[SECURITY] [DLA 838-1] shadow security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: shadow Version: 4.1.5.1-1+deb7u1 CVE ID : CVE-2017-2616 Debian Bug : 855943 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.5.1-1+deb7u1. We recommend that you upgrade your shadow packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYs2TMAAoJEPZk0la0aRp92h4P/AiI4RyMXC+6zWLWSNeAC2nM ubVHSCqJ0X+Ywn4YB0qm88BIni+xXFoZUuQS01qXW3vPPn2xLdR5apSwMAfhRyE6 NJAKQQplSARx33l5gdT+S1f2lqiga64OHeGq8cAXmV8LYL2xrfGf8ZjzRt3pS1fP 3vH17QfLEKlMVCN07ZeSu/lOQ8nPA5KKdpQg7NUfiheJT0TxdTch4zhDPEgwu3hr Ll/BSakluZiPUyQ7wMb/EwQcas64/5W/GE71FqDSi71vWZC0cijjxAx+ilcNCy4U zSHRVq+m35JiCyr5h2CEwWIef/Ot4kwdOPoGUP8zeYt8Stm5jsmSW7o1JFyiHq9d OaFi6+oWAJwVT3Mwra9+Gju2PL6BIuqiaeG1CZEpnWDnlZaMNsSf0wl0jnzzttFy qo+pX4rFbCqVUanf92ppNkFKQo0GNbyrRUA/DglXpctlD6K9y+GagV1ZF1RIHIjR eQlXgK5Uyx1F79SGupkZf/aHRJxgjd+lnPJR6mKOCfhazHLY7aQxU/JsS2BidVUn v91V4+tIHGHDoXfZom2EhLPKZTINgdhLQnzgr1ReOLZTS8jlG44VpBeDaGNak2f2 FVNu/oZfw/1QeEM1nov3Cjg9h1ZJhYH57d5ZphaOPUaoeG67Um275uFkEizEc9gI cLdDVx0wfRF5eLoTbaOV =ydYJ -END PGP SIGNATURE-
[SECURITY] [DLA 837-1] radare2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: radare2 Version: 0.9-3+deb7u1 CVE ID : CVE-2017-6197 Debian Bug : 856063 CVE-2017-6197 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. For Debian 7 "Wheezy", these problems have been fixed in version 0.9-3+deb7u1. We recommend that you upgrade your radare2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS A -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJYs0+QXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHNjYP/AtSOVwKFJ+qNywI+SEixqv5 7BWfWZDrv4eGXPHGbyAEQGpTqw4ybzrLhoWPxKz+l5y86wL9HIRRdiB21G5nhArT JFiibnIoceRSbj237Xaelcv+5NFohfuT3pLEfPjV53kNlxzWnwf3fRVkOzYxB/Yi O25tna+A4hIVF0wg0zMt9jF7VzMrVhh3xuS8JhFuro7yGsAIYjU7/rvMR7/s3SJj nxS71cJ99gdFwa8Jq2Tg7ArpgIW/PQ7Pv3DS6OkumBFnjzpn5lHebzhZQOg9RVDW jhhP8Dcl1h9ITGe8OM77xy0c7dNn23xUPlKrYeqBDqZtyFHQfcq8arPRC3pZsQNP kCb+sb7Uxtnh7STosWHTWisEciVyNw8JaG/6tQyCiBKU8nz0DTXgUs12jQ5E+bQJ g9wqlLyywE+LQ/zk9inBAuoQDlguV3E6IqewJ+PXN4Mwn7q9mWLXHrRTsPakeqDI eMiOBetN4eqUyZNrCmPobL49osq5z6S52Os2XRJkeFYsjzyvd1lX0at5ujab/V1d zWXDIlIZF3ZcUr+CugYaFQvW5MwMkvoqnVNTlgVcCNcBVQIo458iLch8SydgZsYJ LVOO4Q/LvroIVjhwR8+FtEhm0OE4Cfx2AmcUZ0rVGQUHq8cPZi9jeS4CdnXM48kS vT6dnF6rgr8vxsRwR+Ko =p117 -END PGP SIGNATURE-
