[SECURITY] [DLA 1043-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.57-0+deb7u1 CVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648. CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Debian Bug : 868788 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to t...

[SECURITY] [DSA 3922-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3922-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3922-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3922-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1042-1] libquicktime security update

Package : libquicktime Version : 2:1.2.4-3+deb7u2 CVE ID : CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 Debian Bug : 864664 CVE-2017-9122 The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial o...

[SECURITY] [DLA 1041-1] nasm security update

Package : nasm Version : 2.10.01-1+deb7u1 CVE ID : CVE-2017-10686 CVE-2017-11111 CVE-2017-10686 In Netwide Assembler NASM 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function called ...

[SECURITY] [DSA 3921-1] enigmail update

------------------------------------------------------------------------- Debian Security Advisory DSA-3921-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 613-2] roundcube regression update

Package : roundcube Version : 0.7.2-9+deb7u8 Debian Bug : 843795 851214 The security update announced as DLA-613-1 caused a regression. A missing null parameter set the $task variable in the rcmailurl function to a boolean value which led to service not available errors when viewing attached...

[SECURITY] [DLA 1040-1] resiprocate security update

Package : resiprocate Version : 1.8.5-4+deb7u1 CVE ID : CVE-2017-11521 CVE-2017-11521 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service memory consumption by triggering many media connections...

[SECURITY] [DLA 1039-1] rkhunter security update

Package : rkhunter Version : 1.4.0-1+deb7u1 CVE ID : CVE-2017-7480 CVE-2017-7480 The original patch introduces new regex to better check for allowed download URLs. Other versions of the package in Jessie, Stretch and Sid dont apply that patch but just disable the download of everything by default...

[SECURITY] [DSA 3920-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3920-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3919-1] openjdk-8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3919-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3918-1] icedove/thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3918-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1025-2] bind9 regression update

Package : bind9 The security update announced as DLA-1025-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. F...

[SECURITY] [DLA 1037-1] catdoc security update

Package : catdoc Version : 0.94.4-1.1+deb7u1 CVE ID : CVE-2017-11110 Debian Bug : 867717 A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service application crash or have unspecified other impact, if a specially crafte...

[SECURITY] [DLA 1038-1] libtasn1-3 security update

Package : libtasn1-3 Version : 2.13-2+deb7u5 CVE ID : CVE-2017-10790 CVE-2017-10790 The asn1checkidentifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1node structure. It may le...

[SECURITY] [DLA 1036-1] gsoap security update

Package : gsoap Version : 2.8.7-2+deb7u1 CVE ID : CVE-2017-9765 A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflo...

[SECURITY] [DSA 3904-2] bind9 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3904-2 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3917-1] catdoc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3917-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3917-1] catdoc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3917-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3916-1] atril security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3916-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3916-1] atril security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3916-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 21, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1035-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u22 CVE ID : CVE-2016-9602 CVE-2016-9603 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 Several vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project...

[SECURITY] [DLA 1034-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u9 CVE ID : CVE-2016-10397 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especiall...

[SECURITY] [DSA 3915-1] ruby-mixlib-archive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3915-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3915-1] ruby-mixlib-archive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3915-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1033-1] memcached security update

Package : memcached Version : 1.4.13-0.2+deb7u3 CVE ID : CVE-2017-9951 Debian Bug : 868701 It was discovered that there was a remote denial-of-service DoS vulnerability in memcached, a high-performance memory object caching system. The tryreadcommand function allowed remote attackers to cause a D...

[SECURITY] [DLA 1032-1] unattended-upgrades regression update

Package : unattended-upgrades Version : 0.79.5+wheezy3 Debian Bug : 867169 Since the release of the last Debian stable release "stretch", Debian LTS "wheezy" has been renamed "oldoldstable", which broke the unattended-upgrades package as described in bug 867169. Updates would simply not be...

[SECURITY] [DLA 1030-1] vim security update

Package : vim Version : 2:7.3.547-7+deb7u4 CVE ID : CVE-2017-11109 Debian Bug : 867720 Vim 8.0 allows attackers to cause a denial of service invalid free or possibly have unspecified other impact via a crafted source aka -S file. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3914-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3914-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1031-1] evince security update

Package : evince Version : 3.4.0-3.1+deb7u1 CVE ID : CVE-2017-1000083 Debian Bug : 868500 from the Google Security Team discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of...

[SECURITY] [DSA 3913-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3913-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1029-1] libmtp security update

Package : libmtp Version : 1.1.3-35-g0ece104-5+deb7u1 CVE ID : CVE-2017-9831 CVE-2017-9832 libmtp, a library for communicating with MTP aware devices like cellular phones and audio players, was found to be vulnerable to several integer overflow vulnerabilities, which allowed malicious devices to...

[SECURITY] [DLA 1028-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u10 CVE ID : CVE-2017-9788 Debian Bug : 868467 Robert Święcki discovered that the value placeholder in Proxy-Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2s modauthdigest module...

[SECURITY] [DSA 3912-1] heimdal security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3912-1] heimdal security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3910-1] knot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3910-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3911-1] evince security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3911-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1027-1] heimdal security update

Package : heimdal Version : 1.6git20120403+dfsg1-2+deb7u1 CVE ID : CVE-2017-11103 Debian Bug : 868208 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in Heimdal Kerberos. Also known as Orpheus Lyre, this vulnerability could be used by an...

[SECURITY] [DLA 1026-1] xorg-server security update

Package : xorg-server Version : 2:1.12.4-6+deb7u7 CVE ID : CVE-2017-10971 CVE-2017-10972 Debian Bug : 867492 867492 CVE-2017-10971 A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Event...

[SECURITY] [DSA 3909-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3909-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1025-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 CVE ID : CVE-2017-3142 CVE-2017-3143 CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR...

[SECURITY] [DLA 1024-1] nginx security update

Package : nginx Version : 1.2.1-2.2+wheezy4+deb7u1 CVE ID : CVE-2017-7529 Debian Bug : 868109 It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges,...

[SECURITY] [DSA 3908-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3907-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3907-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3906-1] undertow security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3906-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1023-1] tiff3 security update

Package : tiff3 Version : 3.9.6-11+deb7u7 CVE ID : CVE-2017-9936 Debian Bug : 866113 A vulnerabilitie has been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. CVE-2017-9936 A crafted TIFF document can lead to a...

[SECURITY] [DLA 1022-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u15 CVE ID : CVE-2017-9936 CVE-2017-10688 Debian Bug : 866113 866611 Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. CVE-2017-9936 A crafted TIFF...

[SECURITY] [DLA 1021-1] jetty8 security update

Package : jetty8 Version : 8.1.3-4+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898 It was discovered that Jetty8, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 "Wheezy", these...

[SECURITY] [DLA 1020-1] jetty security update

Package : jetty Version : 6.1.26-1+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898 It was discovered that Jetty, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 "Wheezy", these...