[SECURITY] [DLA 657-1] libarchive security update

Package : libarchive Version : 3.0.4-3+wheezy4 CVE ID : CVE-2016-5418 Debian Bug : 837714 It was found that libarchive mishandled hardlink archive entries of non-zero data size, possibly allowing remote attackers to to write to arbitrary files via especially crafted archives. For Debian 7 "Wheezy...

[SECURITY] [DLA 656-1] libdbd-mysql-perl security update

Package : libdbd-mysql-perl Version : 4.021-1+deb7u2 CVE ID : CVE-2016-1246 Paul Rohar discovered that libdbd-mysql-perl, the Perl DBI database driver for MySQL and MariaDB, constructed an error message in a fixed-length buffer, leading to a crash FORTIFYSOURCE failure and, potentially, to denial...

[SECURITY] [DLA 655-1] mpg123 security update

Several security vulnerabilities have been discovered in mpg123, an MPEG layer 1/2/3 audio decoder and player. An attacker could take advantage of these flaws to cause a denial of service against mpg123 or applications using the libmpg123 library with a carefully crafted input file. CVE-2014-9497...

[SECURITY] [DSA 3693-1] libgd2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 14, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 654-1] libxfixes security update

Package : libxfixes Version : 1:5.0-4+deb7u2 CVE ID : CVE-2016-7944 Debian Bug : 840442 It was discovered that there was a integer overflow in libxfixes, a library providing a client interface to the X11 XFIXES extension. The 32 bit field "rep.length" was not checked for validity, which allowed a...

[SECURITY] [DSA 3692-1] freeimage security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3692-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3691-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3691-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 653-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u16 CVE ID : CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in qemu-kvm allows attackers to execute arbitrary...

[SECURITY] [DLA 652-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u16 CVE ID : CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 Multiple vulnerabilities have been found in QEMU: CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU aka Quick Emulator allows attackers to execute...

[SECURITY] [DLA 651-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u4 CVE ID : CVE-2016-7446 CVE-2016-7447 CVE-2016-7449 CVE-2016-7800 Debian Bug : Various security issues were found and fixed in graphicsmagick in Debian wheezy LTS. CVE-2016-7446 Heap buffer overflow issue in MVG/SVG rendering. CVE-2016-7447 Heap...

[SECURITY] [DSA 3690-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 650-1] mat security update

Package : mat Version : 0.3.2-1+deb7u1 Debian Bug : 826101 An implementation flaw was discovered in mat, the metadata anonymisation toolkit. The implementation of PDF support lacks support to anonymize the metadata in embedded images. As there is no easy fix for this flaw, it was decided that PDF...

[SECURITY] [DSA 3689-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3689-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA DLA-649-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401 It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework. More information can be found in the upstream announcemen...

[SECURITY] [DLA DLA-649-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401 It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework. More information can be found in the upstream announcemen...

[SECURITY] [DLA 648-1] c-ares security update

Package : c-ares Version : 1.9.1-3+deb7u1 CVE ID : CVE-2016-5180 Debian Bug : 839151 Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to...

[SECURITY] [DLA DLA-647-1] freeimage security update

Package : freeimage Version : 3.15.1-1.1+deb7u1 CVE ID : CVE-2016-5684 Debian Bug : 839827 It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file...

[SECURITY] [DLA DLA-647-1] freeimage security update

Package : freeimage Version : 3.15.1-1.1+deb7u1 CVE ID : CVE-2016-5684 Debian Bug : 839827 It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file...

[SECURITY] [DLA 646-1] zendframework security update

Package : zendframework Version : 1.11.13-1.1+deb7u5 CVE ID : CVE-2016-4861 CVE-2016-4861 The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution...

[SECURITY] [DSA 3688-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3688-1 [email protected] https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3687-1] nspr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3687-1 [email protected] https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 645-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 CVE ID : CVE-2016-2775 CVE-2016-2776 Debian Bug : 831796 839010 CVE-2016-2775 lwresd crash with long query name Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232. CVE-2016-2776 assertion failure due to unspecified crafted...

[SECURITY] [DLA 644-1] libav security update

Package : libav Version : 6:0.8.18-0+deb7u1 CVE ID : CVE-2015-1872 CVE-2015-5479 CVE-2016-7393 Multiple vulnerabilities have been found in libav: CVE-2015-1872 The ffmjpegdecodesof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Sta...

[SECURITY] [DSA 3686-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3686-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3685-1] libav security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3685-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3684-1] libdbd-mysql-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3684-1 [email protected] https://www.debian.org/security/ Florian Weimer October 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3683-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3683-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3683-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3683-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3681-2] wordpress regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3681-2 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3682-1] c-ares security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3682-1 [email protected] https://www.debian.org/security/ Florian Weimer September 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 636-2] firefox-esr regression update

Package : firefox-esr Version : 45.4.0esr-1deb7u2 The update of firefox-esr to 45.4.0esr-1deb7u1 caused build failure on armel and armhf architectures. For Debian 7 "Wheezy", these problems have been fixed in version 45.4.0esr-1deb7u2. We recommend that you upgrade your firefox-esr packages...

[SECURITY] [DLA 643-1] chicken security update

Package : chicken Version : 4.7.0-1+deb7u1 CVE ID : CVE-2016-6830 CVE-2016-6831 Multiple vulnerabilities have been found in the CHICKEN Scheme compiler: CVE-2016-6830 Buffer overrun in CHICKEN Schemes "process-execute" and "process-spawn" procedures from the posix unit CVE-2016-6831 Memory leak i...

[SECURITY] [DLA 642-1] ruby-activerecord-3.2 security update

Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u3 CVE ID : CVE-2016-0753 Active Record in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended...

[SECURITY] [DLA 641-1] ruby-activesupport-3.2 security update

Package : ruby-activesupport-3.2 Version : 3.23.2.6-6+deb7u3 CVE ID : CVE-2016-0753 Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass...

[SECURITY] [DLA 640-1] icedove security update

Package : icedove Version : 1:45.3.0-1deb7u1 CVE ID : CVE-2016-2836 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For Debian 7 "Wheezy",...

[SECURITY] [DSA 3681-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3681-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3680-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3680-1 [email protected] https://www.debian.org/security/ Florian Weimer September 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 636-1] firefox-esr security update

Package : firefox-esr Version : 45.4.0esr-1deb7u1 CVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Multiple security issues have been found in the Mozilla Firefox web...

[SECURITY] [DSA 3679-1] jackrabbit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3679-1 [email protected] https://www.debian.org/security/ Florian Weimer September 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3678-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3678-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 639-1] mactelnet security update

Package : mactelnet Version : 0.3.4-1+deb7u1 CVE ID : CVE-2016-7115 CVE-2016-7115 Buffer overflow in the handlepacket function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MTCPTYPEENCRYPTIONKEY control...

[SECURITY] [DLA 638-1] policycoreutils security update

Package : policycoreutils Version : 2.1.10-9+deb7u1 CVE ID : CVE-2016-7545 Debian Bug : 838599 It was discovered that there was a sandbox escape via the "TIOCSTI" ioctl in policycoreutils, a set of programs required for the basic operation of an SELinux-based system. For Debian 7 "Wheezy", this...

[SECURITY] [DLA 637-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb7u1 CVE ID : CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL...

[SECURITY] [DSA 3677-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3677-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3677-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3677-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3676-1] unadf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3676-1 [email protected] https://www.debian.org/security/ Luciano Bello September 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3676-1] unadf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3676-1 [email protected] https://www.debian.org/security/ Luciano Bello September 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 635-1] dwarfutils security update

Package : dwarfutils Version : 20120410-2+deb7u1 CVE IDs : CVE-2016-7510 CVE-2016-7511 It was discovered that there were out-of-bounds read issues in dwarfutils, a library to consume and produce DWARF debug information. For Debian 7 "Wheezy", this issue has been fixed in dwarfutils version...