[SECURITY] [DLA 960-1] imagemagick security update
Package: imagemagick Version: 6.7.7.10-5+deb7u14 CVE ID : CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9841 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Debian Bug : 767240 767240 768494 773834 860734 860736 862572 862574 862573 862575 862577 862578 862579 862587 862589 862590 862632 862633 862634 862635 862636 862653 862637 862967 863124 863125 863123 863126 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR, SGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN, EPT, ICON, DDS, or ART files are processed. For Debian 7 "Wheezy", these problems have been fixed in version 6.7.7.10-5+deb7u14. We recommend that you upgrade your imagemagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: Digital signature
[SECURITY] [DLA 959-1] libical security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libical Version: 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : #860451, #852034 It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file. For Debian 7 "Wheezy", this issue has been fixed in libical version 0.48-2+deb7u1. We recommend that you upgrade your libical packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkrEBcACgkQHpU+J9Qx HliKJRAAhQcuNbRyrCm87kvaccY2Yfh6/ABnPLkfI2zcowpOZ+i8fLpEsosdqDVd dK8x6HOT6kXKnfmcXFV/3XC3btiOVRJC9QpH6S+XrPxhTq4g4BAsG8/pLe64yCo+ DtN7qEErZeVudYN5WBddT1qMKAnyad0x+ql1HD3vOI4Yw1+SW5ffL+uoYsfUP2mV psESqThICO97ZtyzExYVJ3T4NgAzd9IB8PRe9BETA8SiOhtgkb4flJDu6Yl6+p0m U0uqXNG1CalR19Yn7Wvpopfu/DWHXURPHUbvykkd3kJ148c/qW0yjl/t0c28kf+V UZbgiM8BePbzDiiVvAiZbGzPU3pDnynrLvmlBPyQAuLsHBXpI51AnNehCafl7cXd 8YUxfDVC8r+nyXhZrJZ24mkjDwCb/Pk4051X8uX+qIAJdYlwa6LwdtNKWDZctTes +nysfye3/cBxMgu9Qi8eASsAJIzjoZeKd6CAA+VFC/KMsQ0DuD2zjNvnR5f1fA5d OsrZ6ZgNfc5XrL3XWYWsVeOefijAKSkEOZNgINbdRq1iOzevAReLmSUEccn+Kqx9 IUX/IbMwZbDBKUXU6I/GGQ1xlYmKm3zrVbh/gdjjJUVmEZiDZlfZ0/rtvyHNUhgo r34Ft4OJ5b8hqXNvrWN9Iz1q7b9OLsO5OelpyVryeDw2xM1TxtI= =tx1k -END PGP SIGNATURE-
[SECURITY] [DLA 957-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: bind9 Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u16 CVE ID : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break-dnssec yes;" option, allowing a remote attacker to cause a denial-of-service. CVE-2017-3137 It was discovered that BIND makes incorrect assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records, leading to situations where BIND exits with an assertion failure. An attacker can take advantage of this condition to cause a denial-of-service. CVE-2017-3138 Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a REQUIRE assertion failure if it receives a null command string on its control channel. Note that the fix applied in Debian is only applied as a hardening measure. Details about the issue can be found at https://kb.isc.org/article/AA-01471 . For Debian 7 "Wheezy", these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u16. We recommend that you upgrade your bind9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZKs7BXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH0DUQAKHHpsaMFRZe+IOATOM4bZ1u qNHFbiN0b5jT2IxRA7A66ENPJrPC+NvvhObIlKs01OLLy0wkvyNxOlBZG4Y/m45U VIxNHiYeqUr/+WvJB88YzbzjVW9of91zlHbluWpw1onnXnM4KEWBaEZv2hYtoXt6 RFc742uR58liE0xSxrG4ksVcqmDSW7l8SvoW6oS07LNdWduLuHHYNYPM86rluLPk fh4Xm7FEVMbBSMkFrg6jNFlWk+Gh7Inm4Ey25kLxc/5Y97sNMcy+QJnnhi65zYD2 Ghu9PM4MehfSUYJN1w0dPDE0XM9R7G4iko6FKwLk9dWzXt8KLh32RomeQjvlNr5x GiY/UDbUeer9PCK35OXbm0KBQ+nZI3v9wHYcTclAfT48BjBQoq5lHzl69xl1SGNC UpJczgr4ZGyYY9DCbgImwXf04VarXBdgcLXimqdnRvoQcrleUohiIRIWI78S0aEW NkBzpMc7RciGLoF3rrDCHHIgkDkE4lmRyAm5xckaqAhuiuNNuaGO1YpaFRXNOjYc BwgKu4F/lIX/hrC4Pa3Xr9Oj+NQ8cOZqTwzCzVIjkguxx1igubLT2LdvHQp/PnKE VIbzo4Hx1rca9PHtIln7J0XcdCHJ/hG3d+bDCr1YTeGY7tdicy821UgqBFFAltJA 6194hC09ConqJ6m1p4Ww =lJWn -END PGP SIGNATURE-
