[SECURITY] [DLA 1025-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: bind9 Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 CVE ID : CVE-2017-3142 CVE-2017-3143 CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: - providing an AXFR of a zone to an unauthorized recipient - accepting bogus NOTIFY packets CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. For Debian 7 "Wheezy", these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u17. We recommend that you upgrade your bind9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQJ7BAEBCgBmBQJZZ9arXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHzqkP+MFU8QL8MwMUK3zTpZhfWoRg faP+dRJkB9rL3SSaDF8FsM2rqHUXg+OrfpWZ+e8fz92ouYIyvEQzOGHPXah6/Ncn zA11q8xTaxBblKhYqs8BWDVmf9p17qAifr8bAFdjBUz3MjYvdoYepQ9Bo2etO7Tl x5MNKssEBRzj3w0QVnXnWv2NHw4Ve0uVz33FeSZnXskRIKigsIbofLrpObh+OmCe +HyuXGLq8t6heUKdfbBQ5YAj7aIJ72VAcxXpyN1ZCZQiu2BJYxOkqKBuhzd+pQ4z Uo9EYuuSCQrV7/KJxBXIoWGeWtBHQFEgMLlG0+z8XXNY85CB1r05FBImr45VVsjb ErGO0YxbBwHlhBpf69/k5or6Xl4OryS4uvS3P9IfYO77q2MqkqsZXw1HetkfuwhL Hq/vM/kk3Pv2bmX5J9xncFRSiib8Z6EQ6a4hWVcJ7Zmwu/85AMibNKY7YIK9p13A sJIRpZrnGct20v1P8bmORi0WD7H+6Hc2V15TlGGeS4xufiEEujpe1jCwwcnI+whl EBYZvjPLX56jSVaazv31PgCNUGVQbkaabyVtintA/2zioMD9lRpO5ILk+ZdI6sYR azBXI198cd1clSGzcGkKsXPUWODfC6rl5datG7ixGTBgx3FB2Is5ckmpoYvRf843 LBNJbmD/on+Sz/Bllbw= =5QMW -END PGP SIGNATURE-
[SECURITY] [DLA 1024-1] nginx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: nginx Version: 1.2.1-2.2+wheezy4+deb7u1 CVE ID : CVE-2017-7529 Debian Bug : #868109 It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges, potentially resulting in a sensitive information leak. For Debian 7 "Wheezy", this issue has been fixed in nginx version 1.2.1-2.2+wheezy4+deb7u1. We recommend that you upgrade your nginx packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllnK9YACgkQHpU+J9Qx HliX5A//dPavm2srbLpx/CUhR2fJoy3fOK7+tbVc/5o/fNMCZD2mrHnvBKvxjoDP 6MDpgHdaqwRYh5hX2z5S2JPCLC+7DMT66AN790KOPPiM04Xm2Ob7h27x5wAf+lsM J31fuEiJmb+ovgyERwVnk5SpWxrfu5YVXaEfyUCbVDQ03LS6Fx/Qnhb9OlVlpRx0 ZD0HISjcHi7oJ8lXEhTEfEs6et3B+lO3MaZKeXdx74N3gqjo1U9sFcfVlxdw0AZ+ l+ofOxwSlLftJ7NyhhpDQmsONaCrwZE9srRtFX8EFuHF3RbKp8iBxOX6Wf2id/W0 KwKuMe6XbqwuFBm7jpbotAnGPIGa5JPoSQuaclMao5e69KvepFr1Z0QtG65tQidh sTNhuhgA4qZMRxUsobg1szxzc464mzHKpxcVwMTqXxbDCvFBAsBMtO5Djumtkg0G XDpAI0VQeyjju1aVESNL9kXAmtSGnUiCioo8Y+iJNGXinsljOh5WsK7HMshweCQD O39EJqS/OTRkHqZRJJeedEdv5OrrZxYHBm/gcmAW5ee68nVuD6mLrwQhdBAXW4tf hPn91J1++FLrS2wblBPIFyUptk+/hgorFPuBw4rLU0JadA6RWvwAwuvRJUTBD2xZ w8bPH1RE/7LT/X3ZXcH5O8Hbmu2u81mZ7RIL/URzjG2Snl+uFcI= =A9Fe -END PGP SIGNATURE-