[SECURITY] [DLA 512-1] mantis security update

Package : mantis Version : 1.2.18-1+deb7u1 CVE ID : CVE-2016-5364 It was discovered that there was an XSS vulnerability in custom field management in mantis, a web-based bug tracking system. For Debian 7 "Wheezy", this issue has been fixed in mantis version 1.2.18-1+deb7u1. We recommend that you...

[SECURITY] [DLA 511-1] libtorrent-rasterbar security update

Package : libtorrent-rasterbar Version : 0.15.10-1+deb7u1 CVE ID : CVE-2016-5301 Debian Bug : 826380 A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent in the parsechunkheader function. Although this function is not present in this version,...

[SECURITY] [DLA 510-1] p7zip security update

Package : p7zip Version : 9.20.1dfsg.1-4+deb7u2 CVE ID : CVE-2016-2335 Debian Bug : 824160 Marcin Icewall Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take...

[SECURITY] [DLA 509-1] samba security update

Package : samba Version : 2:3.6.6-6+deb7u10 Debian Bug : 820982 821811 The Samba 2:3.6.6-6+deb7u9 release, issued by the DSA-3548-1, introduced different regressions causing trust relationship with Win 7 domains to fail. The fix for the CVE-2016-2115 has been reverted, so administrators should se...

[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3600-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3599-1] p7zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3599-1] p7zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 508-1] expat security update

Package : expat Version : 2.1.0-1+deb7u4 CVE ID : CVE-2012-6702 CVE-2016-5300 Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 This issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XMLParse...

[SECURITY] [DLA 505-1] libpdfbox-java security update

Package : libpdfbox-java Version : 1:1.7.0+dfsg-4+deb7u1 CVE ID : CVE-2016-2175 Apache PDFBox did not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF. This may lead to the disclosure of confidential data,...

[SECURITY] [DLA 504-1] libxstream-java security update

Package : libxstream-java Version : 1.4.2-1+deb7u1 CVE ID : CVE-2016-3674 Debian Bug : 819455 It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks. For Debian 7 "Wheezy", these problems have been fixed in version...

[SECURITY] [DSA 3598-1] vlc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3598-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3597-1] expat security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3597-1 [email protected] https://www.debian.org/security/ Luciano Bello June 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3597-1] expat security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3597-1 [email protected] https://www.debian.org/security/ Luciano Bello June 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 507-1] nss security update

Package : nss Version : 2:3.14.5-1+deb7u7 CVE ID : CVE-2015-4000 Debian Bug : N/A A vulnerability has been found in nss. CVE-2015-4000 With TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which...

[SECURITY] [DLA 506-1] dhcpcd5 security update

Package : dhcpcd5 Version : 5.5.6-1+deb7u2 CVE ID : CVE-2014-7912 CVE-2014-7913 Debian Bug : N/A Two vulnerabilities were discovered in dhcpcd5 a DHCP client package. A remote on a local network attacker can possibly execute arbitrary code or cause a denial of service attack by crafted messages...

[SECURITY] [DSA 3596-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3596-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3596-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3596-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3595-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3595-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3595-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3595-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3548-3] samba regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3548-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3548-3] samba regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3548-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3594-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3594-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3594-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3594-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 503-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy6 CVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483 Debian Bug : 812807 813613...

[SECURITY] [DSA 3593-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3593-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3593-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3593-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 500-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u6 CVE ID : CVE-2016-5118 Debian Bug : 825799 Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input...

[SECURITY] [DLA 502-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u2 CVE ID : CVE-2016-5118 Debian Bug : 825800 Bob Friesenhahn discovered a command injection vulnerability in Graphicsmagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitra...

[SECURITY] Debian 7 Wheezy LTS now supporting armel and armhf

Debian Long Term Support LTS is a project created to extend the life of all Debian stable releases to at least 5 years. Thanks to the LTS sponsors, Debians buildd maintainers and the Debian FTP Team are excited to announce that two new architectures, armel and armhf, are going to be supported in...

[SECURITY] Debian 7 Wheezy LTS now supporting armel and armhf

Debian Long Term Support LTS is a project created to extend the life of all Debian stable releases to at least 5 years. Thanks to the LTS sponsors, Debians buildd maintainers and the Debian FTP Team are excited to announce that two new architectures, armel and armhf, are going to be supported in...

[SECURITY] [DLA 501-1] gdk-pixbuf security update

Package : gdk-pixbuf Version : 2.26.1-1+deb7u5 CVE ID : CVE-2015-7552 It was discovered that the original fix for CVE-2015-7552 DLA-450-1 was incomplete. A heap-based buffer overflow in gdk-pixbuf, a library for image loading and saving facilities, fast scaling and compositing of pixbufs, allows...

[SECURITY] [DSA 3592-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3591-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3591-1 [email protected] https://www.debian.org/security/ Luciano Bello June 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3591-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3591-1 [email protected] https://www.debian.org/security/ Luciano Bello June 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3590-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3590-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3590-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3590-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 499-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u3 CVE ID : CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2015-8865 The...

[SECURITY] [DLA 498-1] ruby-activemodel-3.2 security update

Package : ruby-activemodel-3.2 Version : 3.23.2.6-3+deb7u1 CVE ID : CVE-2016-0753 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intende...

[SECURITY] [DLA 497-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u1 CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576...

[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update

Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change...

[SECURITY] [DLA 495-1] libtasn1-3 security update

Package : libtasn1-3 Version : 2.13-2+deb7u3 CVE ID : CVE-2016-4008 CVE-2016-4008: infinite loop while parsing DER certificates The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a...

[SECURITY] [DLA 481-2] phpmyadmin regression update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u4 CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2045 CVE-2016-2560 Debian Bug : 825301 The previous security upload broke the search pages in phpMyAdmin. This was caused by a broken patch applied to fix...

[SECURITY] [DSA 3589-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3589-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3589-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3589-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 494-1] eglibc security update

Package : eglibc Version : 2.13-38+deb7u11 CVE ID : CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc: CVE-2016-1234 Alexander Cherepanov discovered that the glibcs glob implementation suffered from a stack-based buffer overflow...

[SECURITY] [DSA 3588-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3588-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3588-1 [email protected] https://www.debian.org/security/ Luciano Bello May 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 492-1] pdns security update

Package : pdns Version : 3.1-4.1+deb7u1 CVE ID : CVE-2014-7210 It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. For Debian 7 "Wheezy", these problems have been fixed in version 3.1-4.1+deb7u...

[SECURITY] [DLA 493-1] openafs security update

Package : openafs Version : 1.6.1-3+deb7u6 CVE ID : CVE-2015-8312 CVE-2016-2860 CVE-2016-4536 CVE-2015-8312: Off-by-one error in afspioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service memory overwrite and system crash via a pioctl with an input buffer size of 40...

[SECURITY] [DLA 491-1] postgresql-9.1 bugfix update

Package : postgresql-9.1 Version : 9.1.22-0+deb7u1 The PostgreSQL project released a new version of the PostgreSQL 9.1 branch: Clear the OpenSSL error queue before OpenSSL calls, rather than assuming its clear already; and make sure we leave it clear afterwards Peter Geoghegan, Dave Vitek, Peter...