The following updates has been released for Debian GNU/Linux:
[DLA 998-1] c-ares security update
[DLA 999-1] openvpn security update
[DSA 3896-1] apache2 security update
[DLA 998-1] c-ares security update
[DLA 999-1] openvpn security update
[DSA 3896-1] apache2 security update
[DLA 998-1] c-ares security update
Package : c-ares
Version : 1.9.1-3+deb7u2
CVE ID : CVE-2017-1000381
CVE-2017-1000381
The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response
packet was crafted in a particular way.
For Debian 7 "Wheezy", these problems have been fixed in version
1.9.1-3+deb7u2.
We recommend that you upgrade your c-ares packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 999-1] openvpn security update
Package : openvpn
Version : 2.2.1-8+deb7u5
CVE ID : CVE-2017-7520
Debian Bug : #865480
It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.
If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.
For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.
We recommend that you upgrade your openvpn packages.
[DSA 3896-1] apache2 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3896-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apache2
CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668
CVE-2017-7679
Several vulnerabilities have been found in the Apache HTTPD server.
CVE-2017-3167
Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
third-party modules outside of the authentication phase may lead to
authentication requirements being bypassed.
CVE-2017-3169
Vasileios Panopoulos of AdNovum Informatik AG discovered that
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port
leading to a denial of service.
CVE-2017-7659
Robert Swiecki reported that a specially crafted HTTP/2 request
could cause mod_http2 to dereference a NULL pointer and crash the
server process.
CVE-2017-7668
Javier Jimenez reported that the HTTP strict parsing contains a
flaw leading to a buffer overread in ap_find_token(). A remote
attacker can take advantage of this flaw by carefully crafting a
sequence of request headers to cause a segmentation fault, or to
force ap_find_token() to return an incorrect value.
CVE-2017-7679
ChenQin and Hanno Boeck reported that mod_mime can read one byte
past the end of a buffer when sending a malicious Content-Type
response header.
For the oldstable distribution (jessie), these problems have been fixed
in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not
affected by CVE-2017-7659.
For the stable distribution (stretch), these problems have been fixed in
version 2.4.25-3+deb9u1.
For the unstable distribution (sid), these problems have been fixed in
version 2.4.25-4.
We recommend that you upgrade your apache2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/