The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 Extended LTS:
ELA-11-1 lame security update
Multiple vulnerabilities have been discovered in lame: CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046
ELA-12-1 ming security update
Multiple vulnerabilities have been discovered in ming: CVE-2018-11226 CVE-2018-11225 CVE-2018-11100 CVE-2018-11095
Debian GNU/Linux 8 LTS:
DLA 1400-2: tomcat7 regression update
The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework.
DLA 1410-1: python-pysaml2 security update
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Debian GNU/Linux 7 Extended LTS:
ELA-11-1 lame security update
Multiple vulnerabilities have been discovered in lame: CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046
ELA-12-1 ming security update
Multiple vulnerabilities have been discovered in ming: CVE-2018-11226 CVE-2018-11225 CVE-2018-11100 CVE-2018-11095
Debian GNU/Linux 8 LTS:
DLA 1400-2: tomcat7 regression update
The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework.
DLA 1410-1: python-pysaml2 security update
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password.
ELA-11-1 lame security update
Package: lame
Version: 3.99.5+repack1-3+deb7u2
Related CVE: CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046
Multiple vulnerabilities have been discovered in lame:
CVE-2017-9870
The III_i_stereo function in layer3.c in mpglib as used in LAME 3.99.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
CVE-2017-9871
The III_i_stereo function in layer3.c in mpglib as used in LAME 3.99.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-9872
The III_dequantize_sample function in layer3.c in mpglib as used in LAME 3.99.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-15018
LAME 3.99.5 is vulnerable to a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. Remote attackers might leverage this flaw to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
CVE-2017-15045
LAME 3.99.5 is vulnerable to a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c. Remote attackers might leverage this flaw to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
CVE-2017-15046
LAME 3.99.5 is vulnerable to a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c. Remote attackers might leverage this flaw to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
For Debian 7 Wheezy, these problems have been fixed in version 3.99.5+repack1-3+deb7u2.
We recommend that you upgrade your lame packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
ELA-12-1 ming security update
Package: ming
Version: 1:0.4.4-1.1+deb7u10
Related CVE: CVE-2018-11226 CVE-2018-11225 CVE-2018-11100 CVE-2018-11095
Multiple vulnerabilities have been discovered in ming:
CVE-2018-11226
The getString function in decompile.c in libming through 0.4.8 is vulnerable to a heap buffer overflow. This vulnerability might be triggered by remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted SWF file.
CVE-2018-11225
The dcputs function in decompile.c in libming through 0.4.8 is vulnerable to a NULL pointer dereference. This vulnerability might be triggered by remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted SWF file.
CVE-2018-11100
The decompileSETTARGET function in decompile.c in libming through 0.4.8 is vulnerable to a heap buffer overflow. This vulnerability might be triggered by remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted SWF file.
CVE-2018-11095
The decompileJUMP function in decompile.c in libming through 0.4.8 is vulnerable to a heap buffer overflow. This vulnerability might be triggered by remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted SWF file.
For Debian 7 Wheezy, these problems have been fixed in version 1:0.4.4-1.1+deb7u10.
We recommend that you upgrade your ming packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
DLA 1400-2: tomcat7 regression update
Package : tomcat7
Version : 7.0.56-3+really7.0.88-2
Debian Bug : 902670
The security update of Tomcat 7 announced as DLA-1400-1 introduced a
regression for applications that make use of the Equinox OSGi
framework. The MANIFEST file of tomcat-jdbc.jar in libtomcat7-java
contains an invalid version number which was automatically derived
from the Debian package version. This caused an OSGi exception.
For Debian 8 "Jessie", this issue has been fixed in version
7.0.56-3+really7.0.88-2.
We recommend that you upgrade your tomcat7 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1410-1: python-pysaml2 security update
Package : python-pysaml2
Version : 2.0.0-1+deb8u2
CVE ID : CVE-2017-1000433
Debian Bug : 886423
Pysaml2, a Python implementation of the Security Assertion Markup
Language, would accept any password when run with Python optimizations
enabled. This allows attackers to log in as any user without knowing
their password.
For Debian 8 "Jessie", this issue has been fixed in version
2.0.0-1+deb8u2.
We recommend that you upgrade your python-pysaml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS