Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1117-1: opencv security update

Debian GNU/Linux 8 and 9:
DSA 3986-1: ghostscript security update
DSA 3987-1: firefox-esr security update



DLA 1117-1: opencv security update




Package : opencv
Version : 2.3.1-11+deb7u2
CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598
CVE-2017-12599 CVE-2017-12601 CVE-2017-12603
CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864
CVE-2017-14136

OpenCV through version 3.3 has out-of-bounds read/write errors, buffer
overflows and double free issues in different functions.

For Debian 7 "Wheezy", these problems have been fixed in version
2.3.1-11+deb7u2.

We recommend that you upgrade your opencv packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 3986-1: ghostscript security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-3986-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727
CVE-2017-9739 CVE-2017-9835 CVE-2017-11714
Debian Bug : 869907 869910 869913 869915 869916 869917 869977

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service if a
specially crafted Postscript file is processed.

For the oldstable distribution (jessie), these problems have been fixed
in version 9.06~dfsg-2+deb8u6.

For the stable distribution (stretch), these problems have been fixed in
version 9.20~dfsg-3.2+deb9u1.

We recommend that you upgrade your ghostscript packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 3987-1: firefox-esr security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-3987-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824

Several security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, use-after-frees, buffer
overflows and other implementation errors may lead to the execution of
arbitrary code, denial of service, cross-site scripting or bypass of
the phishing and malware protection feature.

For the oldstable distribution (jessie), these problems have been fixed
in version 52.4.0esr-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 52.4.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/