Debian 10260 Published by

The following Debian updates has been released:

[DLA 864-1] jhead security update
[DLA 865-1] suricata security update
[DSA 3814-1] audiofile security update



[DLA 864-1] jhead security update

Package : jhead
Version : 1:2.95-1+deb7u1
CVE ID : CVE-2016-3822
Debian Bug : #858213

It was discovered that there was a vulnerability in jhead, a tool to manipulate
the non-image part of EXIF-compliant JPEG files; remote attackers were able to
execute arbitrary code via crafted image data.

For Debian 7 "Wheezy", this issue has been fixed in jhead version
1:2.95-1+deb7u1.

We recommend that you upgrade your jhead packages.

[DLA 865-1] suricata security update

Package : suricata
Version : 1.2.1-2+deb7u1
CVE ID : CVE-2017-7177
Debian Bug : #856649

It was discovered that there was a vulnerability in suricata, an intrusion
detection tool; the IP protocol was not being used to match fragments with
their packets allowing a carefully constructed packet (with a different
protocol) to be matched, thus creating a packet that would not be
re-assembled by the destination host.

For Debian 7 "Wheezy", this issue has been fixed in suricata version
1.2.1-2+deb7u1.

We recommend that you upgrade your suricata packages.

[DSA 3814-1] audiofile security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3814-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : audiofile
CVE ID : CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830
CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834
CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838
CVE-2017-6839
Debian Bug : 857651

Several vulnerabilities have been discovered in the audiofile library,
which may result in denial of service or the execution of arbitrary code
if a malformed audio file is processed.

For the stable distribution (jessie), these problems have been fixed in
version 0.3.6-2+deb8u2.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 0.3.6-4.

For the unstable distribution (sid), these problems have been fixed in
version 0.3.6-4.

We recommend that you upgrade your audiofile packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/