Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to...

Updated kernel-tmb packages provides 4.1 longterm kernel and fixes security issues

This kernel-tmb update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.15 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey functio...

Updated mono packages fix security vulnerability

It was found that float-parsing code used in Mono before 4.2 is derived from code vulnerable to CVE-2009-0689. The issue concerns the 'freelist' array, which is a global array of 16 pointers to 'Bigint'. This array is part of a memory allocation and reuse system which attempts to reduce the numbe...

Updated apache-commons-collections packages fix security vulnerability

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.8, which fixes a path traversal issue and other bugs. See the upstream release announcement for more details...

Updated libtiff package fixes security vulnerabilities

In libtiff, in tifnext.c, a potential out-of-bound write in NeXTDecode triggered by the test case for CVE-2015-1547 maptools bugzilla 2508. In libtiff, in tifgetimage.c, out-of-bound reads in the TIFFRGBAImage interface in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV /...

Updated ruby packages fix security vulnerability

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi CVE-2015-7551...

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

Updated mariadb packages fix security vulnerability

The mariadb package has been updated to version 10.0.23. An issue with client-side SSL certificate verification has been fixed, as have several other bugs. See the upstream release notes for more details...

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

Updated python-rsa packages fix security vulnerability

A signature forgery vulnerability in python-rsa allows an attacker to fake signatures for arbitrary messages for any key with a low exponent "e", such as the common value of 3 CVE-2016-1494...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The rdsconncreate function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...

Updated pitivi packages fix security vulnerability

In pitivi before 0.95, double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi CVE-2015-0855...

Updated phpmyadmin packages fix security vulnerability

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed CVE-2015-8669...

Updated rtmpdump packages fix security vulnerabilities

The rtmpdump package has been updated to the latest upstream code as of January 1, 2016, fixing several security issues...

Updated armagetron package fixes security vulnerabilities

A practically exploitable bug was fixed in the network error handling. In client mode, any received packet that causes an exception during processing would terminate the connection to the server. Another theoretically exploitable bug was fixed that allowed very short UDP packets to cause a memory...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Updated bouncycastle packages fix security vulnerability

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...

Updated blueman packages fix security vulnerability

Privilege escalation vulnerability in blueman before 2.0.3 in the dbus API CVE-2015-8612...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.559 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-8644. This...

Updated perl-HTML-Scrubber packages fix CVE-2015-5667

Updated perl-HTML-Scrubber package fixes security vulnerability: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

Updated libpng12 packages fix security vulnerability

There is a underflow read in pngcheckkeyword in pngwutil.c in libpng 1.2.x before 1.2.56 CVE-2015-8540...

Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...

Updated keepassx packages fix CVE-2015-8378

Updated keepassx package fixes security vulnerability: Cancelling an export operation creates clear text copy of all of the user's KeePassX password database entries. CVE-2015-8378...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

Updated php-phpmailer packages fix CVE-2015-8476

Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

Updated dpkg packages fix CVE-2015-0860

Updated dpkg packages fix security vulnerability: Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary...

Updated bind packages fix security vulnerability

An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...

Updated grub2 packages fix security vulnerability

A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system CVE-2015-8370...

Updated chromium-browser-stable packages fix CVE-2015-6792

Updated chromium-browser-stable packages fix security vulnerabilities: Fixes from internal audits and fuzzing CVE-2015-6792...

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...

Updated redis packages fix CVE-2015-8080

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service application crash CVE-2015-8080...

Updated potrace packages fix security vulnerabilities

Potrace before 1.13 has some critical bugs in the processing of BMP files. These bugs allowed the program to be crashed, or potentially to be abused in other ways, by feeding it specially crafted BMP files, due to heap overflow, null pointer dereference, and divide by zero issues...

Updated libpng packages fix security vulnerabilities

Updated libpng and libpng12 packages fix security vulnerability: The fix for CVE-2015-8126 was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using pngsetPLTE directly CVE-2015-8472...

Updated quassel packages fix security vulnerability

The Quassel core could be crashed by a client using the op command, causing a denial of service CVE-2015-8547...

Updated cups-filters packages fix CVE-2015-8560

Updated cups-filters package fixes security vulnerability: Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8560...

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was found that smaldecodesegment function do not handle index carefully, which may cause index overflow CVE-2015-8366. It was found that phaseonecorrect function does not handle memory object's initialization correctly, which may have...

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions CVE-2015-6788. Use-after-free in Blink CVE-2015-6789. Escaping issue in saved pages CVE-2015-6790. Various fixes from internal audits, fuzzing and other initiatives CVE-2015-6791...

Updated imagemagick packages fix security vulnerabilities

Updated imagemagick packages fix security vulnerabilities: This update fixes denial of service issues in miff, vicar, hdr, and pdb image handling, a buffer overflow issue in icon handling, and double-free issues in pict and tga image handling...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 47.0.2526.73 fixes several security issues: Use-after-free bugs in AppCache CVE-2015-6765, CVE-2015-6766, CVE-2015-6767. Cross-origin bypass problems in DOM CVE-2015-6768, CVE-2015-6770, CVE-2015-6772. A cross-origin bypass problem in core CVE-2015-6769. Out of bounds access bugs...

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.554 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves heap buffer overflow vulnerabilities that could lead to code execution CVE-2015-8438,...

Updated openssl packages fix security vulnerability

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack CVE-2015-1794. Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NU...

Updated moodle packages fix security vulnerability

In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack CVE-2015-5332. In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is...

Updated cups-filters packages fix security vulnerability

Michal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8327...

Updated python-django packages fix security vulnerability

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...

Updated lightdm packages fix security vulnerability

Updated lightdm corrects a possible denial of service attack CVE-2015-8316...