[SECURITY] [DLA 977-1] freeradius security update

Package : freeradius Version : 2.1.12+dfsg-1.2+deb7u1 CVE ID : CVE-2014-2015 CVE-2015-4680 CVE-2017-9148 Debian Bug : 742820 789623 863673 Several issues were discovered in FreeRADIUS, a high-performance and highly configurable RADIUS server. CVE-2014-2015 A stack-based buffer overflow was found ...

[SECURITY] [DSA 3873-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3873-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3873-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3873-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 975-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...

[SECURITY] [DLA 972-1] openldap security update

Package : openldap Version : 2.4.31-2+deb7u3 CVE ID : CVE-2017-9287 Debian Bug : 863563 It was discovered that there was a double-free vulnerability in the "openldap" LDAP server. A user with access to search the directory could crash slapd by issuing a search requesting a "Paged Results" value s...

[SECURITY] [DLA 974-1] picocom security update

Package : picocom Version : 1.7-1+deb7u1 CVE ID : CVE-2015-9059 Debian Bug : 863671 It was discovered that there was a command injection vulnerability in picocom, a dumb-terminal emulation program. For Debian 7 "Wheezy", this issue has been fixed in picocom version 1.7-1+deb7u1. We recommend that...

[SECURITY] [DSA 3872-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3872-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3871-1] zookeeper security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3871-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 973-1] strongswan security update

Package : strongswan Version : 4.5.2-1.5+deb7u9 CVE ID : CVE-2017-9022 CVE-2017-9023 Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Googles OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin arent validated sufficiently...

[SECURITY] [DLA 964-1] xen security update

Package : xen Version : 4.1.6.lts1-8 CVE ID : CVE-2016-9932 CVE-2017-7995 CVE-2017-8903 CVE-2017-8904 CVE-2017-8905 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9932 XSA-200...

[SECURITY] [DSA 3870-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3870-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3869-1] tnef security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3869-1] tnef security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 971-1] nss security update

Package : nss Version : 2:3.26-1+debu7u4 CVE ID : CVE-2017-7502 Debian Bug : 863839 CVE-2017-7502 A null pointer dereference vulnerability in NSS was found when server receives empty SSLv2 messages. This issue was introduced with the recent removal of SSLv2 protocol from upstream code in 3.24.0 a...

[SECURITY] [DLA 965-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u22 CVE ID : CVE-2016-9602 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-8086 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu...

[SECURITY] [DLA 970-1] sudo security update

Package : sudo Version : 1.8.5p2-1+nmu3+deb7u3 CVE ID : CVE-2017-1000367 Debian Bug : 863731 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/pid/stat" to read the device number of the tty...

[SECURITY] [DLA 969-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u13 CVE ID : CVE-2016-3658 CVE-2016-10371 Debian Bug : 862929 Two vulnerabilities have been discovered in libtiff, a library providing support for the Tag Image File Format, which may result in denial of service out-of-bounds read or assertion failure via a...

[SECURITY] [DSA 3868-1] openldap security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3868-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 968-1] libpodofo security update

Package : libpodofo Version : 0.9.0-1.1+deb7u2 CVE ID : CVE-2017-6840 CVE-2017-6842 CVE-2017-6843 CVE-2017-6847 CVE-2017-6848 CVE-2017-7378 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 Debian Bug : 861557 861564 859330 859329 Several heap-based buffer overflows and NULL pointer...

[SECURITY] [DLA 967-1] gajim security update

Package : gajim Version : 0.15.1-4.1+deb7u3 CVE ID : CVE-2016-10376 Debian Bug : 863445 Gajim implements XEP-0146, an XMPP extension to run commands remotely from another client. However it was found that malicious servers can trigger commands, which could lead to leaking private conversations fr...

[SECURITY] [DLA 966-1] pngquant security update

Package : pngquant Version : 1.0-4.1+deb7u1 CVE ID : CVE-2016-5735 Debian Bug : 863469 It was found that pngquant is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other issues. For Debian 7 "Wheezy", these...

[SECURITY] [DSA 3867-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3867-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3866-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3866-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez May 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 961-1] mosquitto security update

Package : mosquitto Version : 0.15-2+deb7u1 CVE ID : CVE-2017-7650 Debian Bug : CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The...

[SECURITY] [DLA 963-1] exiv2 security update

Package : exiv2 Version : 0.23-1+deb7u1 CVE ID : CVE-2017-9239 Debian Bug : 863410 It was discovered that the exiv2 library fails to parse some crafted tiff images, leading to denial of service via application crash. For Debian 7 "Wheezy", these problems have been fixed in version 0.23-1+deb7u1. ...

[SECURITY] [DSA 3865-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3865-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 962-1] tnef security update

Package : tnef Version : 1.4.9-1+deb7u3 CVE ID : CVE-2017-8911 CVE-2017-8911 An integer underflow has been identified in the unicodetoutf8 function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. For Debian 7 "Wheezy", these problems have been fixed in...

[SECURITY] [DLA 960-1] imagemagick security update

Package : imagemagick Version : 6.7.7.10-5+deb7u14 CVE ID : CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9841 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348...

[SECURITY] [DLA 959-1] libical security update

Package : libical Version : 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : 860451, 852034 It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a special...

[SECURITY] [DLA 958-1] libonig security update

Package : libonig Version : 5.9.1-1+deb7u1 CVE ID : CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 Debian Bug : 863312 863314 863315 863316 863318 CVE-2017-9224 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP...

[SECURITY] [DLA 957-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u16 CVE ID : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break-dnssec yes;" option, allowing a remote attacker to cause...

[SECURITY] [DLA 956-1] libsndfile security update

Package : libsndfile Version : 1.0.25-9.1+deb7u2 CVE ID : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-8361 The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have...

[SECURITY] [DSA 3864-1] fop security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3864-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 955-1] rzip security update

Package : rzip Version : 2.1-1+deb7u1 CVE ID : CVE-2017-8364 Debian Bug : 861614 Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program when uncompressing maliciously crafted files. For Debian 7 "Wheezy", these problems have been fixed in version 2.1-1+deb7u1. We...

[SECURITY] [DLA 954-1] openjdk-7 security update

Package : openjdk-7 Version : 7u131-2.6.9-2deb7u1 CVE ID : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of...

[SECURITY] [DLA 953-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u7 CVE ID : CVE-2017-9098 Debian Bug : 862967 Chris Evans discovered that graphicsmagick used uninitialized memory in the RLE decoder, allowing an remote attacker to leak sensitive information from process memory space. More information are...

[SECURITY] [DSA 3863-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3863-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3862-1] puppet security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3862-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 952-1] kde4libs security update

Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...

[SECURITY] [DSA 3861-1] libtasn1-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3861-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 24, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3861-1] libtasn1-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3861-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 24, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 951-1] samba security update

Package : samba Version : 2:3.6.6-6+deb7u13 CVE ID : CVE-2017-7494 steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library...

[SECURITY] [DSA 3860-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3860-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3860-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3860-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 950-1] libtasn1-3 security update

Package : libtasn1-3 Version : 2.13-2+deb7u4 CVE ID : CVE-2017-6891 Secunia Research has discovered multiple vulnerabilities in GnuTLS libtasn1, which can be exploited by malicious people to compromise a vulnerable system. Two errors in the "asn1findnode" function lib/parseraux.c can be exploited...

[SECURITY] [DLA 949-1] miniupnpc security update

Package : miniupnpc Version : 1.5-2+deb7u2 CVE ID : CVE-2017-8798 Debian Bug : 862273 It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. For Debian 7 "Wheezy", this issue has been fixed in...

[SECURITY] [DLA 948-1] dropbear security update

Package : dropbear Version : 2012.55-1.3+deb7u2 CVE ID : CVE-2017-9079 A vulnerability was found in Dropbear, a lightweight SSH2 server and client. CVE-2017-9079 Jann Horn discovered a local information leak in parsing the .authorizedkeys file. For Debian 7 "Wheezy", this problem has been fixed i...

[SECURITY] [DLA 947-1] icu security update

Package : icu Version : 4.8.1.1-12+deb7u7 CVE ID : CVE-2017-7867 CVE-2017-7868 It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer...