[SECURITY] [DSA 3761-1] rabbitmq-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3761-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3761-1] rabbitmq-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3761-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 781-1] asterisk security update

Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u5 CVE ID : CVE-2014-2287 CVE-2016-7551 Debian Bug : 838832 741313 Two security vulnerabilities were discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2014-2287 channels/chansip.c in Asterisk when chansip has a certain...

[SECURITY] [DLA 780-1] libav security update

Package : libav Version : 6:0.8.19-0+deb7u1 CVE ID : CVE-2016-7424 Multiple vulnerabilities have been found in libav: CVE-2016-7424 The putnorndpixels8xy2mmx function in x86/rndtemplate.c in libav 11.7 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and...

[SECURITY] [DSA 3760-1] ikiwiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3760-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3759-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3759-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3758-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3758-1 [email protected] https://www.debian.org/security/ Florian Weimer January 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3757-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3757-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 779-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u9 CVE ID : CVE-2016-8745 Debian Bug : 849949 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processo...

[SECURITY] [DLA 773-4] python-crypto update

Package : python-crypto Version : 2.6-4+deb7u7 The previous security updates for python-crypto DLA-773-1, DLA-773-2 & DLA-773-3 were not available on non-amd64 architectures. This was due to the testsuite failing to exit gracefully when "multiprocessing" based tests were not functioning or...

[SECURITY] [DSA 3756-1] icoutils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3756-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3755-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3755-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3754-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 778-1] pcsc-lite security update

Package : pcsc-lite Version : 1.8.4-1+deb7u2 CVE ID : CVE-2016-10109 It was discovered that there was a use-after-free and double-free vulnerability in pcsc-lite, a library to access smart cards that use the WindowsR SCard interface "PC/SC". For Debian 7 "Wheezy", this issue has been fixed in...

[SECURITY] [DSA 3753-1] libvncserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3753-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3753-1] libvncserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3753-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 05, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 773-3] python-crypto regression update

Package : python-crypto Version : 2.6-4+deb7u6 CVE ID : CVE-2013-7459 Debian Bug : 849495, 850025, 850077 It was discovered that the previous attempt to fix the regression in python-crypto, a cryptographic algorithms and protocols for Python, was incorrect. This regression was initially introduce...

[SECURITY] [DSA 3752-1] pcsc-lite security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3752-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 773-2] python-crypto regression update

Package : python-crypto Version : 2.6-4+deb7u5 CVE ID : CVE-2013-7459 Debian Bug : 849495, 850025, 850077 It was discovered that there was a regression in the recent update to python-crypto, a cryptographic algorithms and protocols for Python. We now raise a warning not an error on invalid input ...

[SECURITY] [DSA 3750-2] libphp-phpmailer regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3750-2 [email protected] https://www.debian.org/security/ Thijs Kinkhorst January 3, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 770-2] libphp-phpmailer regression update

Package : libphp-phpmailer Version : 5.1-1.2 CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for...

[SECURITY] [DLA 777-1] libvncserver security update

Package : libvncserver Version : 0.9.9+dfsg-1+deb7u2 CVE IDs : CVE-2016-9941, CVE-2016-9942 Debian Bugs : 850007, 850008 It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: CVE-2016-9941: Fix a heap-based buffer overflow that allows remot...

[SECURITY] [DLA 776-1] samba security update

Package : samba Version : 2:3.6.6-6+deb7u11 CVE ID : CVE-2016-2125 Simo Sorce of Red Hat discovered that the Samba client code always requests a forwardable ticket when using Kerberos authentication. A target server, which must be in the current or trusted domain/realm, is given a valid general...

[SECURITY] [DLA 775-1] hplip security update

Package : hplip Version : 3.12.6-3.1+deb7u2 CVE ID : CVE-2015-0839 Debian Bug : 787353 CVE-2015-0839 The hplip plugin download function verifies the driver using a short-key. This is not secure because it is trivial to generate keys with arbitrary key IDs. For Debian 7 "Wheezy", these problems ha...

[SECURITY] [DLA-774-1] postgresql-common security update

Package : postgresql-common Version : 134wheezy5 A security vulnerability and a data loss bug have been found in postgresql-common, Debians PostgreSQL database cluster management tools. CVE-2016-1255 Dawid Golunski discovered that a symlink in /var/log/postgresql/ could be used by the "postgres"...

[SECURITY] [DLA 772-1] linux security update

Package : linux Version : 3.2.84-1 CVE ID : CVE-2012-6704 CVE-2015-1350 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911 CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9178 CVE-2016-9555 CVE-2016-9576 CVE-2016-9756 CVE-2016-9793...

[SECURITY] [DSA 3751-1] libgd2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3751-1] libgd2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 773-1] python-crypto security update

Package : python-crypto Version : 2.6-4+deb7u4 CVE ID : CVE-2013-7459 Debian Bug : 849495 It was discovered that there was a vulnerability in python-crypto, a library of cryptographic algorithms and protocols for Python. Calling AES.new with an invalid parameter could crash the Python interpreter...

[SECURITY] [DLA 771-1] hdf5 security update

Package : hdf5 Version : 1.8.8-9+deb7u1 CVE ID : CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 Debian Bug : 845301 Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when...

[SECURITY] [DLA 770-1] libphp-phpmailer security update

Package : libphp-phpmailer Version : 5.1-1.2 CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for...

[SECURITY] [DSA 3750-1] libphp-phpmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3750-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst December 31, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 769-1] shutter security update

Package : shutter Version : 0.88.3-1+deb7u1 CVE ID : CVE-2015-0854 Debian Bug : 798862 The feature-rich screenshot program shutter uses the system call in an unsafe way. This allows an attacker to execute arbitrary programs via crafted directory names. For Debian 7 "Wheezy", this problem has been...

[SECURITY] [DLA 768-1] pgpdump security update

Package : pgpdump Version : 0.27-1+deb7u1 CVE ID : CVE-2016-4021 Debian Bug : 773747 The readbinary function in buffer.c in pgpdump, a PGP packet visualizer, allows context-dependent attackers to cause a denial of service infinite loop and CPU consumption via crafted input. This was assigned...

[SECURITY] [DLA 767-1] curl security update

Package : curl Version : 7.26.0-1+wheezy18 CVE ID : CVE-2016-9586 Debian Bug : 848958 It was discovered that libcurls implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. The fla...

[SECURITY] [DLA 685-2] libxi regression update

Package : libxi Version : 2:1.6.1-1+deb7u3 Debian Bug : 849026 A regression was found in the previous libxi update. An uninitialized pointer could be freed, causing crashes. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.6.1-1+deb7u3. We recommend that you upgrade your libxi...

[SECURITY] [DSA 3749-1] dcmtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3749-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3749-1] dcmtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3749-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 766-1] libcrypto++ security update

Package : libcrypto++ Version : 5.6.1-6+deb7u3 CVE ID : CVE-2016-9939 Debian Bug : 848009 Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a C++ cryptographic library, contained a bug in several ASN.1 parsing routines. This would allow an attacker to remotely cause a denial of servic...

[SECURITY] [DLA 765-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing pack...

[SECURITY] [DLA 764-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in QEMU: CVE-2016-9911 Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing...

[SECURITY] [DSA 3748-1] libcrypto++ security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3748-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 26, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3748-1] libcrypto++ security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3748-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 26, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 763-1] squid3 security update

Package : squid3 Version : 3.1.20-2.2+deb7u7 CVE ID : CVE-2016-10002 Debian Bug : 848493 Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests,...

[SECURITY] [DLA 762-1] exim4 security update

Package : exim4 Version : 4.80-7+deb7u4 CVE ID : CVE-2016-9963 Bjoern Jacke discovered that Exim, Debians default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3747-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3747-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3747-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3747-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 760-1] spip security update

Package : spip Version : 2.1.17-1+deb7u8 CVE ID : CVE-2016-9997 CVE-2016-9998 Debian Bug : 848641 Multiple reflected cross-site scripting XSS vulnerabilities have been discovered in SPIP, a website publishing engine written in PHP. CVE-2016-9997 It was discovered that the id parameter to the...

[SECURITY] [DLA 757-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u7 CVE ID : CVE-2016-4412 CVE-2016-6626 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2016-9865 Various security issues where found and fixed in phpmyadmin in wheezy. CVE-2016-4412 / PMASA-2016-57 A user can be tricked in following a...