[SECURITY] [DSA 3615-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3615-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3613-1] libvirt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3613-1] libvirt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3612-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3612-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3612-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3612-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 540-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6a+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Debian Bug : 823830 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA...

[SECURITY] [DLA 541-1] libvirt security update

Package : libvirt Version : 0.9.12.3-1+deb7u2 CVE ID : CVE-2016-5008 It was discovered that there was a password policy issue in libvirt, a library for interfacing with different virtualization systems. Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEM...

[SECURITY] [DLA 539-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an...

[SECURITY] [DLA 538-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u2 CVE ID : CVE-2016-5350 CVE-2016-5351 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5359 The following vulnerabilities have been discovered in the Wheezys Wireshark version: CVE-2016-5350 The SPOOLS...

[SECURITY] [DLA 537-1] roundcube security update

Package : roundcube Version : 0.7.2-9+deb7u3 CVE ID : CVE-2015-8864 Roundcube, a webmail solution for IMAP servers, was susceptible to cross-site-scripting XSS vulnerabilities when handling SVG images. When right-clicking on the download link of an attached image, it was possible that embedded...

[SECURITY] [DLA 536-1] wget security update

Package : wget Version : 1.13.4-3+deb7u3 CVE ID : CVE-2016-4971 Debian Bug : 827003 On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a...

[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3611-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3611-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 535-1] xerces-c security update

Package : xerces-c Version : 3.1.1-3+deb7u4 CVE ID : CVE-2016-4463 Debian Bug : 828990 Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take...

[SECURITY] [DLA 534-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u4 CVE ID : CVE-2016-5766 CVE-2016-5766 Integer Overflow in gd2GetHeader resulting in heap overflow. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36rc1dfsg-6.1+deb7u4. We recommend that you upgrade your libgd2 packages...

[SECURITY] [DSA 3610-1] xerces-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3610-1] xerces-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3609-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3608-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3608-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 533-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u4 CVE ID : CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 PHP bugs : 70661 70728 70741 70480 CVE-2016-5093.patch Absence of null character causes unexpected zendstring length and leaks heap memory. The test script uses localegetprimarylanguage to...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 531-1] spice security update

Package : spice Version : 0.11.0-1+deb7u3 CVE ID : CVE-2016-2150 Debian Bug : 826584 A vulnerability has been found in the Simple Protocol for Independent Computing Environments, SPICE. Frediano Ziglio from Red Hat discovered that SPICE allowed local guest OS users to read from or write to...

[SECURITY] [DLA 532-1] movabletype-opensource security update

Package : movabletype-opensource Version : 5.1.4+dfsg-4+deb7u4 CVE ID : CVE-2016-5742 It was discovered that there was a SQL injection vulnerability in the XML-RPC interface in MovableType, a blogging engine. For Debian 7 "Wheezy", this issue has been fixed in movabletype-opensource version...

[SECURITY] [DLA 530-1] java-common security update

Package : java-common Version : 0.47+deb7u2 As previously announced 12, the default Java implementation has been switched from OpenJDK 6 to OpenJDK 7. We strongly recommend to remove the unsupported OpenJDK 6 packages which will receive no further security updates. 1...

[SECURITY] [DLA 529-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u5 CVE ID : CVE-2016-3092 A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...

[SECURITY] [DLA 528-1] libcommons-fileupload-java security update

Package : libcommons-fileupload-java Version : 1.2.2-1+deb7u3 CVE ID : CVE-2016-3092 A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This...

[SECURITY] [DLA 527-1] nss security update

Package : nss Version : 2:3.14.5-1+deb7u8 CVE ID : CVE-2016-2834 Four moderate rated networking security issues were found in NSS. For Debian 7 "Wheezy", these problems have been fixed in version 2:3.14.5-1+deb7u8. We recommend that you upgrade your nss packages and restart any applications that...

[SECURITY] [DLA 526-1] mysql-connector-java security update

Package : mysql-connector-java Version : 5.1.39-1deb7u1 CVE ID : CVE-2015-2575 A vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J has been discovered that may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data a...

[SECURITY] [DLA 525-1] gimp security update

Package : gimp Version : 2.8.2-2+deb7u2 CVE ID : CVE-2016-4994 It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in Gimp, the GNU Image Manipulation Program. For Debian 7 "Wheezy", this issue has been fixed in gimp version...

[SECURITY] [DSA 3606-1] libpdfbox security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 523-1] enigmail security update

Package : enigmail Version : 1.8.2-4deb7u2 This uploads corrects the dependencies of the enigmail extension so it becomes installable again together with Icedove 45. For Debian 7 "Wheezy", these problems have been fixed in version 1.8.2-4deb7u2. We recommend that you upgrade your enigmail package...

[SECURITY] [DLA 524-1] squidguard security update

Package : squidguard Version : 1.5-1+deb7u1 CVE ID : CVE-2015-8936 It was discovered that there was a reflected cross-site scripting vulnerability in squidguard, a filter and redirector plugin for Squid. For Debian 7 "Wheezy", this issue has been fixed in squidguard version 1.5-1+deb7u1. We...

[SECURITY] [DLA 519-1] icedove security update

Package : icedove Version : 45.1.0-1deb7u1 CVE ID : CVE-2016-2806 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. Debian follows the extende...

[SECURITY] [DLA 522-1] python2.7 security update

Package : python2.7 Version : 2.7.3-6+deb7u3 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of...

[SECURITY] [DLA 521-1] firefox-esr security update

Package : firefox-esr Version : 45.2.0esr-1deb7u1 CVE ID : CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2828 CVE-2016-2831 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation erro...

[SECURITY] [DSA 3605-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3605-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 520-1] horizon security update

Package : horizon Version : 2012.1.1-10+deb7u1 CVE ID : CVE-2016-4428 It was discovered that there was an XSS vulnerability in horizon, a Django module providing web interaction with OpenStack. For Debian 7 "Wheezy", this issue has been fixed in horizon version 2012.1.1-10+deb7u1. We recommend th...

[SECURITY] [DLA 518-1] mozilla-devscripts security update

Package : mozilla-devscripts Version : 0.32+deb7u1 Debian Bug : 825508 In preparation of the upcoming switch to Icedove 45 the mozilla-devscripts package was updated to generate correct dependencies for rebuilt extensions. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DLA 516-1] linux security update

Package : linux Version : 3.2.81-1 CVE ID : CVE-2016-0821 CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3157 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4482 CVE-2016-4485...

[SECURITY] [DLA 517-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u7 CVE ID : CVE-2016-4563 The code did not check the integer didnt overflow before trying to resize a buffer. A specially crafted file could result in using memory past the end of the allocated buffer. This security CVEs for this issue CVE-2016-456...

[SECURITY] [DSA 3604-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3604-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3603-1] libav security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3603-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3602-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3602-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3602-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3602-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 515-1] libav security update

Package : libav Version : 6:0.8.17-2+deb7u2 CVE ID : CVE-2016-3062 It was discovered that there was a memory corruption issue in libav a multimedia player, server, encoder and transcoder when parsing .mp4 files which could lead to crash or possibly execute arbitrary code. For Debian 7 "Wheezy",...

[SECURITY] [DSA 3601-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3601-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 514-1] libxslt security update

Package : libxslt Version : 1.1.26-14.1+deb7u1 CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Several vulnerabilities were found in libxslt. CVE-2015-7995 A missing type check could cause an application crash via a especially crafted file. CVE-2016-1683 An out of bounds heap access bug was...

[SECURITY] [DLA 513-1] nspr security update

Package : nspr Version : 2:4.9.2-1+deb7u4 CVE ID : CVE-2016-1951 It was discovered that there was a buffer overflow in a sprintf utility within nspr, the NetScape Portable Runtime library. For Debian 7 "Wheezy", this issue has been fixed in nspr version 2:4.9.2-1+deb7u4. We recommend that you...