The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1117-1: opencv security update
Debian GNU/Linux 8 and 9:
DSA 3986-1: ghostscript security update
DSA 3987-1: firefox-esr security update
Debian GNU/Linux 7 LTS:
DLA 1117-1: opencv security update
Debian GNU/Linux 8 and 9:
DSA 3986-1: ghostscript security update
DSA 3987-1: firefox-esr security update
DLA 1117-1: opencv security update
Package : opencv
Version : 2.3.1-11+deb7u2
CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598
CVE-2017-12599 CVE-2017-12601 CVE-2017-12603
CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864
CVE-2017-14136
OpenCV through version 3.3 has out-of-bounds read/write errors, buffer
overflows and double free issues in different functions.
For Debian 7 "Wheezy", these problems have been fixed in version
2.3.1-11+deb7u2.
We recommend that you upgrade your opencv packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 3986-1: ghostscript security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3986-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ghostscript
CVE ID : CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727
CVE-2017-9739 CVE-2017-9835 CVE-2017-11714
Debian Bug : 869907 869910 869913 869915 869916 869917 869977
Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service if a
specially crafted Postscript file is processed.
For the oldstable distribution (jessie), these problems have been fixed
in version 9.06~dfsg-2+deb8u6.
For the stable distribution (stretch), these problems have been fixed in
version 9.20~dfsg-3.2+deb9u1.
We recommend that you upgrade your ghostscript packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
DSA 3987-1: firefox-esr security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3987-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
Several security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, use-after-frees, buffer
overflows and other implementation errors may lead to the execution of
arbitrary code, denial of service, cross-site scripting or bypass of
the phishing and malware protection feature.
For the oldstable distribution (jessie), these problems have been fixed
in version 52.4.0esr-1~deb8u1.
For the stable distribution (stretch), these problems have been fixed in
version 52.4.0esr-1~deb9u1.
We recommend that you upgrade your firefox-esr packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/