Debian 10225 Published by

The following updates are available for Debian:

default-java switch to OpenJDK 7 - Icedtea plugin
[DSA 3643-1] kde4libs security update



default-java switch to OpenJDK 7 - Icedtea plugin

Package : icedtea-web
Version : 1.4-3~deb7u3


As it was announced earlier, the default Java version in Wheezy has been bumped
to Java 7, as Java 6 could no longer be supported. To follow this change, the
icedtea-plugin package has been updated to depend on icedtea-7-plugin rather
than icedtea-6-plugin. icedtea-6-plugin is unsupported as it depends on Java 6.

We recommend that you upgrade your icedtea-plugin package and make sure that
icedtea-6-plugin (and any Java 6 packages) are uninstalled.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3643-1] kde4libs security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3643-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : kde4libs
CVE ID : CVE-2016-6232
Debian Bug : 832620

Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with "../" in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.

For the stable distribution (jessie), this problem has been fixed in
version 4:4.14.2-5+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.14.22-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/