The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 LTS:
DLA 1087-1: icedove/thunderbird security update
DLA 1090-1: tcpdump security update
Debian GNU/Linux 9:
DSA 3965-1: file security update
DSA 3966-1: ruby2.3 security update
Debian GNU/Linux 7 LTS:
DLA 1087-1: icedove/thunderbird security update
DLA 1090-1: tcpdump security update
Debian GNU/Linux 9:
DSA 3965-1: file security update
DSA 3966-1: ruby2.3 security update
DLA 1087-1: icedove/thunderbird security update
Package : icedove
Version : 1:52.3.0-4~deb7u1
CVE ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785
CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803
CVE-2017-7804 CVE-2017-7807 CVE-2017-7809
Multiple security issues have been found in the Mozilla Thunderbird mail
client: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
spoofing.
For Debian 7 "Wheezy", these problems have been fixed in version
1:52.3.0-4~deb7u1.
We recommend that you upgrade your icedove packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1090-1: tcpdump security update
Package : tcpdump
Version : 4.9.0-1~deb7u2
CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service (application crash).
For Debian 7 "Wheezy", these problems have been fixed in version
4.9.0-1~deb7u2.
We recommend that you upgrade your tcpdump packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 3965-1: file security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3965-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 05, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : file
CVE ID : CVE-2017-1000249
Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a
file type classification tool, which may result in denial of service if
an ELF binary with a specially crafted .notes section is processed.
For the stable distribution (stretch), this problem has been fixed in
version 1:5.30-1+deb9u1.
For the unstable distribution (sid), this problem has been fixed in
version 1:5.32-1.
We recommend that you upgrade your file packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
DSA 3966-1: ruby2.3 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3966-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby2.3
CVE ID : CVE-2015-9096 CVE-2016-7798 CVE-2017-0899 CVE-2017-0900
CVE-2017-0901 CVE-2017-0902 CVE-2017-14064
Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:
CVE-2015-9096
SMTP command injection in Net::SMTP.
CVE-2016-7798
Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension.
CVE-2017-0900
Denial of service in the RubyGems client.
CVE-2017-0901
Potential file overwrite in the RubyGems client.
CVE-2017-0902
DNS hijacking in the RubyGems client.
CVE-2017-14064
Heap memory disclosure in the JSON library.
For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u1. This update also hardens RubyGems against
malicious termonal escape sequences (CVE-2017-0899).
We recommend that you upgrade your ruby2.3 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/