Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 and 9:
DSA 4011-1: quagga security update

Debian GNU/Linux 8:
DSA 4012-1: libav security update



DSA 4011-1: quagga security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4011-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 30, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : quagga
CVE ID : CVE-2017-16227
Debian Bug : 879474

It was discovered that the bgpd daemon in the Quagga routing suite does
not properly calculate the length of multi-segment AS_PATH UPDATE
messages, causing bgpd to drop a session and potentially resulting in
loss of network connectivity.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.99.23.1-1+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 1.1.1-3+deb9u1.

We recommend that you upgrade your quagga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4012-1: libav security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4012-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 31, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.11

For the oldstable distribution (jessie), these problems have been fixed
in version 6:11.11-1~deb8u1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/