The following updates has been released for Debian:
[DLA 631-1] unadf security update
[DSA 3671-1] mutt security update
[DLA 631-1] unadf security update
[DSA 3671-1] mutt security update
[DLA 631-1] unadf security update
Package : unadf
Version : 0.7.11a-3+deb7u1
CVE IDs : CVE-2016-1243 CVE-2016-1244
Debian Bug : #838248
It was discovered that there were two vulnerabilities in unadf, a tool to
extract files from an Amiga Disk File dump (.adf):
- - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files.
Stack allocated buffer sysbuf was filled with sprintf() without any
bounds checking in extracTree() function.
- - CVE-2016-1244: execution of unsanitized input
Shell command used for creating directory paths was constructed by
concatenating names of archived files to the end of the command
string.
For Debian 7 "Wheezy", this issue has been fixed in unadf version
0.7.11a-3+deb7u1.
We recommend that you upgrade your unadf packages.
[DSA 3671-1] mutt security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3671-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wireshark
CVE ID : CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179
CVE-2016-7180
Multiple vulnerabilities were discovered in the dissectors for H.225,
Catapult DCT2000, UMTS FP and IPMI, which could result in denial of
service or the execution of arbitrary code.
For the stable distribution (jessie), these problems have been fixed in
version 1.12.1+g01b65bf-4+deb8u9.
For the testing distribution (stretch), these problems have been fixed
in version 2.2.0+g5368c50-1.
For the unstable distribution (sid), these problems have been fixed in
version 2.2.0+g5368c50-1.
We recommend that you upgrade your wireshark packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/