[SECURITY] [DSA 3773-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 781-2] asterisk regression update

Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u6 CVE ID : CVE-2014-2287 Brad Barnett found that the recent security update of Asterisk could cause immediate SIP termination due to an incomplete fix for CVE-2014-2287. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3772-1] libxpm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3772-1] libxpm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 803-1] lcms2 security update

Package : lcms2 Version : 2.2+git20110628-2.2+deb7u2 CVE ID : CVE-2016-10165 Debian Bug : https://bugs.debian.org/852627 An out of bounds read was found in lcms2, which can lead to heap memory leak or denial of service via a specially-crafted ICC profile. For Debian 7 "Wheezy", these problems hav...

[SECURITY] [DLA 802-1] openjdk-7 security update

Package : openjdk-7 Version : 7u121-2.6.8-1deb7u1 openjdk-7 7u111-2.6.7-2deb7u1 backported the security fixes from 7u121. openjdk-7 has now been updated to the full 7u121 version, which includes extra bug fixes and other improvements. For Debian 7 "Wheezy", these problems have been fixed in versi...

[SECURITY] [DLA 801-1] libxpm security update

Package : libxpm Version : 1:3.5.10-1+deb7u1 CVE ID : CVE-2016-10164 Tobias Stoeckmann discovered a vulnerability in the libXpm library that could cause a malicious attacker to execute arbitrary code via a specially crafted XPM file. For Debian 7 "Wheezy", these problems have been fixed in versio...

[SECURITY] [DLA 800-1] firefox-esr security update

Package : firefox-esr Version : 45.7.0esr-1deb7u1 CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors,...

[SECURITY] [DLA 799-1] ming security update

Package : ming Version : 1:0.4.4-1.1+deb7u1 CVE ID : CVE-2016-9264 CVE-2016-9265 CVE-2016-9266 CVE-2016-9827 CVE-2016-9828 CVE-2016-9829 CVE-2016-9831 Debian Bug : 843928 Multiple security issues have been found in Ming. They may lead to the execution of arbitrary code or causing application cras...

[SECURITY] [DSA 3771-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3771-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 798-1] pdns security update

Package : pdns Version : 3.1-4.1+deb7u3 CVE ID : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems:...

[SECURITY] [DLA 797-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.54-0+deb7u1 CVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 Debian Bug : 851233 Several issues have been discovered in the MySQL database server. The...

[BSA-112] Security Update for iucode-tool

Henrique de Moraes Holschuh uploaded new packages for iucode-tool which fixed the following security problems: CVE-2017-0357 iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in the -tr recovery loader. Using specially-crafted data files and a specially crafted command line, it mig...

[SECURITY] [DLA 795-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u9 CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2017-5225 Debian Bug : 846837 820365 836570...

[SECURITY] [DLA 795-1] hesiod security update

Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...

[BSA-114] Security update for wordpress

Craig Small [email protected] uploaded new packages for wordpress which fixed the following security problems: CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution RCE in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting XSS in update-core.php CVE-2017-5490 Stored Cross-Site...

[SECURITY] [DLA 794-1] groovy security update

Package : groovy Version : 1.8.6-1+deb7u2 CVE ID : CVE-2016-6814 Debian Bug : 851408 It was found that a flaw in Apache Groovy, a dynamic language for the Java Virtual Machine, allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft...

[SECURITY] [DLA 793-1] opus security update

Package : opus Version : 0.9.14+20120615-1+nmu1+deb7u1 CVE ID : CVE-2017-0381 Debian Bug : 851612 A remote code execution vulnerability was discovered in opus, an audio codec, that could enable an attacker using a specially crafted file to cause memory corruption during media file and data...

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3770-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3770-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3769-1] libphp-swiftmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3769-1] libphp-swiftmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3678-1] openjpeg2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3768-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3767-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3767-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3767-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3767-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 792-1] libphp-swiftmailer security update

Package : libphp-swiftmailer Version : 4.1.5-1+deb7u1 CVE ID : CVE-2016-10074 Debian Bug : 849626 Dawid Golunski from legalhackers-com 1 discovered that the mail transport in Swift Mailer allowed remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code...

[SECURITY] [DLA 790-1] mapserver security update

Package : mapserver Version : 6.0.1-3.2+deb7u4 CVE ID : CVE-2017-5522 It was discovered that mapserver, a CGI-based framework for Internet map services, was vulnerable to a stack-based overflow. This issue allowed a remote user to crash the service, or potentially execute arbitrary code. For Debi...

[SECURITY] [DLA 791-1] libav security update

Package : libav Version : 6:0.8.20-0+deb7u1 CVE ID : CVE-2016-9819 CVE-2016-9820 CVE-2016-9821 CVE-2016-9822 Multiple integer overflows have been discovered in libav 11.8 and earlier, allowing remote attackers to cause a crash via a crafted MP3 file. For Debian 7 "Wheezy", these problems have bee...

[SECURITY] [DSA 3766-1] mapserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3766-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3766-1] mapserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3766-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 789-1] icoutils security update

Package : icoutils Version : 0.29.1-5deb7u1 CVE ID : CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 Debian Bug : 850017 Brief introduction CVE-2017-5208 Choongwoo Han reported0 an exploitable crash in wrestool from icoutils. The command line tools is e.g. used in KDEs metadataparsing...

[SECURITY] [DLA 788-1] pdns-recursor security update

Package : pdns-recursor Version : 3.3-3+deb7u2 CVE ID : CVE-2016-9139 Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to...

[SECURITY] [DLA 787-1] otrs2 security update

Package : otrs2 Version : 3.1.7+dfsg1-8+deb7u6 CVE ID : CVE-2016-9139 Debian Bug : 843091 A cross-site sripting vulnerability XSS was discovered in OTRS, a ticket requesting system for the web. An attacker could trick an authenticated user into opening a malicious attachment which could lead to t...

[SECURITY] [DLA 787-1] otrs2 security update

Package : otrs2 Version : 3.1.7+dfsg1-8+deb7u6 CVE ID : CVE-2016-9139 Debian Bug : 843091 A cross-site sripting vulnerability XSS was discovered in OTRS, a ticket requesting system for the web. An attacker could trick an authenticated user into opening a malicious attachment which could lead to t...

[SECURITY] [DLA 786-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u2 CVE ID : CVE-2016-9132 It was discovered that there was an integer overflow vulnerability in botan, a cryptography library. This could occur while parsing untrusted inputs such as X.509 certificates. For Debian 7 "Wheezy", this problem has been fixed ...

[SECURITY] [DLA 785-1] wireless-regdb new upstream version

Package : wireless-regdb Version : 2016.06.10-1deb7u1 This update includes the changes in wireless-regdb 2016.06.10, reflecting changes to radio regulations in many countries and adding information about additional countries. For Debian 7 "Wheezy", the update is available as version...

[SECURITY] [DLA 761-2] python-bottle regression update

Package : python-bottle Version : 0.10.11-1+deb7u3 Debian Bug : 850176 The update for python-bottle issued as DLA 761-1 would cause a crash if a unicode string was used in a header. Updated packages are now available to correct this issue. For Debian 7 "Wheezy", these problems have been fixed in...

[SECURITY] [DSA 3743-2] python-bottle regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-2 [email protected] https://www.debian.org/security/ Sebastien Delafond January 15, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3743-2] python-bottle regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-2 [email protected] https://www.debian.org/security/ Sebastien Delafond January 15, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 784-1] gcc-mozilla new package

Package : gcc-mozilla Version : 4.8.4-0deb7u1 GCC 4.8 has been packaged as gcc-mozilla for Debian 7. This package will be needed for future updates to firefox-esr and icedove, and possibly other packages that require new versions of GCC. Further information about Debian LTS security advisories, h...

[SECURITY] [DLA 684-2] libx11 regression update

Package : libx11 Version : 2:1.5.0-1+deb7u4 A possible invalid free was introduced in libx11 2:1.5.0-1+deb7u3, which could lead to application crashes or other issues. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.5.0-1+deb7u4. We recommend that you upgrade your libx11...

[SECURITY] [DSA 3765-1] icoutils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3765-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3765-1] icoutils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3765-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 782-1] icedove security update

Package : icedove Version : 45.6.0-2 CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may...

[SECURITY] [DLA 783-1] xen security update

Package : xen Version : 4.1.6.lts1-5 CVE ID : CVE-2016-10013 CVE-2016-10024 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-10013 xsa-204 Xen mishandles SYSCALL singlestep during...

[SECURITY] [DSA 3764-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3764-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3764-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3764-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3763-1] pdns-recursor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3763-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3763-1] pdns-recursor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3763-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3762-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3762-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS January 13, 2017 https://www.debian.org/security/faq -...