[SECURITY] [DLA 589-1] mupdf security update

Package : mupdf Version : 0.9-2+deb7u3 CVE ID : CVE-2016-6525 Debian Bug : 833417 A flaw was discovered in the pdfloadmeshparams function allowing out-of-bounds write access to memory locations. With carefully crafted input, that could trigger a heap overflow, resulting in application crash or...

[SECURITY] [DLA 588-1] mongodb security update

Package : mongodb Version : 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087 Two security related problems have been found in the mongodb package, related to logging. CVE-2016-6494 World-readable .dbshell history file TEMP-0833087-C5410D Bruteforcable challenge responses in...

[SECURITY] default-java switch to OpenJDK 7 - Icedtea plugin

Package : icedtea-web Version : 1.4-3deb7u3 As it was announced earlier, the default Java version in Wheezy has been bumped to Java 7, as Java 6 could no longer be supported. To follow this change, the icedtea-plugin package has been updated to depend on icedtea-7-plugin rather than...

[SECURITY] default-java switch to OpenJDK 7 - Icedtea plugin

Package : icedtea-web Version : 1.4-3deb7u3 As it was announced earlier, the default Java version in Wheezy has been bumped to Java 7, as Java 6 could no longer be supported. To follow this change, the icedtea-plugin package has been updated to depend on icedtea-7-plugin rather than...

[SECURITY] [DSA 3643-1] kde4libs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3643-1] kde4libs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3642-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3642-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 579-1] openjdk-7 security update

Package : openjdk-7 Version : 7u111-2.6.7-1deb7u1 CVE ID : CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or...

[SECURITY] [DLA 567-2] mysql-5.5 security and regression update

Package : mysql-5.5 Version : 5.5.50-0+deb7u2 CVE ID : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 Several vulnerabilities have been found in the MySQL Database Server. These vulnerabilities are addressed by upgrading MySQL to the recent upstream 5.5.50 version. Please refer to the...

[SECURITY] [DLA 586-1] curl security update

Package : curl Version : 7.26.0-1+wheezy14 CVE ID : CVE-2016-5419 CVE-2016-5420 CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when...

[SECURITY] [DSA 3641-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3641-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 584-1] libsys-syslog-perl security update

Package : libsys-syslog-perl Version : 0.29-1+deb7u1 CVE ID : CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory...

[SECURITY] [DLA 585-1] firefox-esr security update

Package : firefox-esr Version : 45.3.0esr-1deb7u1 CVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 Multiple security issues have been found in the Mozilla Firefox web...

[SECURITY] [DLA 575-2] collectd regression update

Package : collectd Version : 5.1.0-3+deb7u2 Debian Bug : 833013 The previous upload of collectd surfaced a problem in the way the network plugin initializes gcrypt preventing the plugin from being loaded when packet signing or encryption is enabled. Previously, this may have led to program crashe...

[SECURITY] [DSA 3640-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3640-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3639-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3639-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3639-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3639-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3638-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3638-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 581-1] libreoffice security update

Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u7 CVE ID : CVE-2016-4324 Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. For Debian 7 "Wheezy", these problems have...

[SECURITY] [DLA 583-1] lighttpd security update

Package : lighttpd Version : 1.4.31-4+deb7u5 CVE ID : CVE-2016-1000212 Debian Bug : 832571 Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables...

[SECURITY] [DLA 582-1] libidn security update

Package : libidn Version : 1.25-2+deb7u2 CVE ID : CVE-2015-8948 CVE-2016-6261 CVE-2016-6263 Multiple vulnerabilities have been discovered in libidn. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8948 When idn is reading one zero byte as input an...

[SECURITY] [REGRESSION] [DLA -] graphite2 regression update

Package : graphite2 Version : 1.3.6-1deb7u2 The previous upload of graphite2 on 2016-04-26 included a .shlib file which did not match the shipped shared libraries preventing packages build-depending on graphite2 libraries to build. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3637-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3637-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3637-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3637-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 578-1] openssh security update

Package : openssh Version : 6.0p1-4+deb7u5 CVE ID : CVE-2016-6210 OpenSSH secure shell client and server had a user enumeration problem reported. CVE-2016-6210 User enumeration via covert timing channel For Debian 7 "Wheezy", this problem has been fixed in version 6.0p1-4+deb7u5. We recommend tha...

[SECURITY] [DLA 577-1] redis security update

Package : redis Version : 2:2.4.14-1+deb7u1 CVE ID : CVE-2013-7458 Debian Bug : 832460 It was discovered that the redis-cli tool in redis an in-memory key-value database created world-readable history files. For Debian 7 "Wheezy", this issue has been fixed in redis version 2:2.4.14-1+deb7u1. We...

[SECURITY] [DSA 3634-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3634-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3634-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3634-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 572-1] icedove security update

Package : icedove Version : 1:45.2.0-2deb7u1 CVE ID : CVE-2016-2818 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For Debian 7 "Wheezy",...

[SECURITY] [DLA 576-1] libdbd-mysql-perl security update

Package : libdbd-mysql-perl Version : 4.021-1+deb7u1 CVE ID : CVE-2014-9906 CVE-2015-8949 Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an...

[SECURITY] [DLA 574-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u14 CVE ID : CVE-2015-5239 CVE-2016-2857 CVE-2016-4020 CVE-2016-4439 CVE-2016-5403 CVE-2016-6351 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures projec...

[SECURITY] [DLA 573-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u14 CVE ID : CVE-2015-5239 CVE-2016-2857 CVE-2016-4020 CVE-2016-4439 CVE-2016-5403 CVE-2016-6351 Multiple vulnerabilities have been discovered in QEMU, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following...

[SECURITY] [DLA 575-1] collectd security update

Package : collectd Version : 5.1.0-3+deb7u1 CVE ID : CVE-2016-6254 Debian Bug : 832507 832577 Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to...

[SECURITY] [DLA 571-1] xen security update

Package : xen Version : 4.1.6.lts1-1 CVE ID : CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4480 CVE-2016-6258 Debian Bug : Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifi...

[SECURITY] [DSA 3636-1] collectd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3636-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3636-1] collectd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3636-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 570-1] kde4libs security update

Package : kde4libs Version : 4:4.8.4-4+deb7u2 CVE ID : CVE-2016-6232 Debian Bug : 832620 It was possible to trick kde4libss KArchiveDirectory::copyTo function to extract files to arbitrary system locations from a specially prepared tar file outside of the extraction folder. For Debian 7 "Wheezy",...

[SECURITY] [DLA 569-1] xmlrpc-epi security update

Package : xmlrpc-epi Version : 0.54.2-1+deb7u1 CVE ID : CVE-2016-6296 Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact...

[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 568-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u11 CVE ID : CVE-2016-5387 CVE-2016-5832 CVE-2016-5834 CVE-2016-5835 CVE-2016-5838 CVE-2016-5839 Debian Bug : 828225 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies...

[SECURITY] [DLA 566-1] cakephp security update

Package : cakephp Version : 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML a...

[SECURITY] [DLA 565-1] perl security update

Package : perl Version : 5.14.2-21+deb7u4 CVE ID : CVE-2016-1238 CVE-2016-6185 Debian Bug : 829578 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 Joh...

[SECURITY] [DLA 564-1] tardiff security update

Package : tardiff Version : 0.1-1+deb7u1 CVE ID : CVE-2015-0857 CVE-2015-0858 Two vulnerabilities were found in tardiff: CVE-2015-0857 Arbitrary command execution was possible via shell metacharacters in the name of a 1 tar file or 2 file within a tar file. CVE-2015-0858 Local users could write t...

[SECURITY] [DSA 3633-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3633-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3632-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3632-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 563-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u5 CVE ID : CVE-2016-6161 A global out of bounds read when encoding gif from malformed input was found in this software. When given invalid inputs, we might be fed the EOF marker before it is actually the EOF. The gif logic assumes once it sees the...

[SECURITY] [DSA 3631-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3631-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 26, 2016 https://www.debian.org/security/faq -...