[SECURITY] [DSA 3731-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3731-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3731-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3731-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 740-1] libgsf security update

Package : libgsf Version : 1.14.21-2.1+deb7u1 CVE ID : CVE-2016-9888 It was discovered that there was a null pointer deference exploit in libgsf, a I/O abstraction library for GNOME. An error within the "tardirectoryforfile" function could be exploited to trigger a null pointer dereference and...

[SECURITY] [DSA 3730-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3730-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3730-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3730-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 731-2] imagemagick regression update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u9 Debian Bug : 847058 The update for imagemagick issued as DLA-731-1 caused regressions when decoding properties of certain images. Updated packages are now available to address this problem. For reference, the original advisory text follows...

[SECURITY] [DLA 739-1] jasper security updat

Package : jasper Version : 1.900.1-13+deb7u5 CVE ID : CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-8883 CVE-2016-8887 CVE-2016-9560 TEMP-CVE CVE-2016-8691 FPE on unknown address ... jpcdecprocesssiz ... jpcdec.c CVE-2016-8692 FPE on unknown address...

[SECURITY] [DLA 738-1] spip security update

Package : spip Version : 2.1.17-1+deb7u7 CVE ID : CVE-2016-9152 Debian Bug : 847156 It was discovered that there was a cross-site scripting XSS vulnerability in spip, a website publishing engine, which allowed remote attackers to inject arbitrary web script or HTML via the "rac" parameter. For...

[SECURITY] [DLA 737-1] roundcube security update

Package : roundcube Version : 0.7.2-9+deb7u5 Debian Bug : 847287 It was discovered that there was a vulnerability where a remote user could execute arbitrary commands in Roundcube, a webmail solution for IMAP servers, by sending a specially crafted email. This was due to lack of sanitisation of t...

[SECURITY] [DLA 736-1] gst-plugins-bad0.10 security update

Package : gst-plugins-bad0.10 Version : 0.10.23-7.1+deb7u4 CVE ID : CVE-2016-9809 An out of bounds heap bug was found in the H264 parser in gst-plugins-bad0.10. For Debian 7 "Wheezy", these problems have been fixed in version 0.10.23-7.1+deb7u4. We recommend that you upgrade your...

[SECURITY] [DLA 735-1] gst-plugins-base0.10 security update

Package : gst-plugins-base0.10 Version : 0.10.36-1.1+deb7u1 CVE ID : CVE-2016-9811 An out of bounds heap read issue was found in gst-plugins-base0.10. For Debian 7 "Wheezy", these problems have been fixed in version 0.10.36-1.1+deb7u1. We recommend that you upgrade your gst-plugins-base0.10...

[SECURITY] [DSA 3729-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3729-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3729-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3729-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 734-1] mapserver security update

Package : mapserver Version : 6.0.1-3.2+deb7u3 CVE ID : CVE-2016-9839 It was discovered that there was an information leakage vulnerability in mapserver, a CGI-based framework for Internet map services. For Debian 7 "Wheezy", this issue has been fixed in mapserver version 6.0.1-3.2+deb7u3. We...

[SECURITY] [DLA 732-2] monit regression update

Package : monit Version : 1:5.4-2+deb7u2 CVE ID : CVE-2016-7067 Debian Bug : 847196 The update for monit issued as DLA-732-1 causes monit to segfault at actions such as start/stop/restart. This update fixes the regression. For reference the original advisory text follows. Adith Sudhakar discovere...

[SECURITY] [DLA 733-1] openafs security update

Package : openafs Version : 1.6.1-3+deb7u7 CVE ID : CVE-2016-9772 It was discovered that there was an information leak vulnerability in openafs, a distributed filesystem. Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain dead directory...

[SECURITY] [DLA 732-1] monit security update

Package : monit Version : 5.4-2+deb7u1 CVE ID : CVE-2016-7067 Adith Sudhakar discovered a cross-site request forgery CSRF issue in monit, a utility for monitoring hosts and services. An attacker could cause an authenticated admin to change monitoring for hosts/services through a forged link. This...

[SECURITY] [DLA 731-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u8 CVE ID : CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9821 CVE-2014-982...

[SECURITY] [DLA 729-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u7 CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Debian Bug : 841655 842662 842663 842664 842665 842666 845385 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP...

[SECURITY] [DLA 728-1] tomcat6 security update

Package : tomcat6 Version : 6.0.45+dfsg-1deb7u3 CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Debian Bug : 841655 842662 842663 842664 842665 842666 845385 Multiple security vulnerabilities have been discovered in the Tomcat servlet and...

[SECURITY] [DLA 730-1] firefox-esr security update

Package : firefox-esr Version : 45.5.1esr-1deb7u1 CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation erro...

[SECURITY] [DSA 3728-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3728-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3728-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3728-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 727-1] gst-plugins-good0.10 security update

Package : gst-plugins-good0.10 Version : 0.10.31-3+nmu1+deb7u1 CVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at...

[SECURITY] [DSA 3727-1] hdf5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3727-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3727-1] hdf5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3727-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 726-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2016j This update includes the changes in tzdata 2016j for the Perl bindings. For the list of changes, see DLA-725-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2016j. We recommend that you upgrade your...

[SECURITY] [DLA 725-1] tzdata new upstream version

Package : tzdata Version : 2016j-0+deb7u1 This update includes the changes in tzdata 2016j. Notable changes are: - Saratov, Russia switches from +03 to +04 on 2016-12-04 at 02:00. For Debian 7 "Wheezy", these problems have been fixed in version 2016j-0+deb7u1. We recommend that you upgrade your...

[SECURITY] [DSA 3725-1] icu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3725-1 [email protected] https://www.debian.org/security/ Luciano Bello November 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3725-1] icu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3725-1 [email protected] https://www.debian.org/security/ Luciano Bello November 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 724-1] mcabber security update

Package : mcabber Version : 0.10.1-3+deb7u1 Debian Bug : 845258 It was discovered that there was a "roster push attack" 0 in mcabber, a console-based Jabber XMPP client. For Debian 7 "Wheezy", this issue has been fixed in mcabber version 0.10.1-3+deb7u1. We recommend that you upgrade your mcabber...

[SECURITY] [DSA 3726-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3726-1 [email protected] https://www.debian.org/security/ Luciano Bello November 26, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3726-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3726-1 [email protected] https://www.debian.org/security/ Luciano Bello November 26, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 723-1] libsoap-lite-perl security update

Package : libsoap-lite-perl Version : 0.714-1+deb7u1 CVE ID : CVE-2015-8978 It was discovered that there was a "Billion Laughs" 0 XML expansion vulnerability in libsoap-lite-perl, a Perl implementation of a SOAP 1 client and server. For Debian 7 "Wheezy", this issue has been fixed in...

[SECURITY] [DLA 722-1] irssi security update

Package : irssi Version : 0.8.15-5+deb7u1 CVE ID : CVE-2016-7553 Debian Bug : 838762 An information disclosure vulnerability was found in irssi. CVE-2016-7553 Other users on the same machine as the user running irssi with buf.pl loaded may be able to retrieve the whole window contents after...

[SECURITY] [DLA 721-1] libgc security update

Package : libgc Version : 1:7.1-9.1+deb7u1 CVE ID : CVE-2016-9427 Debian Bug : 844771 libgc is vulnerable to integer overflows in multiple places. In some cases, when asked to allocate a huge quantity of memory, instead of failing the request, it will return a pointer to a small amount of memory...

[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3723-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3723-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 720-1] xen security update

Package : xen Version : 4.1.6.lts1-4 CVE ID : CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9379,...

[SECURITY] [DLA 718-1] vim security update

Package : vim Version : 2:7.3.547-7+deb7u1 CVE ID : CVE-2016-1248 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a...

[SECURITY] [DSA 3722-1] vim security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3722-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 22, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3722-1] vim security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3722-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 22, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 717-1] moin security update

Package : moin Version : 1.9.4-8+deb7u3 CVE ID : CVE-2016-7146 CVE-2016-9119 Debian Bug : 844338 844340 Several cross-site scripting vulnerabilities were discovered in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editors attachment...

[SECURITY] [DLA 716-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u8 CVE ID : CVE-2016-9273 CVE-2016-9297 CVE-2016-9532 Debian Bug : 844013 844226 844057 Multiple memory corruption issues have been identified in libtiff and its associated tools. CVE-2016-9273 Heap buffer overflow in cpStrips. CVE-2016-9297 Read outside buffe...

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3720-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3720-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...