Debian 10228 Published by

The following updates has been released for Debian 7 LTS:

[DLA 692-1] tiff3 security update
[DLA 693-1] tiff security update
[DLA 694-1] libwmf security update
[DLA 695-1] spip security update
[DLA 696-1] bind9 security update



[DLA 692-1] tiff3 security update

Package : tiff3
Version : 3.9.6-11+deb7u2
CVE ID : CVE-2015-7554 CVE-2016-5318

Applications using libtiff can trigger buffer overflows through
TIFFGetField() when processing TIFF images with unknown tags.

For Debian 7 "Wheezy", these problems have been fixed in version
3.9.6-11+deb7u2.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 693-1] tiff security update

Package : tiff
Version : 4.0.2-6+deb7u7
CVE ID : CVE-2014-8128 CVE-2015-7554 CVE-2015-8668 CVE-2016-3186
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3631
CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-5102
CVE-2016-5318 CVE-2016-5319 CVE-2016-5652 CVE-2016-6223
CVE-2016-8331
Debian Bug : 842043 842046 842361 842270

The libtiff library and associated tools provided in libtiff-tools are
vulnerable to many security problems.

This update drops many tools which are no longer supported upstream
and which are affected by multiple memory corruption issues:
* bmp2tiff (CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-5319,
CVE-2015-8668)
* gif2tiff (CVE-2016-3186, CVE-2016-5102)
* ras2tiff
* sgi2tiff
* sgisv
* ycbcr
* rgb2ycbcr (CVE-2016-3623, CVE-2016-3624)
* thumbnail (CVE-2016-3631, CVE-2016-3632, CVE-2016-3633, CVE-2016-3634,
CVE-2016-8331)

This update also fixes the following issues:

CVE-2014-8128, CVE-2015-7554, CVE-2016-5318

Multiple buffer overflows triggered through TIFFGetField() on unknown
tags. Lacking an upstream fix, the list of known tags has been
extended to cover all those that are in use by the TIFF tools.

CVE-2016-5652

Heap based buffer overflow in tiff2pdf.

CVE-2016-6223

Information leak in libtiff/tif_read.c. Fix out-of-bounds read on
memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
when stripoffset is beyond tmsize_t max value (reported by
Mathias Svensson).

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u7.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/


[SECURITY] [DLA 694-1] libwmf security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package : libwmf
Version : 0.2.8.4-10.3+deb7u2
CVE ID : CVE-2016-9011
Debian Bug : 842090

Agostino Sarubbo from Gentoo discovered a flaw in libwmf's Windows
Metafile Format (WMF) parser which caused allocation of excessive
amount of memory potentially leading to a crash.

For Debian 7 "Wheezy", these problems have been fixed in version
0.2.8.4-10.3+deb7u2.

We recommend that you upgrade your libwmf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 695-1] spip security update

Package : spip
Version : 2.1.17-1+deb7u6
CVE ID : CVE-2016-7980 CVE-2016-7981 CVE-2016-7982
CVE-2016-7998 CVE-2016-7999


Multiple vulnerabilities have been discovered in SPIP, a website
engine for publishing written in PHP.

CVE-2016-7980

Nicolas Chatelain of Sysdream Labs discovered a cross-site request
forgery (CSRF) vulnerability in the valider_xml action of SPIP. This
allows remote attackers to make use of potential additional
vulnerabilities such as the one described in CVE-2016-7998.

CVE-2016-7981

Nicolas Chatelain of Sysdream Labs discovered a reflected cross-site
scripting attack (XSS) vulnerability in the validater_xml action of
SPIP. An attacker could take advantage of this vulnerability to
inject arbitrary code by tricking an administrator to open a
malicious link.

CVE-2016-7982

Nicolas Chatelain of Sysdream Labs discovered a file enumeration /
path traversal attack in the the validator_xml action of SPIP. An
attacker could use this to enumerate files in an arbitrary directory
on the file system.

CVE-2016-7998

Nicolas Chatelain of Sysdream Labs discovered a possible PHP code
execution vulnerability in the template compiler/composer function
of SPIP. In combination with the XSS and CSRF vulnerabilities
described in this advisory, a remote attacker could take advantage
of this to execute arbitrary PHP code on the server.

CVE-2016-7999

Nicolas Chatelain of Sysdream Labs discovered a server side request
forgery in the valider_xml action of SPIP. Attackers could take
advantage of this vulnerability to send HTTP or FTP requests to
remote servers that they don't have direct access to, possibly
bypassing access controls such as a firewall.

For Debian 7 "Wheezy", these problems have been fixed in version
2.1.17-1+deb7u6.

We recommend that you upgrade your spip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 696-1] bind9 security update

Package : bind9
Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u13
CVE ID : CVE-2016-8864

Tony Finch and Marco Davids reported an assertion failure in BIND, a
DNS server implementation, which causes the server process to
terminate. This denial-of-service vulnerability is related to a
defect in the processing of responses with DNAME records from
authoritative servers and primarily affects recursive resolvers.

For Debian 7 "Wheezy", these problems have been fixed in version
1:9.8.4.dfsg.P1-6+nmu2+deb7u13.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS