+nmu1+deb7u1. We recommend that yo...

[SECURITY] [DLA 1112-1] rubygems security update

Package : rubygems Version : 1.8.24-1+deb7u1 CVE ID : CVE-2017-0900 CVE-2017-0901 Debian Bug : 873802 Some vulnerabilities were found in the Rubygems package that affects the LTS distribution. CVE-2017-0900 DOS vulernerability in the query command CVE-2017-0901 gem installer allows a malicious ge...

[SECURITY] [DLA 1114-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...

[SECURITY] [DLA 1113-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence...

[SECURITY] [DSA 3984-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3984-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1111-1] weechat security update

Package : weechat Version : 0.3.8-1+deb7u3 CVE ID : CVE-2017-14727 Debian Bug : 876553 It was discovered that WeeChats logger plugin is vulnerable to an invalid buffer read which can be exploited remotely to trigger an application crash or other undefined behaviour. For Debian 7 "Wheezy", these...

[SECURITY] [DLA 1110-1] samba security update

Package : samba Version : 2:3.6.6-6+deb7u14 CVE ID : CVE-2017-12150 CVE-2017-12163 CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12163 Yihan Lian and Zhibin Hu discovered that insufficient range checks in the processing of SMB1 write...

[SECURITY] [DLA 1109-1] libraw security update

Package : libraw Version : 0.14.6-2+deb7u3 CVE ID : CVE-2017-14608 CVE-2017-14608 An out of bounds read flaw related to kodak65000loadraw has been reported in dcraw/dcraw.c and internal/dcrawcommon.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause...

[SECURITY] [DLA 1108-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u15 CVE ID : CVE-2017-12616 The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...

[SECURITY] [DLA 1107-1] bzr security update

Package : bzr Version : 2.6.0bzr6526-1+deb7u1 CVE ID : CVE-2013-2099 CVE-2017-14176 Debian Bug : 709068 874429 CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource consumption through multiple wildcards in...

[SECURITY] [DSA 3983-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3983-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1105-1] clamav security update

Package : clamav Version : 0.99.2+dfsg-0+deb7u3 CVE ID : CVE-2017-6418 CVE-2017-6420 clamav is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2017-6418 out-of-bounds read in libclamav/message.c, allowing remote attackers to cause a denial o...

[SECURITY] [DLA 1106-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u10 CVE ID : CVE-2017-6362 A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of...

[SECURITY] [DLA 1104-1] newsbeuter security update

Package : newsbeuter Version : 2.5-2+deb7u3 CVE ID : CVE-2017-14500 Debian Bug : 876004 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure the podcast file, allowing a remote attacker to run an...

[SECURITY] [DLA 1103-1] bluez security update

Package : bluez Version : 4.99-2+deb7u1 CVE ID : CVE-2017-1000250 Debian Bug : 875633 The SDP server in BlueZ is vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the...

[SECURITY] [DLA 1102-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u12 CVE ID : CVE-2017-9798 Debian Bug : 876109 Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. For Debian 7 "Wheezy", these problems have been fixed in versi...

[SECURITY] [DLA 1101-1] emacs23 security update

Package : emacs23 Version : 23.4+1-4+deb7u1 CVE ID : CVE-2017-14482 Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3982-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3982-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3981-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3981-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1099-1] linux security update

Package : linux Version : 3.2.93-1 CVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 CVE-2017-10002...

[SECURITY] [DSA 3980-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3980-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3980-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3980-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1100-1] gdk-pixbuf security update

Package : gdk-pixbuf Version : 2.26.1-1+deb7u6 CVE ID : CVE-2017-2862 Debian Bug : 874552 Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. For Debian 7 "Wheezy", these problems...