Debian 10225 Published by

The following Debian updates has been released:

[DLA 568-1] wordpress security update
[DLA 569-1] xmlrpc-epi security update
[DLA 570-1] kde4libs security update
[DSA 3635-1] libdbd-mysql-perl security update
[DSA 3636-1] collectd security update



[DLA 568-1] wordpress security update

Package : wordpress
Version : 3.6.1+dfsg-1~deb7u11
CVE ID : CVE-2016-5387 CVE-2016-5832 CVE-2016-5834
CVE-2016-5835 CVE-2016-5838 CVE-2016-5839
Debian Bug : 828225


Several vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.

CVE-2016-5387
WordPress allows remote attackers to bypass intended
access restrictions and remove a category attribute from a post via
unspecified vectors.

CVE-2016-5832
The customizer in WordPress allows remote attackers to
bypass intended redirection restrictions via unspecified vectors.

CVE-2016-5834
Cross-site scripting (XSS) vulnerability in the
wp_get_attachment_link function in wp-includes/post-
template.php in WordPress allows remote
attackers to inject arbitrary web script or HTML via a crafted
attachment name.

CVE-2016-5835
WordPress allows remote attackers to obtain sensitive
revision-history information by leveraging the ability to read a
post related to wp-admin/includes/ajax-actions.php and
wp-admin/revision.php.

CVE-2016-5838
WordPress allows remote attackers to bypass intended password-
change restrictions by leveraging knowledge of a cookie.

CVE-2016-5839
WordPress allows remote attackers to bypass the
sanitize_file_name protection mechanism via unspecified vectors.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u11.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 569-1] xmlrpc-epi security update

Package : xmlrpc-epi
Version : 0.54.2-1+deb7u1
CVE ID : CVE-2016-6296

Integer signedness error in the simplestring_addn function in
simplestring.c in xmlrpc-epi through 0.54.2 allows remote attackers to
cause a denial of service (heap-based buffer overflow) or possibly have
unspecified other impact via a long first argument to the PHP
xmlrpc_encode_request function.

For Debian 7 "Wheezy", these problems have been fixed in version
0.54.2-1+deb7u1.

We recommend that you upgrade your xmlrpc-epi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 570-1] kde4libs security update

Package : kde4libs
Version : 4:4.8.4-4+deb7u2
CVE ID : CVE-2016-6232
Debian Bug : 832620


It was possible to trick kde4libs's KArchiveDirectory::copyTo()
function to extract files to arbitrary system locations from
a specially prepared tar file outside of the extraction folder.

For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3635-1] libdbd-mysql-perl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3635-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 29, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libdbd-mysql-perl
CVE ID : CVE-2014-9906 CVE-2015-8949

Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl
DBI driver for the MySQL database server. A remote attacker can take
advantage of these flaws to cause a denial-of-service against an
application using DBD::mysql (application crash), or potentially to
execute arbitrary code with the privileges of the user running the
application.

For the stable distribution (jessie), these problems have been fixed in
version 4.028-2+deb8u1.

We recommend that you upgrade your libdbd-mysql-perl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3636-1] collectd security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3636-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
July 30, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : collectd
CVE ID : CVE-2016-6254
Debian Bug : 832507 832577

Emilien Gaspar discovered that collectd, a statistics collection and
monitoring daemon, incorrectly processed incoming network
packets. This resulted in a heap overflow, allowing a remote attacker
to either cause a DoS via application crash, or potentially execute
arbitrary code.

Additionally, security researchers at Columbia University and the
University of Virginia discovered that collectd failed to verify a
return value during initialization. This meant the daemon could
sometimes be started without the desired, secure settings.

For the stable distribution (jessie), this problem has been fixed in
version 5.4.1-6+deb8u1.

For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 5.5.2-1.

We recommend that you upgrade your collectd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/