[SECURITY] [DLA 715-1] drupal7 security update

Package : drupal7 Version : 7.14-2+deb7u15 CVE ID : CVE-2016-9449 CVE-2016-9451 Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005. For Debian 7 "Wheezy",...

[SECURITY] [DLA 714-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u5 CVE ID : CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 The following vulnerabilities have been discovered in the Debian Wheezys Wireshark version: CVE-2016-9373 The DCERPC dissector could crash CVE-2016-9374 The AllJoyn...

[SECURITY] [DSA 3719-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3719-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3719-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3719-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 713-1] sniffit security update

Package : sniffit Version : 0.3.7.beta-16.1+deb7u1 CVE ID : CVE-2014-5439 Debian Bug : 845122 It was discovered that there was a buffer overflow in the packet sniffer and monitoring tool "sniffit" which allowed a specially-crafted configuration file to provide a root shell. For Debian 7 "Wheezy",...

[SECURITY] [DLA 712-1] gst-plugins-bad0.10 security update

Package : gst-plugins-bad0.10 Version : 0.10.23-7.1+deb7u3 CVE ID : CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9445 CVE-2016-9446 Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. He also found that an initializ...

[SECURITY] [DLA 711-1] curl security update

Package : curl Version : 7.26.0-1+wheezy17 CVE ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8615 If cookie state is written into a cookie jar file that is later read back and used for subsequent request...

[SECURITY] [DSA 3718-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3718-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3717-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3717-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 710-1] akonadi update

Package : akonadi Version : 1.7.2-3+deb7u1 Debian Bug : 843534 In some configurations the MySQL storage backend for Akonadi, an extensible cross-desktop Personal Information Management PIM storage service failed to start after applying the MySQL 5.5.53 security upgrade. This update extends the...

[SECURITY] [DSA 3716-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3716-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA-709-1] postgresql-9.1 update

Package : postgresql-9.1 Version : 9.1.24-0+deb7u1 Several bugs were discovered in PostgreSQL, a relational database server system. This update corrects various stability issues. 9.1.24 marks the end of life of the PostgreSQL 9.1 branch. No further releases will be made by the PostgreSQL Global...

[SECURITY] [DLA 708-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.53-0+deb7u1 CVE ID : CVE-2016-5584 CVE-2016-7440 Debian Bug : 841050 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such...

[SECURITY] [DSA 3714-1] akonadi update

------------------------------------------------------------------------- Debian Security Advisory DSA-3714-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3715-1] moin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3715-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3715-1] moin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3715-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3713-1] gst-plugins-bad0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3713-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 707-1] sudo security update

Package : sudo Version : 1.8.5p2-1+nmu3+deb7u2 CVE ID : CVE-2016-7032 CVE-2016-7076 Debian Bug : 842507 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user supplied argument. A...

[SECURITY] [DSA 3712-1] terminology security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3712-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3710-1] pillow security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3710-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3709-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3709-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3709-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3709-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3708-1] mat security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3707-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 705-1] python-imaging security update

Package : python-imaging Version : 1.1.7-4+deb7u3 CVE IDs : CVE-2016-9189 CVE-2016-9190 It was discovered that there were a number of memory overflow issues in in python-imaging, a Python image manipulation library. For Debian 7 "Wheezy", this issue has been fixed in python-imaging version...

[SECURITY] [DSA 3706-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3706-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3706-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3706-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 704-1] openjdk-7 security update

Package : openjdk-7 Version : 7u111-2.6.7-2deb7u1 CVE ID : CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Debian Bug : 841692 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure, denial ...

[SECURITY] [DLA 703-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2016i This update includes the changes in tzdata 2016i for the Perl bindings. For the list of changes, see DLA-702-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2016i. We recommend that you upgrade your...

[SECURITY] [DLA 702-1] tzdata new upstream version

Package : tzdata Version : 2016i-0+deb7u1 This update includes the changes in tzdata 2016i. Notable changes are: - Pacific/Tongatapu DST starting on 2016-11-06 at 02:00. - Northern Cyprus is now +03 year round, the Asia/Famagusta zone has been added. - Antarctica/Casey switched from +08 to +11 on...

[SECURITY] [DLA 701-1] memcached security update

Package : memcached Version : 1.4.13-0.2+deb7u2 CVE ID : CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Debian Bug : 735314 842811 842812 842814 Multiple vulnerabilites have been found in memcached, a high-performance memory object caching system. A remote attacker could take advantage o...

[SECURITY] [DLA 700-1] libxslt security update

Package : libxslt Version : 1.1.26-14.1+deb7u2 CVE ID : CVE-2016-4738 Debian Bug : 842570 A heap overread bug was found in libxslt, which can cause arbitrary code execution or denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.26-14.1+deb7u2. We recommend that...

[SECURITY] [DSA 3705-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3705-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3704-1] memcached security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3704-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3704-1] memcached security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3704-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 699-1] xen security update

Package : xen Version : 4.1.6.lts1-3 CVE ID : CVE-2016-7777 Xen does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the...

[SECURITY] [DLA 698-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u18 CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Debian Bug : 839834 841950 841955 842455 842463 Several vulnerabilities were discovered in qemu, a fast processor...

[SECURITY] [DLA 697-1] bsdiff security update

Package : bsdiff Version : 4.3-14+deb7u1 CVE ID : CVE-2014-9862 It was discovered that there was an "arbitrary write" vulnerability in bsdiff, a tool to patches between binary files. For Debian 7 "Wheezy", this issue has been fixed in bsdiff version 4.3-14+deb7u1. We recommend that you upgrade yo...

[SECURITY] [DLA 696-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 CVE ID : CVE-2016-8864 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processi...

[SECURITY] [DLA 695-1] spip security update

Package : spip Version : 2.1.17-1+deb7u6 CVE ID : CVE-2016-7980 CVE-2016-7981 CVE-2016-7982 CVE-2016-7998 CVE-2016-7999 Multiple vulnerabilities have been discovered in SPIP, a website engine for publishing written in PHP. CVE-2016-7980 Nicolas Chatelain of Sysdream Labs discovered a cross-site...

[SECURITY] [DLA 694-1] libwmf security update

Package : libwmf Version : 0.2.8.4-10.3+deb7u2 CVE ID : CVE-2016-9011 Debian Bug : 842090 Agostino Sarubbo from Gentoo discovered a flaw in libwmfs Windows Metafile Format WMF parser which caused allocation of excessive amount of memory potentially leading to a crash. For Debian 7 "Wheezy", these...

[SECURITY] [DLA 693-1] tiff security update

Package : tiff Version : 4.0.2-6+deb7u7 CVE ID : CVE-2014-8128 CVE-2015-7554 CVE-2015-8668 CVE-2016-3186 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-5102 CVE-2016-5318 CVE-2016-5319 CVE-2016-5652 CVE-2016-6223 CVE-2016-8331 Debian Bug...

[SECURITY] [DLA 692-1] tiff3 security update

Package : tiff3 Version : 3.9.6-11+deb7u2 CVE ID : CVE-2015-7554 CVE-2016-5318 Applications using libtiff can trigger buffer overflows through TIFFGetField when processing TIFF images with unknown tags. For Debian 7 "Wheezy", these problems have been fixed in version 3.9.6-11+deb7u2. We recommend...

[SECURITY] [DSA 3703-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3703-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3702-1] tar security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3702-1] tar security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 691-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy7 CVE ID : CVE-2016-4658 CVE-2016-5131 CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free errors. But they dont necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. CVE-2016-5131 The...

[SECURITY] [DLA 690-1] tar security update

Package : tar Version : 1.26+dfsg-0.1+deb7u1 CVE ID : CVE-2016-6321 Debian Bug : 842339 A vulnerability has been discovered in the tar package that could allow an attacker to overwrite arbitrary files through crafted files. For Debian 7 "Wheezy", these problems have been fixed in version...