The following updates has been released for Debian:
[DLA 364-1] gnutls26 security update
[DLA 365-1] foomatic-filters security update
[DSA 3414-1] xen security update
[DSA 3415-1] chromium-browser security update
[DLA 364-1] gnutls26 security update
[DLA 365-1] foomatic-filters security update
[DSA 3414-1] xen security update
[DSA 3415-1] chromium-browser security update
[DLA 364-1] gnutls26 security update
Package : gnutls26
Version : 2.8.6-1+squeeze6
CVE ID : CVE-2015-8313
[DLA 365-1] foomatic-filters security update
Package : foomatic-filters
Version : 4.0.5-6+squeeze2+deb6u11
CVE ID : CVE-2015-8327
Debian Bug : 806886
It was discovered that there was an injection vulnerability in
foomatic-filters which is used by printer spoolers to convert
incoming PostScript data into the printer's native format.
For Debian 6 Squeeze, this issue has been fixed in foomatic-filters
version 4.0.5-6+squeeze2+deb6u11
[DSA 3414-1] xen security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3414-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xen
CVE ID : CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654
CVE-2015-7311 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814
CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972
CVE-2015-8104
Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information
disclosure.
For the oldstable distribution (wheezy), an update will be provided
later.
For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[DSA 3415-1] chromium-browser security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3415-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
December 09, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770
CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774
CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782
CVE-2015-6784 CVE-2015-6785 CVE-2015-6786
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2015-1302
Rub Wu discovered an information leak in the pdfium library.
CVE-2015-6764
Guang Gong discovered an out-of-bounds read issue in the v8
javascript library.
CVE-2015-6765
A use-after-free issue was discovered in AppCache.
CVE-2015-6766
A use-after-free issue was discovered in AppCache.
CVE-2015-6767
A use-after-free issue was discovered in AppCache.
CVE-2015-6768
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.
CVE-2015-6769
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.
CVE-2015-6770
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.
CVE-2015-6771
An out-of-bounds read issue was discovered in the v8
javascript library.
CVE-2015-6772
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.
CVE-2015-6773
cloudfuzzer discovered an out-of-bounds read issue in the
skia library.
CVE-2015-6774
A use-after-free issue was found in extensions binding.
CVE-2015-6775
Atte Kettunen discovered a type confusion issue in the pdfium
library.
CVE-2015-6776
Hanno Böck dicovered and out-of-bounds access issue in the
openjpeg library, which is used by pdfium.
CVE-2015-6777
Long Liu found a use-after-free issue.
CVE-2015-6778
Karl Skomski found an out-of-bounds read issue in the pdfium
library.
CVE-2015-6779
Til Jasper Ullrich discovered that the pdfium library does
not sanitize "chrome:" URLs.
CVE-2015-6780
Khalil Zhani discovered a use-after-free issue.
CVE-2015-6781
miaubiz discovered an integer overflow issue in the sfntly
library.
CVE-2015-6782
Luan Herrera discovered a URL spoofing issue.
CVE-2015-6784
Inti De Ceukelaire discovered a way to inject HTML into
serialized web pages.
CVE-2015-6785
Michael Ficarra discovered a way to bypass the Content
Security Policy.
CVE-2015-6786
Michael Ficarra discovered another way to bypass the Content
Security Policy.
For the stable distribution (jessie), these problems have been fixed in
version 47.0.2526.73-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 47.0.2526.73-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/