The following updates has been released for Debian 7 LTS:
[DLA 700-1] libxslt security update
[DLA 701-1] memcached security update
[DLA 702-1] tzdata new upstream version
[DLA 703-1] libdatetime-timezone-perl new upstream version
[DLA 704-1] openjdk-7 security update
[DLA 700-1] libxslt security update
[DLA 701-1] memcached security update
[DLA 702-1] tzdata new upstream version
[DLA 703-1] libdatetime-timezone-perl new upstream version
[DLA 704-1] openjdk-7 security update
[DLA 700-1] libxslt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libxslt
Version : 1.1.26-14.1+deb7u2
CVE ID : CVE-2016-4738
Debian Bug : 842570
A heap overread bug was found in libxslt, which can cause arbitrary
code execution or denial of service.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.26-14.1+deb7u2.
We recommend that you upgrade your libxslt packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 701-1] memcached security update
Package : memcached
Version : 1.4.13-0.2+deb7u2
CVE ID : CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706
Debian Bug : 735314 842811 842812 842814
Multiple vulnerabilites have been found in memcached, a high-performance
memory object caching system. A remote attacker could take advantage of
these flaws to cause a denial of service (daemon crash), or potentially
to execute arbitrary code.
CVE-2013-7291
It was discovered that memcached, when running in verbose mode, can
be crashed by sending carefully crafted requests that trigger an
unbounded key print, resulting in a daemon crash.
CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
Aleksandar Nikolic of Cisco Talos found several vulnerabilities in
memcached. A remote attacker could cause an integer overflow by
sending carefully crafted requests to the memcached server,
resulting in a daemon crash.
For Debian 7 "Wheezy", these problems have been fixed in version
1.4.13-0.2+deb7u2.
We recommend that you upgrade your memcached packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 702-1] tzdata new upstream version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : tzdata
Version : 2016i-0+deb7u1
This update includes the changes in tzdata 2016i. Notable
changes are:
- Pacific/Tongatapu (DST starting on 2016-11-06 at 02:00).
- Northern Cyprus is now +03 year round, the Asia/Famagusta zone has
been added.
- Antarctica/Casey (switched from +08 to +11 on 2016-10-22).
For Debian 7 "Wheezy", these problems have been fixed in version
2016i-0+deb7u1.
We recommend that you upgrade your tzdata packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 703-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl
Version : 1:1.58-1+2016i
This update includes the changes in tzdata 2016i for the
Perl bindings. For the list of changes, see DLA-702-1.
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.58-1+2016i.
We recommend that you upgrade your libdatetime-timezone-perl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 704-1] openjdk-7 security update
Package : openjdk-7
Version : 7u111-2.6.7-2~deb7u1
CVE ID : CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582
CVE-2016-5597
Debian Bug : 841692
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in
information disclosure, denial of service and arbitrary code
execution.
For Debian 7 "Wheezy", these problems have been fixed in version
7u111-2.6.7-2~deb7u1.
We recommend that you upgrade your openjdk-7 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS