Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

[DSA 3286-1] xen security update
[DSA 3287-1] openssl security update
[DSA 3288-1] libav security update



[DSA 3286-1] xen security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3286-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105
CVE-2015-4106 CVE-2015-4163 CVE-2015-4164

Multiple security issues have been found in the Xen virtualisation
solution:

CVE-2015-3209

Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
emulation handles multi-TMD packets with a length above 4096 bytes.
A privileged guest user in a guest with an AMD PCNet ethernet card
enabled can potentially use this flaw to execute arbitrary code on
the host with the privileges of the hosting QEMU process.

CVE-2015-4103

Jan Beulich discovered that the QEMU Xen code does not properly
restrict write access to the host MSI message data field, allowing
a malicious guest to cause a denial of service.

CVE-2015-4104

Jan Beulich discovered that the QEMU Xen code does not properly
restrict access to PCI MSI mask bits, allowing a malicious guest to
cause a denial of service.

CVE-2015-4105

Jan Beulich reported that the QEMU Xen code enables logging for PCI
MSI-X pass-through error messages, allowing a malicious guest to
cause a denial of service.

CVE-2015-4106

Jan Beulich discovered that the QEMU Xen code does not properly restrict
write access to the PCI config space for certain PCI pass-through devices,
allowing a malicious guest to cause a denial of service, obtain sensitive
information or potentially execute arbitrary code.

CVE-2015-4163

Jan Beulich discovered that a missing version check in the
GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.
This only applies to Debian stable/jessie.

CVE-2015-4164

Andrew Cooper discovered a vulnerability in the iret hypercall handler,
which may result in denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u8.

For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,
CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable
jessie, it uses the standard qemu package and has already been fixed in
DSA-3284-1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3287-1] openssl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3287-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
June 13, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790
CVE-2015-1791 CVE-2015-1792 CVE-2015-4000

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets
Layer toolkit.

CVE-2014-8176

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered
that an invalid memory free could be triggered when buffering DTLS
data. This could allow remote attackers to cause a denial of service
(crash) or potentially execute arbitrary code. This issue only
affected the oldstable distribution (wheezy).

CVE-2015-1788

Joseph Barr-Pixton discovered that an infinite loop could be triggered
due to incorrect handling of malformed ECParameters structures. This
could allow remote attackers to cause a denial of service.

CVE-2015-1789

Robert Swiecki and Hanno Böck discovered that the X509_cmp_time
function could read a few bytes out of bounds. This could allow remote
attackers to cause a denial of service (crash) via crafted
certificates and CRLs.

CVE-2015-1790

Michal Zalewski discovered that the PKCS#7 parsing code did not
properly handle missing content which could lead to a NULL pointer
dereference. This could allow remote attackers to cause a denial of
service (crash) via crafted ASN.1-encoded PKCS#7 blobs.

CVE-2015-1791

Emilia Käsper discovered that a race condition could occur due to
incorrect handling of NewSessionTicket in a multi-threaded client,
leading to a double free. This could allow remote attackers to cause
a denial of service (crash).

CVE-2015-1792

Johannes Bauer discovered that the CMS code could enter an infinite
loop when verifying a signedData message, if presented with an
unknown hash function OID. This could allow remote attackers to cause
a denial of service.

Additionally OpenSSL will now reject handshakes using DH parameters
shorter than 768 bits as a countermeasure against the Logjam attack
(CVE-2015-4000).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.1e-2+deb7u17.

For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 1.0.2b-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.2b-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3288-1] libav security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3288-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2015-3395 CVE-2015-3417

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4

For the stable distribution (jessie), these problems have been fixed in
version 6:11.4-1~deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 6:11.4-1.

For the unstable distribution (sid), these problems have been fixed in
version 6:11.4-1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/