[SECURITY] [DLA 691-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy7 CVE ID : CVE-2016-4658 CVE-2016-5131 CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free errors. But they dont necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. CVE-2016-5131 The...

[SECURITY] [DLA 690-1] tar security update

Package : tar Version : 1.26+dfsg-0.1+deb7u1 CVE ID : CVE-2016-6321 Debian Bug : 842339 A vulnerability has been discovered in the tar package that could allow an attacker to overwrite arbitrary files through crafted files. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DLA 689-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u18 CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 Debian Bug : 839834 841950 841955 842455 842463 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick EmulatorQemu. The Common...

[SECURITY] [DLA 680-2] bash version number correction

Package : bash Version : 4.2+dfsg-0.1+deb7u4 CVE ID : CVE-2016-7543 This is a correction of DLA 680-1 that mentioned that bash 4.2+dfsg-0.1+deb7u3 was corrected. The corrected package version was 4.2+dfsg-0.1+deb7u4. For completeness the text from DLA 680-1 available below with only corrected...

[SECURITY] [DLA 688-1] cairo security update

Package : cairo Version : 1.12.2-3+deb7u1 CVE ID : CVE-2016-9082 Debian Bug : 842289 It was discovered that there was a possible DoS attack in Cairo, a multi-platform library providing vector-based rendering. An SVG could generate invalid pointers from a cairoimagesurface in writepng. For Debian ...

[SECURITY] [DLA 674-2] ghostscript regression update

Package : ghostscript Version : 9.05dfsg-6.3+deb7u4 Debian Bug : 840691 The update for ghostscript issued as DLA-674-1 caused regressions for certain Postscript document viewers evince, zathura. Updated packages are now available to address this problem. For reference, the original advisory text...

[SECURITY] [DSA 3691-2] ghostscript regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3691-2] ghostscript regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3701-2] nginx regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3701-2] nginx regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 687-1] tre security update

Package : tre Version : 0.8.0-3+deb7u1 CVE ID : CVE-2016-8859 Debian Bug : 842169 A vulnerability has been found in the tre package that could allow an attacker to perform controlled heap corruption. For Debian 7 "Wheezy", these problems have been fixed in version 0.8.0-3+deb7u1. We recommend tha...

[SECURITY] [DLA 686-1] libxtst security update

Package : libxtst Version : 2:1.2.1-1+deb7u2 CVE ID : CVE-2016-7951 CVE-2016-7952 Debian Bug : 840444 Tobias Stoeckmann from the OpenBSD project discovered the following vulnerability in libXtst, the X Record extension: Insufficient validation of data from the X server can cause out of boundary...

[SECURITY] [DLA 685-1] libxi security update

Package : libxi Version : 2:1.6.1-1+deb7u2 CVE ID : CVE-2016-7945 CVE-2016-7946 Debian Bug : 840440 Tobias Stoeckmann from the OpenBSD project discovered the following vulnerability in libXi, the X11 input extension library: Insufficient validation of data from the X server can cause out of...

[SECURITY] [DLA 684-1] libx11 security update

Package : libx11 Version : 2:1.5.0-1+deb7u3 CVE ID : CVE-2016-7942 CVE-2016-7943 Debian Bug : 840439 Tobias Stoeckmann from the OpenBSD project discovered the following vulnerability in libX11, the X11 client-side library: Insufficient validation of data from the X server can cause out of boundar...

[SECURITY] [DLA 683-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u5 CVE ID : CVE-2016-7448 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 Several vulnerabilities have been found in the graphicsmagick package that may lead to denial of service through failed assertions, CPU or memory usage...

[SECURITY] [DLA 682-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2016h This update includes the changes in tzdata up to 2016h for the Perl bindings. For the list of changes, see DLA-681-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2016h. We recommend that you upgrade your...

[SECURITY] [DLA 681-1] tzdata new upstream version

Package : tzdata Version : 2016h-0+deb7u1 This update includes the changes in tzdata up to 2016h. Notable changes are: - Asia/Gaza and Asia/Hebron DST ending on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. - Europe/Istanbul switch from EET/EEST +02/+03 to permanent +03 on 2016-09-07. While the...

[SECURITY] [DLA 680-1] bash security update

Package : bash Version : 4.2+dfsg-0.1+deb7u3 CVE ID : CVE-2016-7543 An old attack vector has been corrected in bash, a sh-compatible command language interpreter. CVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in combination with insecure setuid binaries can result in root...

[SECURITY] [DLA 675-1] potrace security update

Package : potrace Version : 1.10-1+deb7u1 CVE ID : CVE-2013-7437 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 Debian Bug : 778646 Multiple vulnerabilities have been found in potrace. CVE-2013-7437...

[SECURITY] [DSA 3700-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3700-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 679-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u17 CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-8576 qemu-kvm built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could...

[SECURITY] [DLA 678-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u17 CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 Multiple vulnerabilities have been found in QEMU: CVE-2016-8576 Quick Emulator Qemu built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could...

[SECURITY] [DLA 677-1] nss security update

Package : nss Version : 3.26-1+debu7u1 The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously,...

[SECURITY] [DLA 676-1] nspr security update

Package : nspr Version : 4.12-1+deb7u1 The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously,...

[SECURITY] [DSA 3701-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-1 [email protected] https://www.debian.org/security/ Florian Weimer October 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3699-1] virtualbox end of life

------------------------------------------------------------------------- Debian Security Advisory DSA-3699-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3699-1] virtualbox end of life

------------------------------------------------------------------------- Debian Security Advisory DSA-3699-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 674-1] ghostscript security update

Package : ghostscript Version : 9.05dfsg-6.3+deb7u3 CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Debian Bug : 839118 839260 839841 839845 839846 840451 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which...

[SECURITY] [DSA 3698-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3698-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3698-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3698-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 673-1] kdepimlibs security update

Package : kdepimlibs Version : 4:4.8.4-2+deb7u1 CVE ID : CVE-2016-7966 Debian Bug : 840546 Roland Tapken discovered that insufficient input sanitizing in KMails plain text viewer allowed attackers the injection of HTML code. This might open the way to the exploitation of other vulnerabilities in...

[SECURITY] [DSA 3697-1] kdepimlibs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3697-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 672-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u12 CVE ID : CVE-2016-2848 CVE-2016-2848 A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet. Authoritative and recursive servers are both vulnerable. For Debian 7 "Wheezy", these...

[SECURITY] [DLA 670-1] linux security update

Package : linux Version : 3.2.82-1 CVE ID : CVE-2015-8956 CVE-2016-5195 CVE-2016-7042 CVE-2016-7425 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input...

[SECURITY] [DLA 671-1] libxvmc security update

Package : libxvmc Version : 2:1.0.7-1+deb7u3 CVE ID : CVE-2016-7953 CVE-2016-7953 If an empty string is received from an x-server, do not underrun the buffer by accessing "rep.nameLen - 1" unconditionally, which could end up being -1. For Debian 7 "Wheezy", these problems have been fixed in versi...

[SECURITY] [DSA 3696-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3696-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3696-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3696-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 669-1] dwarfutils security update

Package : dwarfutils Version : 20120410-2+deb7u2 CVE ID : CVE-2015-8538 CVE-2015-8750 CVE-2016-2050 CVE-2016-2091 CVE-2016-5034 CVE-2016-5036 CVE-2016-5038 CVE-2016-5039 CVE-2016-5042 Several vulnerabilities were discovered in dwarfutils, a tool and library for reading/consuming and...

[SECURITY] [DLA 668-1] libass security update

Package : libass Version : 0.10.0-3+deb7u1 CVE ID : CVE-2016-7969 CVE-2016-7972 Several vulnerabilities were discovered in libass, a library for manipulating the SubStation Alpha SSA subtitle file format. The Common Vulnerabilities and Exposures project identifies the following issues...

[SECURITY] [DLA 667-1] libxv security update

Package : libxv Version : 2:1.0.7-1+deb7u2 CVE ID : CVE-2016-5407 Debian Bug : 840438 Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X serve...

[SECURITY] [DLA 666-1] guile-2.0 security update

Package : guile-2.0 Version : 2.0.5+1-3+deb7u1 CVE ID : CVE-2016-8605 CVE-2016-8606 Debian Bug : 840555 840556 Several vulnerabilities were discovered in GNU Guile, an implementation of the Scheme programming language. The Common Vulnerabilities and Exposures project identifies the following...

[SECURITY] [DLA 665-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u6 CVE ID : CVE-2016-6911 CVE-2016-8670 CVE-2016-6911 invalid read in gdImageCreateFromTiffPtr most of the code is not present in the Wheezy version CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf For Debian 7 "Wheezy", these problems have...

[SECURITY] [DSA 3695-1] quagga security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3695-1 [email protected] https://www.debian.org/security/ Florian Weimer October 18, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 663-1] tor security update

Package : tor Version : 0.2.4.27-2 It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority. This update aims to defend against this gener...

[SECURITY] [DSA 3694-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3694-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 664-1] libxrender security update

Package : libxrender Version : 1:0.9.7-1+deb7u3 CVE ID : CVE-2016-7949 CVE-2016-7950 Debian Bug : 840443 Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of da...

[SECURITY] [DLA 662-1] quagga security update

Package : quagga Version : 0.99.22.4-1+wheezy3+deb7u1 CVE ID : CVE-2016-1245 Debian Bug : 841162 It was discovered that there was stack overrun in IPv6 RA receive code in quagga, a BGP/OSPF/RIP routing daemon. The buffer size specified when receiving mixed up two constants that have different...

[SECURITY] [DLA 661-1] libarchive security update

Package : libarchive Version : 3.0.4-3+wheezy5 CVE ID : CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 Debian Bug : 840934 840935 840936 Agostino Sarubbo of Gentoo discovered several security vulnerabilities in libarchive, a multi-format archive and compression library. An attacker could take advantag...

[SECURITY] [DLA 660-1] libxrandr security update

Package : libxrandr Version : 2:1.3.2-2+deb7u2 CVE ID : CVE-2016-7947 CVE-2016-7948 Debian Bug : 840441 Insufficient validation of data from the X server in libxrandr before v1.5.0 can cause out of boundary memory writes and integer overflows. For Debian 7 "Wheezy", these problems have been fixed...

[SECURITY] [DLA 658-1] icedove security update

Package : icedove Version : 45.4.0-1deb7u1 CVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261, CVE-2016-5257 Multiple security issues have been found in Icedove, Debians version of the Mozil...