Debian 10260 Published by

The following updates has been released for Debian 7 LTS:

[DLA 721-1] libgc security update
[DLA 722-1] irssi security update
[DLA 723-1] libsoap-lite-perl security update



[DLA 721-1] libgc security update

Package : libgc
Version : 1:7.1-9.1+deb7u1
CVE ID : CVE-2016-9427
Debian Bug : 844771

libgc is vulnerable to integer overflows in multiple places. In some cases,
when asked to allocate a huge quantity of memory, instead of failing the
request, it will return a pointer to a small amount of memory possibly
tricking the application into a buffer overwrite.

For Debian 7 "Wheezy", these problems have been fixed in version
1:7.1-9.1+deb7u1.

We recommend that you upgrade your libgc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 722-1] irssi security update

Package : irssi
Version : 0.8.15-5+deb7u1
CVE ID : CVE-2016-7553
Debian Bug : 838762

An information disclosure vulnerability was found in irssi.

CVE-2016-7553
Other users on the same machine as the user running irssi with
buf.pl loaded may be able to retrieve the whole window contents
after /UPGRADE.
Furthermore, this dump of the windows contents is never removed
afterwards.

For Debian 7 "Wheezy", this problems have been fixed in version
0.8.15-5+deb7u1.

We recommend that you upgrade your irssi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 723-1] libsoap-lite-perl security update

Package : libsoap-lite-perl
Version : 0.714-1+deb7u1
CVE ID : CVE-2015-8978

It was discovered that there was a "Billion Laughs" [0] XML expansion
vulnerability in libsoap-lite-perl, a Perl implementation of a SOAP [1] client
and server.

For Debian 7 "Wheezy", this issue has been fixed in libsoap-lite-perl version
0.714-1+deb7u1.

We recommend that you upgrade your libsoap-lite-perl packages.

[0] https://en.wikipedia.org/wiki/Billion_laughs
[1] https://en.wikipedia.org/wiki/SOAP