Debian 10225 Published by

The following updates has been released for Debian 7 LTS:

[DLA 994-1] zziplib security update
[DLA 995-1] swftools security update
[DLA 996-1] tomcat7 security update



[DLA 994-1] zziplib security update

Package : zziplib
Version : 0.13.56-1.1+deb7u1
CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978
CVE-2017-5979 CVE-2017-5980 CVE-2017-5981

CVE-2017-5974
Heap-based buffer overflow in the __zzip_get32 function in fetch.c
in zziplib allows remote attackers to cause a denial of service
(crash) via a crafted ZIP file.

CVE-2017-5975
Heap-based buffer overflow in the __zzip_get64 function in fetch.c
in zziplib allows remote attackers to cause a denial of service
(crash) via a crafted ZIP file.

CVE-2017-5976
Heap-based buffer overflow in the zzip_mem_entry_extra_block
function in memdisk.c in zziplib allows remote attackers to cause
a denial of service (crash) via a crafted ZIP file.

CVE-2017-5978
The zzip_mem_entry_new function in memdisk.c in zziplib allows
remote attackers to cause a denial of service (out-of-bounds
read and crash) via a crafted ZIP file.

CVE-2017-5979
The prescan_entry function in fseeko.c in zziplib allows remote
attackers to cause a denial of service (NULL pointer dereference
and crash) via a crafted ZIP file.

CVE-2017-5980
The zzip_mem_entry_new function in memdisk.c in zziplib allows
remote attackers to cause a denial of service (NULL pointer
dereference and crash) via a crafted ZIP file.

CVE-2017-5981
seeko.c in zziplib allows remote attackers to cause a denial of
service (assertion failure and crash) via a crafted ZIP file.



For Debian 7 "Wheezy", these problems have been fixed in version
0.13.56-1.1+deb7u1.

We recommend that you upgrade your zziplib packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 995-1] swftools security update

Package : swftools
Version : 0.9.2+ds1-3+deb7u1
CVE ID : CVE-2017-8400 CVE-2017-8401

CVE-2017-8400
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in
the function png_load() in lib/png.c:755. This issue can be triggered
by a malformed PNG file that is mishandled by png2swf.
Attackers could exploit this issue for DoS; it might cause arbitrary
code execution.

CVE-2017-8401
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in
the function png_load() in lib/png.c:724. This issue can be triggered
by a malformed PNG file that is mishandled by png2swf.
Attackers could exploit this issue for DoS.


For Debian 7 "Wheezy", these problems have been fixed in version
0.9.2+ds1-3+deb7u1.

We recommend that you upgrade your swftools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 996-1] tomcat7 security update

Package : tomcat7
Version : 7.0.28-4+deb7u14
CVE ID : CVE-2017-5664
Debian Bug : 864447

The error page mechanism of the Java Servlet Specification requires
that, when an error occurs and an error page is configured for the
error that occurred, the original request and response are forwarded
to the error page. This means that the request is presented to the
error page with the original HTTP method. If the error page is a
static file, expected behaviour is to serve content of the file as if
processing a GET request, regardless of the actual HTTP method. The
Default Servlet in Apache Tomcat did not do this. Depending on the
original request this could lead to unexpected and undesirable results
for static error pages including, if the DefaultServlet is configured
to permit writes, the replacement or removal of the custom error page.

For Debian 7 "Wheezy", these problems have been fixed in version
7.0.28-4+deb7u14.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS