[SECURITY] [DSA 3829-1] bouncycastle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3829-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 894-1] samba security update

Package : samba Version : 2:3.6.6-6+deb7u12 CVE ID : CVE-2017-2619 Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas...

[SECURITY] [DSA 3828-2] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3828-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3828-2] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3828-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3828-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3828-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3828-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3828-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 893-1] bouncycastle security update

Package : bouncycastle Version : 1.44+dfsg-3.1+deb7u2 CVE ID : CVE-2015-6644 An information disclosure vulnerability was discovered in Bouncy Castle, a Java library which consists of various cryptographic algorithms. The Galois/Counter mode GCM implementation was missing a boundary check that cou...

[SECURITY] [DLA 891-1] libnl security update

Package : libnl Version : 1.1-7+deb7u1 CVE ID : CVE-2017-0553 Debian Bug : It was discovered that there was a FIXME in libnl, a FIXME... For Debian 7 "Wheezy", this issue has been fixed in libnl version 1.1-7+deb7u1. We recommend that you upgrade your libnl packages. Regards, - -- ,. : : : Chris...

[SECURITY] [DLA 892-1] libnl3 security update

Package : libnl3 Version : 3.2.7-4+deb7u1 CVE ID : CVE-2017-0553 Debian Bug : 859948 It was discovered that there was an integer overflow in libnl3, a library for dealing with netlink sockets. A missing check in nlmsgreserve could have allowed a malicious application to execute arbitrary code...

[SECURITY] [DLA 890-1] ming security update

Package : ming Version : 1:0.4.4-1.1+deb7u2 CVE ID : CVE-2017-7578 It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF Flash files. The updated packages prevent a crash in the "listswf" utility due to a heap-based buffer overflow in the...

[SECURITY] [DLA 889-1] potrace security update

Package : potrace Version : 1.10-1+deb7u2 CVE ID : CVE-2016-8685 Debian Bug : 843861 It was discovered that potrace, an utility to transform bitmaps into vector graphics, was affected by an integer overflow in the findnext function, allowing remote attackers to cause a denial of service invalid...

[SECURITY] [DLA 888-1] logback security update

Package : logback Version : 1:1.0.4-1+deb7u1 CVE ID : CVE-2017-5929 Debian Bug : 857343 It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a...

[SECURITY] [DSA 3827-1] jasper security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3827-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 887-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2017b This update includes the changes in tzdata 2017b for the Perl bindings. For the list of changes, see DLA-886-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2017b. We recommend that you upgrade your...

[SECURITY] [DLA 886-1] tzdata new upstream version

Package : tzdata Version : 2017b-0+deb7u1 This update includes the changes in tzdata 2017b. Notable changes are: - Haiti resumed observance of DST in 2017. For Debian 7 "Wheezy", these problems have been fixed in version 2017b-0+deb7u1. We recommend that you upgrade your tzdata packages. Further...

[SECURITY] [DLA 885-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u3 CVE ID : CVE-2017-7233, CVE-2017-7234 Debian Bug : 859515, 859516 It was discovered that there were two vulnerabilities in python-django, a high-level Python web development framework. CVE-2017-7233 859515: Open redirect and possible XSS attack vi...

[SECURITY] [DSA 3826-1] tryton-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3826-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3826-1] tryton-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3826-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 884-1] collectd security update

Package : collectd Version : 5.1.0-3+deb7u3 CVE ID : CVE-2017-7401 Debian Bug : 859494 It was discovered that there was an infinite loop vulnerability in collectd, a statistics collection and monitoring daemon. When a correct "Signature part" is received by an instance configured without the...

[SECURITY] [DLA 883-1] curl security update

Package : curl Version : 7.26.0-1+wheezy18+deb7u1 CVE ID : CVE-2017-7407 It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc. If a "%" ended the --write-out parameter, the strings trailing NUL would be skipped and memor...

[SECURITY] [DLA 882-1] tryton-server security update

Package : tryton-server Version : 2.2.4-1+deb7u4 CVE ID : CVE-2017-0360 It was discovered that there was a path suffix injection attack in tryton-server, a general purpose application platform. For Debian 7 "Wheezy", this issue has been fixed in tryton-server version 2.2.4-1+deb7u4. We recommend...

[SECURITY] [DSA 3816-2] samba regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3816-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3816-2] samba regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3816-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 881-1] ejabberd security update

Package : ejabberd Version : 2.1.10-4+deb7u2 CVE ID : CVE-2014-8760 Debian Bug : 767521 767535 It was found that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption. For Debian 7 "Wheezy", this problem h...

[SECURITY] [DSA 3825-1] jhead security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3825-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 31, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3825-1] jhead security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3825-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 31, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 880-1] tiff3 security update

Package : tiff3 Version : 3.9.6-11+deb7u4 CVE ID : CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 tiff3 is affected by multiple issues that can result at least in denial of services of applications using libtiff4. Crafted TIFF files can be provid...

[SECURITY] [DLA 879-1] firebird2.5 security update

Package : firebird2.5 Version : 2.5.2.26540.ds4-1deb7u3 CVE ID : CVE-2017-6369 Debian Bug : 858641 George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions UDF, thus allowing remote authenticated users to execute arbitrary code on t...

[SECURITY] [DSA 3824-1] firebird2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3824-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3824-1] firebird2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3824-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3798-2] tnef regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3798-2 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3798-2] tnef regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3798-2 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 547-2] graphicsmagick regression update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u6 CVE ID : CVE-2016-5240 Debian Bug : N/A The fix for CVE-2016-5240 was improperly applied which resulted in GraphicsMagick crashing instead of entering an infinite loop with the given proof of concept. Furthermore, the original announcement...

[SECURITY] [DLA 878-1] libytnef security update

Package : libytnef Version : 1.5-4+deb7u1 CVE ID : CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6801 CVE-2017-6802 CVE-2017-6298 Null Pointer Deref / calloc return value not checked CVE-2017-6299 Infinite Loop / DoS in th...

[SECURITY] [DSA 3823-1] eject security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3823-1] eject security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 877-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u11 CVE ID : CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 libtiff is vulnerable to multiple buffer overflows and integer overflows that can lead to application crashes denial of service or worse. CVE-2016-10266 Integer overflow that can lead to...

[SECURITY] [DLA 876-1] eject security update

Package : eject Version : 2.1.5+deb1+cvs20081104-13+deb7u1 CVE ID : CVE-2017-6964 Debian Bug : 858872 Ilja Van Sprundel discovered that eject a tool to eject CD/DVD drives did not properly handle errors returned from setuid/setgid. For Debian 7 "Wheezy", this issue has been fixed in eject version...

[SECURITY] [DLA 875-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...

[SECURITY] [DSA 3822-1] gstreamer1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3822-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3821-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3820-1] gst-plugins-good1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3819-1] gst-plugins-base1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3819-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3818-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3818-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 874-1] jbig2dec security update

Package : jbig2dec Version : 0.13-4deb7u1 CVE ID : CVE-2016-9601 Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. For Debian...

[SECURITY] [DLA 873-1] apt-cacher security update

Package : apt-cacher Version : 1.7.6+deb7u1 Debian Bug : 858739 It was discovered that there was a HTTP response splitting vulnerability in apt-cacher, a proxy server for Debian/Ubuntu software repositories. For Debian 7 "Wheezy", this issue has been fixed in apt-cacher version 1.7.6+deb7u1. We...

[SECURITY] [DLA 872-1] xrdp security update

Package : xrdp Version : 0.5.0-2+deb7u1 CVE ID : CVE-2017-6967 Debian Bug : 858143 It was discovered that xrdp, a Remote Desktop Protocol RDP server, calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential...

[SECURITY] [DLA 871-1] python3.2 security update

Package : python3.2 Version : 3.2.3-7+deb7u1 CVE ID : CVE-2016-0772 It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle...

[SECURITY] [DSA 3817-1] jbig2dec security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3817-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 870-1] libplist security update

Package : libplist Version : 1.8-1+deb7u3 CVE ID : CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 More vulnerabilities were discovered in libplist, a library for reading and writing the Apple binary and XML property lists format. A maliciously crafted plist file could cause a denial-of-service...