Debian 10260 Published by

The following updates for Debian has been released:

[DSA 3172-1] cups security update
[DSA 3173-1] libgtk2-perl security update
[DSA 3174-1] iceweasel security update
[DSA 3175-1] kfreebsd-9 security update



[DSA 3172-1] cups security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3172-1 security@debian.org
http://www.debian.org/security/ Sebastien Delafond
February 25, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cups
CVE ID : CVE-2014-9679
Debian Bug : 778387

Peter De Wachter discovered that CUPS, the Common UNIX Printing
System, did not correctly parse compressed raster files. By submitting
a specially crafted raster file, a remote attacker could use this
vulnerability to trigger a buffer overflow.

For the stable distribution (wheezy), this problem has been fixed in
version 1.5.3-5+deb7u5.

For the upcoming stable distribution (jessie) and unstable
distribution (sid), this problem has been fixed in version 1.7.5-11.

We recommend that you upgrade your cups packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3173-1] libgtk2-perl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3173-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libgtk2-perl

It was discovered that libgtk2-perl, a Perl interface to the 2.x series
of the Gimp Toolkit library, incorrectly frees memory which GTK+ still
holds onto and might access later, leading to denial of service
(application crash) or, potentially, to arbitrary code execution.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.244-1+deb7u1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2:1.2492-4.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.2492-4.

We recommend that you upgrade your libgtk2-perl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3174-1] iceweasel security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3174-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836

Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors and
implementation errors may lead to the execution of arbitrary code or
information disclosure.

For the stable distribution (wheezy), these problems have been fixed in
version 31.5.0esr-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 31.5.0esr-1.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3175-1] kfreebsd-9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3175-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : kfreebsd-9
CVE ID : CVE-2015-1414

Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow
in IGMP processing may result in denial of service through malformed
IGMP packets.

For the stable distribution (wheezy), this problem has been fixed in
version 9.0-10+deb70.9.

We recommend that you upgrade your kfreebsd-9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/