[SECURITY] [DLA 839-2] tnef regression update

Package : tnef Version : 1.4.9-1+deb7u2 CVE ID : CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 Debian Bug : 857342 While fixing the above mentioned CVEs, upstream introduced a regression. The new patches added for this upload take care of that. For Debian 7 "Wheezy", these problems have...

[SECURITY] [DLA 869-1] cgiemail security update

Package : cgiemail Version : 1.6-37+deb7u1 CVE ID : CVE-2017-5613 CVE-2017-5614 CVE-2017-5615 CVE-2017-5616 Debian Bug : 852031 The cPanel Security Team discovered several security vulnerabilities in cgiemail, a CGI program used to create HTML forms for sending mails: CVE-2017-5613 A format strin...

[SECURITY] [DLA 868-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u12 CVE ID : CVE-2016-10062 CVE-2017-6498 CVE-2017-6500 Debian Bug : 849439 856878 856879 Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include denial of service and...

[SECURITY] [DLA 867-1] audiofile security update

Package : audiofile Version : 0.3.4-2+deb7u1 CVE ID : CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Debian Bug : 857651 Multiple vulnerabilities has been found in audiofile. CVE-2017-6829...

[SECURITY] [DLA 866-1] libxslt security update

Package : libxslt Version : 1.1.26-14.1+deb7u3 CVE ID : CVE-2017-5029 Debian Bug : 858546 libxslt is vulnerable to an integer overflow in the xsltAddTextString function that can be exploited to trigger an out of bounds write on 64-bit systems. For Debian 7 "Wheezy", this problem has been fixed in...

[SECURITY] [DSA 3816-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3816-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3816-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3816-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3815-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3815-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3815-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3815-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 865-1] suricata security update

Package : suricata Version : 1.2.1-2+deb7u1 CVE ID : CVE-2017-7177 Debian Bug : 856649 It was discovered that there was a vulnerability in suricata, an intrusion detection tool; the IP protocol was not being used to match fragments with their packets allowing a carefully constructed packet with a...

[SECURITY] [DLA 864-1] jhead security update

Package : jhead Version : 1:2.95-1+deb7u1 CVE ID : CVE-2016-3822 Debian Bug : 858213 It was discovered that there was a vulnerability in jhead, a tool to manipulate the non-image part of EXIF-compliant JPEG files; remote attackers were able to execute arbitrary code via crafted image data. For...

[SECURITY] [DSA 3814-1] audiofile security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3814-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3814-1] audiofile security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3814-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3796-2] sitesummary regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3796-2 [email protected] https://www.debian.org/security/ Sebastien Delafond March 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3796-2] sitesummary regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3796-2 [email protected] https://www.debian.org/security/ Sebastien Delafond March 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 863-1] deluge security update

Package : deluge Version : 1.3.3-2+nmu1+deb7u1 CVE ID : CVE-2017-7178 Debian Bug : 857903 It was discovered that there was a cross-site request forgery vulnerability in the WebUI component of the "deluge" Bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version...

[SECURITY] [DSA 3813-1] r-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3813-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] DLA-862-1: sitesummary regression update

Package : sitesummary Version : 0.1.8+deb7u2 Debian Bug : 852623 The fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 DLA-841-1 caused 852623 in sitesummary, breaking the sitesummary-upload functionality. To address this sitesummary-upload needs to be changed to send CRLF \r\n line endings to be...

[SECURITY] [DSA 3812-1] ioquake3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3812-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3811-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3811-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 861-1] r-base security update

Package : r-base Version : 2.15.1-4+deb7u1 CVE ID : CVE-2016-8714 Debian Bug : 857466 An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An...

[SECURITY] [DLA 860-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u14 CVE ID : CVE-2017-6814 CVE-2017-6815 CVE-2017-6816 Debian Bug : 857026 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2017-6814...

[SECURITY] [DLA 859-1] calibre security update

Package : calibre Version : 0.8.51+dfsg1-0.1+deb7u1 CVE ID : CVE-2016-10187 Debian Bug : 853004 It was found that a javascript present in the book can access files on the computer using XMLHttpRequest. For Debian 7 "Wheezy", these problems have been fixed in version 0.8.51+dfsg1-0.1+deb7u1. We...

[SECURITY] [DLA 858-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u7 CVE ID : CVE-2017-5596 CVE-2017-5597 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474 It was discovered that Wireshark, a network protocol analyzer, contained several...

[SECURITY] [DLA 857-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2017a This update includes the changes in tzdata 2017a for the Perl bindings. For the list of changes, see DLA-856-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2017a. We recommend that you upgrade your...

[SECURITY] [DLA 856-1] tzdata new upstream version

Package : tzdata Version : 2017a-0+deb7u1 This update includes the changes in tzdata 2017a. Notable changes are: - Mongolia no longer observes DST. - Magallanes region diverges from Santiago starting 2017-05-13, the America/PuntaArenas zone has been added. For Debian 7 "Wheezy", these problems ha...

[SECURITY] [DSA 3810-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3810-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 15, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3810-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3810-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 15, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3809-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3809-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3809-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3809-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 855-1] roundcube security update

Package : roundcube Version : 0.7.2-9+deb7u6 CVE ID : CVE-2017-6820 Debian Bug : 857473 Roundcube, a webmail solution for IMAP servers, was susceptible to a cross-site-scripting XSS vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element or HTML message. For...

[SECURITY] [DSA 3808-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3808-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 854-1] icoutils security update

Package : icoutils Version : 0.29.1-5deb7u2 CVE ID : CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 Debian Bug : 854054 854050 Icoutils is a set of programs that deal with MS Windows icons and cursors. Resources such as icons and cursors can be extracted from MS Windows executable and library files wi...

[SECURITY] [DSA 3807-1] icoutils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3807-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 853-1] pidgin security update

Package : pidgin Version : 2.10.10-1deb7u3 CVE ID : CVE-2017-2640 It was discovered that an invalid XML file can trigger an out-of-bound memory access in Pidgin, a multi-protocol instant messaging client, when it is sent by a malicious server. This might lead to a crash or, in some extreme cases,...

[SECURITY] [DLA 852-1] firefox-esr security update

Package : firefox-esr Version : 45.8.0esr-1deb7u1 CVE ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors,...

[SECURITY] [DSA 3806-1] pidgin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3806-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3806-1] pidgin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3806-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 850-1] vim security update

Package : vim Version : 2:7.3.547-7+deb7u3 CVE ID : CVE-2017-6349 CVE-2017-6350 Debian Bug : 856266 Brief introduction CVE-2017-6349 An integer overflow at a ureadundo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when...

[SECURITY] [DSA 3805-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3805-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 849-1] linux security update

Package : linux Version : 3.2.86-1 CVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or...

[SECURITY] [DLA 851-1] wget security update

Package : wget Version : 1.13.4-3+deb7u4 CVE ID : CVE-2017-6508 Debian Bug : 857073 It was discovered that there was a header injection vulnerability in wget a tool to retrieve files from the web which allowed remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host...

[SECURITY] [DSA 3804-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3804-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3804-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3804-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3803-1] texlive-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3803-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3803-1] texlive-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3803-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 847-1] texlive-base security update

Package : texlive-base Version : 2012.20120611-5+deb7u1 CVE ID : CVE-2016-10243 The TeX system allows for calling external programs from within the TeX source code. This has been restricted to a small set of programs since a long time ago. Unfortunately it turned out that one program in the list,...

[SECURITY] [DLA 848-1] freetype security update

Package : freetype Version : 2.4.9-1.1+deb7u4 CVE ID : CVE-2016-10244 Debian Bug : 856971 It was discovered that there was a denial of service vulnerability in freetype, a font rendering library. The parsecharstrings function did not ensure that a font contains a glyph name, which allowed remote...

[SECURITY] [DLA 846-1] libzip-ruby security update

Package : libzip-ruby Version : 0.9.4-1+deb7u1 CVE ID : CVE-2017-5946 Debian Bug : 856269 It was discovered that libzip-ruby, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files...

[SECURITY] [DSA 3802-1] zabbix security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3802-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2017 https://www.debian.org/security/faq -...