Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 811-1] libplist security update
[DLA 812-1] ikiwiki security update
[DLA 813-1] wordpress security update
[DSA 3777-1] libgd2 security update
[DSA 3778-1] ruby-archive-tar-minitar security update



[DLA 811-1] libplist security update

Package : libplist
Version : 1.8-1+deb7u1
CVE ID : CVE-2017-5209 CVE-2017-5545
Debian Bug : 851196 852385

The following vulnerabilities have been fixed in libplist:

CVE-2017-5209

Out of bounds read when parsing specially crafted Apple plist file

CVE-2017-5545

Heap buffer overflow via crafted Apple plist file

For Debian 7 "Wheezy", these problems have been fixed in version
1.8-1+deb7u1.

We recommend that you upgrade your libplist packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 812-1] ikiwiki security update

Package : ikiwiki
Version : 3.20120629.2+deb7u2
CVE ID : CVE-2016-9646 CVE-2016-10026 CVE-2017-0356

Several vulnerabilities have been found in ikiwiki, a wiki compiler:

CVE-2016-9646

Commit metadata forgery

CVE-2016-10026

Authorization bypass when reverting changes

CVE-2017-0356

Authentication bypass via repeated parameters

For Debian 7 "Wheezy", these problems have been fixed in version
3.20120629.2+deb7u2.

We recommend that you upgrade your ikiwiki packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 813-1] wordpress security update

Package : wordpress
Version : 3.6.1+dfsg-1~deb7u13
CVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490
CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612
Debian Bug : 851310 852767

Several vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.

CVE-2017-5488

Multiple cross-site scripting (XSS) vulnerabilities in
wp-admin/update-core.php in WordPress before 4.7.1 allow remote
attackers to inject arbitrary web script or HTML via the name or
version header of a plugin.

CVE-2017-5489

Cross-site request forgery (CSRF) vulnerability in WordPress before
4.7.1 allows remote attackers to hijack the authentication of
unspecified victims via vectors involving a Flash file upload.

CVE-2017-5490

Cross-site scripting (XSS) vulnerability in the theme-name fallback
functionality in wp-includes/class-wp-theme.php in WordPress before
4.7.1 allows remote attackers to inject arbitrary web script or HTML
via a crafted directory name of a theme, related to
wp-admin/includes/class-theme-installer-skin.php.

CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to
bypass intended posting restrictions via a spoofed mail server with the
mail.example.com name.

CVE-2017-5492

Cross-site request forgery (CSRF) vulnerability in the widget-editing
accessibility-mode feature in WordPress before 4.7.1 allows remote
attackers to hijack the authentication of unspecified victims for
requests that perform a widgets-access action, related to
wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress
before 4.7.1 does not properly choose random numbers for keys, which
makes it easier for remote attackers to bypass intended access
restrictions via a crafted site signup or user signup.

CVE-2017-5610

wp-admin/includes/class-wp-press-this.php in Press This in WordPress
before 4.7.2 does not properly restrict visibility of a
taxonomy-assignment user interface, which allows remote attackers to
bypass intended access restrictions by reading terms.

CVE-2017-5611

SQL injection vulnerability in wp-includes/class-wp-query.php in
WP_Query in WordPress before 4.7.2 allows remote attackers to execute
arbitrary SQL commands by leveraging the presence of an affected
plugin or theme that mishandles a crafted post type name.

CVE-2017-5612

Cross-site scripting (XSS) vulnerability in
wp-admin/includes/class-wp-posts-list-table.php in the posts list
table in WordPress before 4.7.2 allows remote attackers to inject
arbitrary web script or HTML via a crafted excerpt.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u13.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3777-1] libgd2 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3777-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 31, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libgd2
CVE ID : CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 CVE-2016-10166
CVE-2016-10167 CVE-2016-10168

Multiple vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation, which may result in
denial of service or potentially the execution of arbitrary code if a
malformed file is processed.

For the stable distribution (jessie), these problems have been fixed in
version 2.1.0-5+deb8u9.

For the testing distribution (stretch) and the unstable distribution
(sid), these problems have been fixed in version 2.2.4-1.

We recommend that you upgrade your libgd2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3778-1] ruby-archive-tar-minitar security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3778-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 31, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby-archive-tar-minitar
CVE ID : CVE-2016-10173
Debian Bug : 853249

Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library
that provides the ability to deal with POSIX tar archive files, is prone
to a directory traversal vulnerability. An attacker can take advantage
of this flaw to overwrite arbitrary files during archive extraction via
a .. (dot dot) in an extracted filename.

For the stable distribution (jessie), this problem has been fixed in
version 0.5.2-2+deb8u1.

We recommend that you upgrade your ruby-archive-tar-minitar packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/