en

The security updates of vim, imagemagick, imagemagick, icu, firefox-esr, weechat, ghostscript, libxstream-java, tomcat7, tomcat8, tiff, libtirpc, libytnef, xen, git, kde4libs, rtmpdump, bitlbee, bind9, jbig2dec,

deluge, mysql-connector-java, puppet, imagemagick, fop, mosquitto, strongswan, sudo, openldap, tnef, wordpress, perl, ettercap, libmwaw, otrs2, tor, zziplib, libosip2, libgcrypt20, firefox-esr, request-tracker4, gnutls28, irssi.

Vulnerability Information

DSA-3786-1 vim —Security Updates

Security database details:

Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.

 

DSA-3799-1 imagemagick —Security Updates

Security database details:

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.

 

DSA-3808-1 imagemagick —Security Updates

Security database details:

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.

This update also fixes visual artefacts when running -sharpen on CMYK images (no security impact, but piggybacked on top of the security update with approval of the Debian stable release managers since it's a regression in jessie compared to wheezy).

 

DSA-3830-1 icu —Security Updates

Security database details:

It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

 

DSA-3831-1 firefox-esr —Security Updates

Security database details:

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

 

DSA-3836-1 weechat —Security Updates

Security database details:

It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.

 

DSA-3838-1 ghostscript —Security Updates

Security database details:

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.

 

DSA-3841-1 libxstream-java —Security Updates

Security database details:

It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling.

 

DSA-3842-1 tomcat7 —Security Updates

Security database details:

Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine.

  • CVE-2017-5647 : Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request.
  • CVE-2017-5648: Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.

 

DSA-3843-1 tomcat8 —Security Updates

Security database details:

Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine.

  • CVE-2017-5647: Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request.
  • CVE-2017-5648: Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.

 

DSA-3844-1 tiff  —Security Updates

Security database details:

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code.

 

DSA-3845-1 libtirpc —Security Updates

Security database details:

Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).

 

DSA-3846-1 libytnef —Security Updates

Security database details:

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file.

 

DSA-3847-1 xen —Security Updates

Security database details:

Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.

 

DSA-3848-1 git —Security Updates

Security database details:

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

 

DSA-3849-1 kde4libs —Security Updates

Security database details:

Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2017-6410: Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file.
  • CVE-2017-8422: Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account.

DSA-3850-1 rtmpdump —Security Updates

Security database details:

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped.

 

DSA-3853-1 bitlbee —Security Updates

Security database details:

It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.

 

DSA-3854-1 bind9 —Security Updates

Security database details:

Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2017-3136: Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break-dnssec yes;" option, allowing a remote attacker to cause a denial-of-service.
  • CVE-2017-3137: It was discovered that BIND makes incorrect assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records, leading to situations where BIND exits with an assertion failure. An attacker can take advantage of this condition to cause a denial-of-service.
  • CVE-2017-3138: Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a REQUIRE assertion failure if it receives a null command string on its control channel. Note that the fix applied in Debian is only applied as a hardening measure. Details about the issue can be found at https://kb.isc.org/article/AA-01471 .

DSA-3855-1 jbig2dec —Security Updates

Security database details:

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.

 

DSA-3856-1 deluge —Security Updates

Security database details:

Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).

 

DSA-3857-1 mysql-connector-java —Security Updates

Security database details:

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

 

DSA-3862-1 puppet —Security Updates

Security database details:

It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.

 

DSA-3863-1 imagemagick —Security Updates

Security database details:

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

 

DSA-3864-1 fop —Security Updates

Security database details:

It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure.

 

DSA-3865-1 mosquitto —Security Updates

Security database details:

It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

 

DSA-3866-1 strongswan —Security Updates

Security database details:

Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

  • CVE-2017-9022: RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.
  • CVE-2017-9023: ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate.

DSA-3867-1 sudo —Security Updates

Security database details:

The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.

 

DSA-3868-1 openldap —Security Updates

Security database details:

Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend.

 

DSA-3869-1 tnef —Security Updates

Security database details:

It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash.

 

DSA-3870-1 wordpress —Security Updates

Security database details:

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.

 

DSA-3873-1 perl —Security Updates

Security database details:

The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.

 

DSA-3874-1 ettercap —Security Updates

Security database details:

Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash.

 

DSA-3875-1 libmwaw —Security Updates

Security database details:

It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened.

 

DSA-3876-1 otrs2  —Security Updates

Security database details:

Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.

 

DSA-3877-1 tor  —Security Updates

Security database details:

It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).

 

DSA-3878-1 zziplib —Security Updates

Security database details:

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed.

 

DSA-3879-1 libosip2 —Security Updates

Security database details:

Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages.

 

DSA-3880-1 libgcrypt20 —Security Updates

Security database details:

It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.

 

DSA-3881-1 firefox-esr —Security Updates

Security database details:

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.

 

DSA-3882-1 request-tracker4 —Security Updates

Security database details:

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2016-6127: It was discovered that Request Tracker is vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file with a certain content type. Installations which use the AlwaysDownloadAttachments config setting are unaffected by this flaw. The applied fix addresses all existant and future uploaded attachments.
  • CVE-2017-5361: It was discovered that Request Tracker is vulnerable to timing side-channel attacks for user passwords.
  • CVE-2017-5943: It was discovered that Request Tracker is prone to an information leak of cross-site request forgery (CSRF) verification tokens if a user is tricked into visiting a specially crafted URL by an attacker.
  • CVE-2017-5944: It was discovered that Request Tracker is prone to a remote code execution vulnerability in the dashboard subscription interface. A privileged attacker can take advantage of this flaw through carefully-crafted saved search names to cause unexpected code to be executed. The applied fix addresses all existant and future saved searches.

 

DSA-3884-1 gnutls28  —Security Updates

Security database details:

Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service).

 

DSA-3885-1 irssi —Security Updates

Security database details:

Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2017-9468: Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.
  • CVE-2017-9469: Joseph Bisch discovered that Irssi does not properly handle receiving incorrectly quoted DCC files. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.
  • Fixing Status

vim security vulnerabilities have been fixed in version 2:8.0.0197-2; imagemagick security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-1; imagemagick security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-2; icu security vulnerabilities have been fixed in version 57.1-6; firefox-esr security vulnerabilities have been fixed in version 45.9.0esr-1; weechat security vulnerabilities have been fixed in version 1.7-3; ghostscript security vulnerabilities have been fixed in version 9.20~dfsg-3.1; libxstream-java security vulnerabilities have been fixed in version 1.4.9-2; tomcat7 security vulnerabilities have been fixed in version 7.0.72-3; tomcat8 security vulnerabilities have been fixed in version 8.5.11-2; tiff security vulnerabilities have been fixed in version 4.0.7-6; libtirpc security vulnerabilities have been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind; libytnef security vulnerabilities have been fixed in version 1.9.2-1; xen security vulnerabilities have been fixed in version 4.8.1-1+deb9u1; git security vulnerabilities have been fixed in version 1:2.11.0-3; kde4libs security vulnerabilities have been fixed in version 4:4.14.26-2; rtmpdump security vulnerabilities have been fixed in version 2.4+20151223.gitfa8646d.1-1; bitlbee security vulnerabilities have been fixed in version 3.5-1; bind9 security vulnerabilities have been fixed in version 1:9.10.3.dfsg.P4-12.3; jbig2dec security vulnerabilities have been fixed in version 0.13-4.1; deluge security vulnerabilities have been fixed in version 1.3.13+git20161130.48cedf63-3; mysql-connector-java security vulnerabilities have been fixed in version 5.1.42-1; puppet security vulnerabilities have been fixed in version 4.8.2-5; imagemagick security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-8; fop security vulnerabilities have been fixed in version 1:2.1-6; mosquitto security vulnerabilities have been fixed in version 1.4.10-3; strongswan security vulnerabilities have been fixed in version 5.5.1-4; sudo security vulnerabilities have been fixed in version 1.8.20p1-1; openldap security vulnerabilities have been fixed in version 2.4.44+dfsg-5; tnef security vulnerabilities have been fixed in version 1.4.12-1.2; wordpress security vulnerabilities have been fixed in version 4.7.5+dfsg-1; perl security vulnerabilities have been fixed in version 5.24.1-3; ettercap security vulnerabilities have been fixed in version 1:0.8.2-4; libmwaw security vulnerabilities have been fixed in version 0.3.9-2; otrs2 security vulnerabilities have been fixed in version 5.0.20-1; tor security vulnerabilities have been fixed in version 0.2.9.11-1; zziplib security vulnerabilities have been fixed in version 0.13.62-3.1; libosip2 security vulnerabilities have been fixed in version 4.1.0-2.1; libgcrypt20 security vulnerabilities have been fixed in version 1.7.6-2; firefox-esr security vulnerabilities have been fixed in version 52.2.0esr-1; request-tracker4 security vulnerabilities have been fixed in version 4.4.1-4; gnutls28 security vulnerabilities have been fixed in version 3.5.8-6; irssi security vulnerabilities have been fixed in version 1.0.3-1.

We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.

One Comment

Leave a Reply