[SECURITY] [DLA 810-1] libarchive security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libarchive Version: 3.0.4-3+wheezy5+deb7u1 CVE ID : CVE-2017-5601 Debian Bug : #853278 It was discovered that there was a heap buffer overflow in libarchive, a multi-format archive and compression library. For Debian 7 "Wheezy", this issue has been fixed in libarchive version 3.0.4-3+wheezy5+deb7u1. We recommend that you upgrade your libarchive packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliQQIYACgkQHpU+J9Qx HlhWBBAArVcNIQgBYFQR6A6+zk37Z6q4pslH2JiaRW4Ol2ySH6H7LS6UiU4Rpvgo QH8/fXujvt1/242Fx2W8cjv4L8HnE4GVszLML6bMiyWhLVZ9TLRMmlTyvBk6xdy8 fpJTeC3rCEzTvID5KsIciJhDIssGnlgyGBTyxqFE03hmtO5aWn9cPxs0aFY8dTXa aH+CWaG3M4efMxKFNJWiSY8R8jayUHoUaBCNeKeP7fR8Q9qROQX+tFaV14el24C0 W2MQgBH3E8sCXYMbLvnCDFWq0bAKkF/1KUGXnfYBTbft6G9s/BD7s1hQ3a1ZhGDY RRwNgj9Ss+zR1znBfNvm3l9331Vgwdnt4ihNvbiAzgqDY1SrdkzGvqts5w1T2cDQ R0uy3VozWbUEjjTEVSwDhEtSNpZF52Nv2EHNbSg8b3r/Lgcsl2oUHUZ0IKJgjeP0 CveFujs5kN+W/DfBpwXTKvLV6UrjwsQ87p02OOCep9Hiw+CheGeugR+JZNpB1uCV Z9R+6nhxBOE25ZP66Yt5axjjgsZmD+k+z527KJD6+Z8UEQM4wOQ1B5VRcNdSlfbD R6j/cPKJH9IgDScdk9MGx8jDNAdf/RfM+g4At+aGgCTl0oweFtP89uW8ebOmB0+y Cf+29NWULOuMeye9y2zXj7u+D6O7242mp5P48eDKEVzJqCCKJo8= =9PcV -END PGP SIGNATURE-
[SECURITY] [DLA 809-1] tcpdump security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: tcpdump Version: 4.9.0-1~deb7u1 CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Multiple vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or the execution of arbitrary code. CVE-2016-7922 Buffer overflow in parser. CVE-2016-7923 Buffer overflow in parser. CVE-2016-7924 Buffer overflow in parser. CVE-2016-7925 Buffer overflow in parser. CVE-2016-7926 Buffer overflow in parser. CVE-2016-7927 Buffer overflow in parser. CVE-2016-7928 Buffer overflow in parser. CVE-2016-7929 Buffer overflow in parser. CVE-2016-7930 Buffer overflow in parser. CVE-2016-7931 Buffer overflow in parser. CVE-2016-7932 Buffer overflow in parser. CVE-2016-7933 Buffer overflow in parser. CVE-2016-7934 Buffer overflow in parser. CVE-2016-7935 Buffer overflow in parser. CVE-2016-7936 Buffer overflow in parser. CVE-2016-7937 Buffer overflow in parser. CVE-2016-7938 Buffer overflow in parser. CVE-2016-7939 Buffer overflow in parser. CVE-2016-7940 Buffer overflow in parser. CVE-2016-7973 Buffer overflow in parser. CVE-2016-7974 Buffer overflow in parser. CVE-2016-7975 Buffer overflow in parser. CVE-2016-7983 Buffer overflow in parser. CVE-2016-7984 Buffer overflow in parser. CVE-2016-7985 Buffer overflow in parser. CVE-2016-7986 Buffer overflow in parser. CVE-2016-7992 Buffer overflow in parser. CVE-2016-7993 Buffer overflow in parser. CVE-2016-8574 Buffer overflow in parser. CVE-2016-8575 Buffer overflow in parser. CVE-2017-5202 Buffer overflow in parser. CVE-2017-5203 Buffer overflow in parser. CVE-2017-5204 Buffer overflow in parser. CVE-2017-5205 Buffer overflow in parser. CVE-2017-5341 Buffer overflow in parser. CVE-2017-5342 Buffer overflow in parser. CVE-2017-5482 Buffer overflow in parser. CVE-2017-5483 Buffer overflow in parser. CVE-2017-5484 Buffer overflow in parser. CVE-2017-5485 Buffer overflow in parser. CVE-2017-5486 Buffer overflow in parser. For Debian 7 "Wheezy", these problems have been fixed in version 4.9.0-1~deb7u1. We recommend that you upgrade your tcpdump packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- -- Ola Lundqvist / o...@debian.org GPG fingerprint \ | o...@inguza.com22F2 32C6 B1E0 F4BF 2B26 | | http://inguza.com/0A6A 5E90 DCFA 9426 876F / - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJYj7kVAAoJEF6Q3PqUJodv760P/iglBWp9kHkBlTtX3CqZDulq MbOU9fZxjqXeDgo3WIyRd1OCRMoWjIr0NqkYfa/XTqIQTIBSqY4U0yeKe2B90Xeg ZJzVxd8hiY0VZ1e4InlaXObGZWvRUX7kGZ3/zRDTr0CTSvNPG4Mv64+Y/Wrj4Ts9 NnyQmWyiG66571EOYeh+nTL7UVXo3U4HWp9/UJL0b0MmxwbON370qETBcNQvoKmx V1SVWAFsVgtIXHLToSMGGlA0IDhBrvaONOUpwUzzihOTpjJm1Zci7LKRJZc/Sb85 07819v4qTNaONA5q58SBu/rEaI+kufKYBKAhcDfb1iIJ5PUCD8hNafIQSFsTALWX 71gXAGPPA95932PSLfMknudifuOfemsVXqv41M9807Gf0dz4JbLkWUfg8UZIc+EB p+vOWwUqUpXPAD0PmeSxKZkIh+cqKTbODWqYnR0pLIHL1/wzZKsQAmQQgD1RHTMA iloV+4WMBD/bvqR6HSDu+VGSfeIwNZXLxoiTTWL6XoEvv8SpUeNfPxuv6rfAoFeE MgMvOQxu+ae7GVvdVFH5uPNQpCp1YQd3tEnMIpAU0a6NYNDCI9E1rAQOYgpHlTjD lipSE2iF/iMn3AFUpekxw5IL8Qeps1rUe7vsDvOxDtlrTmDtrgu1BBoP1YmbIJ3N Z3+wp0QwMaYEJukmbwHI =/Lay -END PGP SIGNATURE-
[SECURITY] [DLA 610-2] tiff3 regression update
Package: tiff3 Version: 3.9.6-11+deb7u3 Debian Bug : 852610 Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. For Debian 7 "Wheezy", these problems have been fixed in version 3.9.6-11+deb7u3. We recommend that you upgrade your tiff3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ signature.asc Description: PGP signature
[SECURITY] [DLA 807-1] imagemagick security update
Package: imagemagick Version: 8:6.7.7.10-5+deb7u11 CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Debian Bug : #851485, #851483, #851380, #851383, #851382, #851381, #851376, #851374 Numerous vulnerabilities were discovered in ImageMagick, an image manipulation program. Issues include memory leaks, out of bound reads and missing checks. This update also includes an update of the fix for CVE-2016-8677 which was incomplete in the previous version. For Debian 7 "Wheezy", these problems have been fixed in version 8:6.7.7.10-5+deb7u11. We recommend that you upgrade your imagemagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature