Debian 10225 Published by

The following updates has been released for Debian:

[DLA 595-1] wireshark security update
[DLA 596-1] extplorer security update



[DLA 595-1] wireshark security update

Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u6~deb7u3
CVE ID : CVE-2016-6504 CVE-2016-6505 CVE-2016-6506
CVE-2016-6507 CVE-2016-6508 CVE-2016-6509
CVE-2016-6510 CVE-2016-6511

Multiple vulnerabilities were discovered in the dissectors for NDS,
PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result
in denial of service or the execution of arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u6~deb7u3.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 596-1] extplorer security update

Package : extplorer
Version : 2.1.0b6+dfsg.3-4+deb7u4
CVE ID : CVE-2016-4313

It was discovered that there was an archive traversal exploit in eXtplorer,
a web-based file manager.

The unzip/extract feature allowed for path traversal as decompressed files
can be placed outside of the intended target directory if the archive
content contained "../" characters.

For Debian 7 "Wheezy", this issue has been fixed in extplorer version
2.1.0b6+dfsg.3-4+deb7u4.

We recommend that you upgrade your extplorer packages.