Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 840-1] libplist security update
[DLA 841-1] apache2 security update
[DLA 842-1] qemu-kvm security update
[DLA 843-1] bind9 security update
[DLA 844-1] libquicktime security update
[DSA 3797-1] mupdf security update
[DSA 3798-1] tnef security update



[DLA 840-1] libplist security update



Package : libplist
Version : 1.8-1+deb7u2
CVE ID : CVE-2017-5834 CVE-2017-5835
Debian Bug : 854000

Several vulnerabilities were discovered in libplist, a library for
reading and writing the Apple binary and XML property lists format. A
maliciously crafted plist file could cause an application to crash by
triggering a heap-based buffer overflow and memory allocation error in
the plist_from_bin function.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8-1+deb7u2.

We recommend that you upgrade your libplist packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 841-1] apache2 security update

Package : apache2
Version : 2.2.22-13+deb7u8
CVE ID : CVE-2016-8743

This upload fixes a security vulnerability in the header parsing code.

[DLA 842-1] qemu-kvm security update

Package : qemu-kvm
Version : 1.1.2+dfsg-6+deb7u20
CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973


Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests.

CVE-2017-2615

The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an
out-of-bounds access issue. It could occur while copying VGA data
via bitblt copy in backward mode.

A privileged user inside guest could use this flaw to crash the
Qemu process resulting in DoS OR potentially execute arbitrary
code on the host with privileges of qemu-kvm process on the host.

CVE-2017-2620

The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an
out-of-bounds access issue. It could occur while copying VGA data
in cirrus_bitblt_cputovideo.

A privileged user inside guest could use this flaw to crash the
Qemu process resulting in DoS OR potentially execute arbitrary
code on the host with privileges of qemu-kvm process on the host.

CVE-2017-5898

The CCID Card device emulator support is vulnerable to an integer
overflow flaw. It could occur while passing message via
command/responses packets to and from the host.

A privileged user inside guest could use this flaw to crash the
qemu-kvm process on the host resulting in a DoS.

This issue does not affect the qemu-kvm binaries in Debian but we
apply the patch to the sources to stay in sync with the qemu
package.

CVE-2017-5973

The USB xHCI controller emulator support in qemu-kvm is vulnerable
to an infinite loop issue. It could occur while processing control
transfer descriptors' sequence in xhci_kick_epctx.

A privileged user inside guest could use this flaw to crash the
qemu-kvm process resulting in a DoS.

This update also updates the fix CVE-2016-9921 since it was too strict
and broke certain guests.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u20.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


[DLA 843-1] bind9 security update

Package : bind9
Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u15
CVE ID : CVE-2017-3135


CVE-2017-3135
Assertion failure when using DNS64 and RPZ can lead to crash.


For Debian 7 "Wheezy", these problems have been fixed in version
1:9.8.4.dfsg.P1-6+nmu2+deb7u15.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 844-1] libquicktime security update

Package : libquicktime
Version : 2:1.2.4-3+deb7u1
CVE ID : CVE-2016-2399
Debian Bug : 855099

Marco 'nemux' Romano discovered that an integer overflow in the
quicktime_read_pascal function in libquicktime 1.2.4 and earlier
allows remote attackers to cause a denial of service or possibly have
other unspecified impact via a crafted hdlr MP4 atom.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.2.4-3+deb7u1.

We recommend that you upgrade your libquicktime packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3797-1] mupdf security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3797-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mupdf
CVE ID : CVE-2016-8674 CVE-2017-5896 CVE-2017-5991

Multiple vulnerabilities have been found in the PDF viewer MuPDF, which
may result in denial of service or the execution of arbitrary code if
a malformed PDF file is opened.

For the stable distribution (jessie), these problems have been fixed in
version 1.5-1+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 1.9a+ds1-4.

For the unstable distribution (sid), these problems have been fixed in
version 1.9a+ds1-4.

We recommend that you upgrade your mupdf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3798-1] tnef security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3798-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 01, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tnef
CVE ID : CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310
Debian Bug : 856117

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several
vulnerabilities in tnef, a tool used to unpack MIME attachments of
type "application/ms-tnef". Multiple heap overflows, type confusions
and out of bound reads and writes could be exploited by tricking a
user into opening a malicious attachment. This would result in denial
of service via application crash, or potential arbitrary code
execution.

For the stable distribution (jessie), these problems have been fixed in
version 1.4.9-1+deb8u1.

We recommend that you upgrade your tnef packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/