[SECURITY] [DLA 1386-1] ming security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ming Version: 1:0.4.4-1.1+deb7u9 CVE ID : CVE-2018-7866 CVE-2018-7873 CVE-2018-7876 CVE-2018-9009 CVE-2018-9132 Multiple vulnerabilities have been discovered in Ming: CVE-2018-7866 NULL pointer dereference in the newVar3 function (util/decompile.c). Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7873 Heap-based buffer overflow vulnerability in the getString function (util/decompile.c). Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7876 Integer overflow and resulting memory exhaustion in the parseSWF_ACTIONRECORD function (util/parser.c). Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-9009 Various heap-based buffer overflow vulnerabilites in util/decompiler.c. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-9132 NULL pointer dereference in the getInt function (util/decompile.c). Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. For Debian 7 "Wheezy", these problems have been fixed in version 1:0.4.4-1.1+deb7u9. We recommend that you upgrade your ming packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlsI5QcACgkQLVy48vb3 khnjrAgAj5+bqzPtXEp80FJmU5u+nF5ATda2czc0w7SjIDVdxIP1u/TBWroT0JsV QcI5oeZk+19MeZtNJhTI4nk+wr939JE7JA0IkdTsZBa1jkzFM/stcesooM37421S BLTRaPzY1I3cz7/NYHeRZy6LQKhp9OmXKPYSqUDcRHT+CROvS8iAHa27f+EkC2fO yKaZer+IhXlJeTLg5PeqWlSARBYl5FTF5dNFihOyy5er32ED+CA6TIhMT7ISWtVT t92zDfYlp77Dn88azT5v3+Jx9uciH6JxCh1PWdgHskA6JYHIQDGPml5Ck9lxG5+q ihTRxfzPzHHo4WvCTQnL06V/5Dwgdg== =2c4p -END PGP SIGNATURE-
[SECURITY] [DLA 1385-1] batik security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: batik Version: 1.7+dfsg-3+deb7u3 CVE ID : CVE-2018-8013 Debian Bug : 899374 Man Yue Mo discovered a security vulnerability in Apache Batik, an SVG image library. A missing check for the class type before calling newInstance when deserializing a subclass of AbstractDocument could lead to information disclosure. For Debian 7 "Wheezy", these problems have been fixed in version 1.7+dfsg-3+deb7u3. We recommend that you upgrade your batik packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsIZC5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRpJg/9FgtqKs0srUIpJ/2d948m2od03F57d2OTvgiJUOKCNby3Qw0fLcDn0ajQ mwaew7rx9MoTo9qTDB/OhqLxutDe99WNzLvCHa5xnCmbFLqoE4nWHX3nTJyPKDtg ZjnLeAvIxw+K9ZaZIQ2Wv0k+zdXqkOurOVnGcb0JIwmUNooxMpw9m6kyWFMTpl9o CDHNiVa+QsKfTeJVWzh2YsiVTjE9QU/1uk9Rzbut0KMLmkxIPke4xI7wSMhnBulw eMbBJzxsvkVFznocaVoMxtx+HVLsgPEjAnnZYLW6lStuXievKV39iQZLmW20y7cB Mht4qfHsP/JxFh0k4Pc8pCi7J7w0iUe+nHK1ri1DQ0Syya3YNRsFq7gmhbDIWi2u s2B/nondqgJeL8lot+oSrJTNGziJzhxiaJ0h/NamihvJvrLZNhFf3jA+ZhvVkwaP 156jt8bsbI37zhIriJN0V+z/LXbb4tTAut85Lp9cYszx9zdetpV4qFZHcgTGPzk9 tz3Qg2LZ5RJ3RnvHADXVJTn7esho2ngBbdl8H1GPJ21ONppYcBWy1/Xnqwuo41rq gZ0NpD/QLt7S9Dh/b0rAHMx2uM1UM9coNHI6KQFBLhlCgSKW25wQGsR1eVeZ352w tCM4/fiEkbsqJn1dOruf37E3iiEv155P/mEQ3he2yDJZvhKOT6U= =xZlH -END PGP SIGNATURE-
[SECURITY] [DLA 1383-1] xen security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: xen Version: 4.1.6.lts1-14 CVE ID : CVE-2018-8897 CVE-2018-10981 CVE-2018-10982 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-14. We recommend that you upgrade your xen packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlsH2gsACgkQ/iLG/YMT XUVNlQ//TF0po45uTXutYA4u9M/tmbSRgjaRz1Hnh/POlnW9ZSBlXEWE2RIxrfO/ XzX2vBdOLmffuJ57WY54SsBDaowl+nGW3BdaHy+nKyEwAMdUZwWisexynOGUQhMB 1AoQzrWXXcyxpQ7DbAfgQEakvstcFxnO6Q60cbydmQgjCFi3Xbf3BkWbMeJ8h653 h5c1G5yRa3jNkVT6T0BYXjYKMjduieeHeKpcGWGcVWgquJkz61yhd1n8fqHSvT/s smEitwi+LM3071loUFRYsCWiIV0rT9Ng0iWwxz5DUco6dXw+R5MVVQyHK8FL80hV iMLajINQ8mdG4QBFpxdJtrMmywtj2JNbbE9aIy8RTUEC9KZS3QWzFXLGgYREWDNy kpeuqjNC3Op34U2YMj3QYgwE80qfPFmgSzo55m8kNzhq6JgmahPOYqu8JMX58GdD E1QewMt/DBfKUGLiriwTI2+WyEx2Z4EmuotmVXQD2PgjQWDLGcaMI6wlsprnpoBX Q9240RYo9E1koCITBEKSvNEKqLa2DPx9soHt3qCA8uXYSD5w04D7hnIIeMf4XMxk NHy406D/d5tV+QePUKxyTgohey0eeoUwkN1Gfx3Rmd186TPtp5nL9HTGNatiDR7t EqGa5F5H14WEg62hUocNyl8mLycRapUeHH42RjVD4ooy+7LaSfQ= =v410 -END PGP SIGNATURE-
[SECURITY] [DLA 1384-1] xdg-utils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: xdg-utils Version: 1.1.0~rc1+git20111210-6+deb7u4 CVE ID : CVE-2017-18266 Debian Bug : 898317 It was found that the open_envvar function in xdg-utils does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.0~rc1+git20111210-6+deb7u4. We recommend that you upgrade your xdg-utils packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlsH4SsACgkQhj1N8u2c KO99mA/9FdvP2h0WoVXzn4KlBdvmPOhF8GF3UCi4Sh9VVGD+Qgv8721W5e+sjnqV j9fMdfF2w+KR236UCQdTcUz3adnAjkOINu4zjvwGI8zLSeu6Yi6VoNgJ4usZke52 HGAE9bu8v9HuJLl8/lhal0ZfCIPU5sigSn6LELZBNHlAzqs7nzSbY9Ch19yxlMLz XxpZWlNUzL6lpm7IUbxYqYDHkccH76ek4t+SlBwHSETTQEVIFRr7dMq8T4Xwl7z2 3KGyPxIfXrpi512HxdrK4epDojKLXD2/1oR9aFtSlZ4Ys2B1warjmcdf63KKcV4P 0IbY3Oq/DkG0R6eOfdJA2Yib05MBFJsjJr9kLOCFAv+3WgHZ0TzV2biQdFbeeLDi uWEOOtszeYxdPmp6kG/1OfOS3A+YnvH/k3cV/pWF7gAYinM0dSKiELYcWAHj1tIK f1yfgas8bccCTpmCNi1ssqs4PyklfDCHRlZeLmk+ZrWXG72MxHSDPSbcSqe+7+X8 tSueH8tdOam2tKCrmrR8LJwouOhHUthmGScFOKoMEHWqafn9IxI/6ml9KfvebUDK iiQB6L0dyJVKLzzM+aO4EiQrh0rLiDRUzMlY4RrySpgfms3lgCEIv4M8d/bbGfeU vqd7xFULZ+KJohGvctuwYbBv+2EJsISE7UbdkeIyQTIwFn3UiTY= =73w9 -END PGP SIGNATURE-
[SECURITY] [DLA 1382-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: thunderbird Version: 1:52.8.0-1~deb7u1 CVE ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. For Debian 7 "Wheezy", these problems have been fixed in version 1:52.8.0-1~deb7u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlsHy44ACgkQnUbEiOQ2 gwKw7A//aHjd5Kz/Ru9yRZNLuTI3Gqw7umJLTu8ajPv2vcAdBj2RMpg9GpS9yycW n4hucgCXDTPXQGG+y2gczvxqSZCroCGJTxqrept1NAQBnCQUe3X86bGrPlmM3jl2 3+S2UUj32A5ioaV15gjx9BDZdLi4caY3TVFpglOEXWZPJfJ12pK1yf9SQMsIIMNO S9M18mNfgdxIrEB/xSu8rFrot/IyQZG0aWUqboFQOK1DFFeVS6o+VeDFAar5BuPY 2jfGTIQSsQdw+8RHSdECnONHF82cGr8DYlSoQIhN6S9F5Y1YiF6/zapwDCI6qf1G Kzz+QNEyvsfs0P0qVzAq/+0zUV5m4Sfut5ha5LbUrHjXgqTgrHpBH0dfEJL8qso0 Xfj9NKhvrovUXmX1t7/PYhvVM7YRPvqcsUsHZhPf39PfVDe+jvQ+IjYwtzvxC0so yGFeOiScSSTszHy60d9z+GMNwFeM8YbLBwgCektiGoHMgmJbJ4Mxkph13lWU8v9+ bydJKjIen0ib0YLb1gw7OATQE82x3ZGIyaXSDUAqBaQqLlBMUupumtpNsjsFBRzd 8SAj3blSvvYkNYsVRoh5H927bJFshDBAP6AsocP/BTo8CStbLBDWQ1OJIUcRpysY oOdJBTkQ2Awj4ry0bZN0IXVqJPUlEqhwjJyjcI/+0b7s5b1zbCM= =ELPS -END PGP SIGNATURE-