Debian 10225 Published by

The following updates has been released for Debian:

[DLA 575-2] collectd regression update
[DSA 3638-1] curl security update
[DSA 3639-1] wordpress security update
[DSA 3640-1] firefox-esr security update



[DLA 575-2] collectd regression update

Package : collectd
Version : 5.1.0-3+deb7u2
Debian Bug : 833013

The previous upload of collectd surfaced a problem in the way the
network plugin initializes gcrypt preventing the plugin from being
loaded when packet signing or encryption is enabled. Previously, this
may have led to program crashes.

For Debian 7 "Wheezy", these problems have been fixed in version
5.1.0-3+deb7u2.

We recommend that you upgrade your collectd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3638-1] curl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3638-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
August 03, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

Several vulnerabilities were discovered in cURL, an URL transfer library:

CVE-2016-5419

Bru Rom discovered that libcurl would attempt to resume a TLS session
even if the client certificate had changed.

CVE-2016-5420

It was discovered that libcurl did not consider client certificates
when reusing TLS connections.

CVE-2016-5421

Marcelo Echeverria and Fernando Muñoz discovered that libcurl was
vulnerable to a use-after-free flaw.

For the stable distribution (jessie), these problems have been fixed in
version 7.38.0-4+deb8u4.

For the unstable distribution (sid), these problems have been fixed in
version 7.50.1-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3639-1] wordpress security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3639-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 03, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2015-8834 CVE-2016-5832 CVE-2016-5834 CVE-2016-5835
CVE-2016-5837 CVE-2016-5838 CVE-2016-5839

Several vulnerabilities were discovered in wordpress, a web blogging
tool, which could allow remote attackers to compromise a site via
cross-site scripting, bypass restrictions, obtain sensitive
revision-history information, or mount a denial of service.

For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u9.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3640-1] firefox-esr security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3640-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838
CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259
CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code,
cross-site scriping, information disclosure and bypass of the same-origin
policy.

For the stable distribution (jessie), these problems have been fixed in
version 45.3.0esr-1~deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 45.3.0esr-1 for firefox-esr and 48.0-1 for firefox.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/