Debian 10225 Published by

The following updates are available for Debian GNU/Linux:

[DLA 497-1] wireshark security update
[DLA 498-1] ruby-activemodel-3.2 security update
[DLA 499-1] php5 security update
[DSA 3590-1] chromium-browser security update



[DLA 497-1] wireshark security update

Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u6~deb7u1
CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055
CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059
CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572
CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576
CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482
CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079
CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931
CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112
CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006
CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082
CVE-2016-4085

Multiple vulnerabilities were discovered in the dissectors/parsers for
PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

This update also fixes many older less important issues by updating the
package to the version found in Debian 8 also known as Jessie.

For Debian 7 "Wheezy", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u6~deb7u1.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 498-1] ruby-activemodel-3.2 security update

Package : ruby-activemodel-3.2
Version : 3.2_3.2.6-3+deb7u1
CVE ID : CVE-2016-0753

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before
4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level
writers for class accessors, which allows remote attackers to bypass
intended validation steps via crafted parameters.

For Debian 7 "Wheezy", these problems have been fixed in version
3.2_3.2.6-3+deb7u1.

We recommend that you upgrade your ruby-activemodel-3.2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 499-1] php5 security update

Package : php5
Version : 5.4.45-0+deb7u3
CVE ID : CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879
CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073
CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540
CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544


* CVE-2015-8865
The file_check_mem function in funcs.c in file before 5.23, as used
in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20,
and 7.x before 7.0.5, mishandles continuation-level jumps, which
allows context-dependent attackers to cause a denial of service
(buffer overflow and application crash) or possibly execute arbitrary
code via a crafted magic file.

* CVE-2015-8866
libxml_disable_entity_loader setting is shared between threads
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when
PHP-FPM is used, does not isolate each thread from
libxml_disable_entity_loader changes in other threads, which allows
remote attackers to conduct XML External Entity (XXE) and XML Entity
Expansion (XEE) attacks via a crafted XML document, a related issue
to CVE-2015-5161.

* CVE-2015-8878
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before
5.6.12 does not ensure thread safety, which allows remote attackers to
cause a denial of service (race condition and heap memory corruption)
by leveraging an application that performs many temporary-file accesses.

* CVE-2015-8879
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12
mishandles driver behavior for SQL_WVARCHAR columns, which allows
remote attackers to cause a denial of service (application crash) in
opportunistic circumstances by leveraging use of the odbc_fetch_array
function to access a certain type of Microsoft SQL Server table.

* CVE-2016-4070
Integer overflow in the php_raw_url_encode function in ext/standard/url.c
in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows
remote attackers to cause a denial of service (application crash) via a
long string to the rawurlencode function.

* CVE-2016-4071
Format string vulnerability in the php_snmp_error function in
ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
before 7.0.5 allows remote attackers to execute arbitrary code via
format string specifiers in an SNMP::get call.

* CVE-2016-4072
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
before 7.0.5 allows remote attackers to execute arbitrary code via a
crafted filename, as demonstrated by mishandling of \0 characters by
the phar_analyze_path function in ext/phar/phar.c.

* CVE-2016-4073
Multiple integer overflows in the mbfl_strcut function in
ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before
5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a crafted mb_strcut call.

* CVE-2016-4343
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before
5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files,
which allows remote attackers to cause a denial of service
(uninitialized pointer dereference) or possibly have unspecified other
impact via a crafted TAR archive.

* CVE-2016-4537
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35,
5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer
for the scale argument, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via a
crafted call.

* CVE-2016-4539
The xml_parse_into_struct function in ext/xml/xml.c in PHP before
5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote
attackers to cause a denial of service (buffer under-read and
segmentation fault) or possibly have unspecified other impact via
crafted XML data in the second argument, leading to a parser level
of zero.

* CVE-2016-4540
* CVE-2016-4541
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c
in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows
remote attackers to cause a denial of service (out-of-bounds read)
or possibly have unspecified other impact via a negative offset.

* CVE-2016-4542
* CVE-2016-4543
* CVE-2016-4544
The exif_process_* function in ext/exif/exif.c in PHP before 5.5.35,
5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes,
which allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly have unspecified other impact via
crafted header data.

[DSA 3590-1] chromium-browser security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3590-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
June 01, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670
CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675
CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679
CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683
CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687
CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691
CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1667

Mariusz Mylinski discovered a cross-origin bypass.

CVE-2016-1668

Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.

CVE-2016-1669

Choongwoo Han discovered a buffer overflow in the v8 javascript
library.

CVE-2016-1670

A race condition was found that could cause the renderer process
to reuse ids that should have been unique.

CVE-2016-1672

Mariusz Mylinski discovered a cross-origin bypass in extension
bindings.

CVE-2016-1673

Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.

CVE-2016-1674

Mariusz Mylinski discovered another cross-origin bypass in extension
bindings.

CVE-2016-1675

Mariusz Mylinski discovered another cross-origin bypass in
Blink/Webkit.

CVE-2016-1676

Rob Wu discovered a cross-origin bypass in extension bindings.

CVE-2016-1677

Guang Gong discovered a type confusion issue in the v8 javascript
library.

CVE-2016-1678

Christian Holler discovered an overflow issue in the v8 javascript
library.

CVE-2016-1679

Rob Wu discovered a use-after-free issue in the bindings to v8.

CVE-2016-1680

Atte Kettunen discovered a use-after-free issue in the skia library.

CVE-2016-1681

Aleksandar Nikolic discovered an overflow issue in the pdfium
library.

CVE-2016-1682

KingstonTime discovered a way to bypass the Content Security Policy.

CVE-2016-1683

Nicolas Gregoire discovered an out-of-bounds write issue in the
libxslt library.

CVE-2016-1684

Nicolas Gregoire discovered an integer overflow issue in the
libxslt library.

CVE-2016-1685

Ke Liu discovered an out-of-bounds read issue in the pdfium library.

CVE-2016-1686

Ke Liu discovered another out-of-bounds read issue in the pdfium
library.

CVE-2016-1687

Rob Wu discovered an information leak in the handling of extensions.

CVE-2016-1688

Max Korenko discovered an out-of-bounds read issue in the v8
javascript library.

CVE-2016-1689

Rob Wu discovered a buffer overflow issue.

CVE-2016-1690

Rob Wu discovered a use-after-free issue.

CVE-2016-1691

Atte Kettunen discovered a buffer overflow issue in the skia library.

CVE-2016-1692

Til Jasper Ullrich discovered a cross-origin bypass issue.

CVE-2016-1693

Khalil Zhani discovered that the Software Removal Tool download was
done over an HTTP connection.

CVE-2016-1694

Ryan Lester and Bryant Zadegan discovered that pinned public keys
would be removed when clearing the browser cache.

CVE-2016-1695

The chrome development team found and fixed various issues during
internal auditing.

For the stable distribution (jessie), these problems have been fixed in
version 51.0.2704.63-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 51.0.2704.63-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/