[SECURITY] [DSA 4012-1] libav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4012-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2017 https://www.debian.org/security/faq - - Package: libav CVE ID : CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.11 For the oldstable distribution (jessie), these problems have been fixed in version 6:11.11-1~deb8u1. We recommend that you upgrade your libav packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAln3s6kACgkQEMKTtsN8 TjYW1xAAniTp/ZM/AozpOY7dvDyjiKC16VdMpThlx2nsYoloCGpq1RIga/J4lPQR lFI/twDVnP/bIhOmeZkiywTdxrcAZcoqxtyU97C1NOTzR7n+SySZVcrkqBlcnwK6 j0bv0EEtrAq1ATgKphTQkNwrL9fcGEYS3TQs6Fr+i+Xh2M9t/29neD+GNS32VB+7 np1CUPR2s6gTvzj8kHS/0LiM8J/JfXVQ6Xc4EMEMjQcz6jChL9clWaA5DQewQN/w aPPBw6rG9buJwGNmd4YTBzG0oWLJiTj51tpyZeY5oamJrNYfyZW0GXze26Zjo4kj 23l8LDQkr/MROrRaDW7QcLEkv6RFfAbxqa8d2s/4CIZEW/k+6A4MRkSf9o5tFaxi F6G/kHg1Yu7lgPems7rNIePHU3ROi3uQzgDADgWlLjXbxbaybcViyA1fGvho1QEl nl3dLH9vnrfVfAOJhYLRR2cQVDZAPVtAsvmeZj+9dN7iNLCMeTdljPr6c+gTOLJg 2vXk6H/QaYFgAclB6hQLDmjZ6HMl445S85SPWdTxCTzt+K2tw55mnV9QTqoRvjDF dCeeeIPbAiKI/s/SKC75iMLk2gZ3UbuaZPsaS0caw0XVHH1pLmjpYBUCw2JWAMQk S4l/K4/tjdFG7nHQKBgn+GP/JCzKAigaNUzG6PzxAQ/w75GruTM= =HxFN -END PGP SIGNATURE-
[SECURITY] [DSA 4011-1] quagga security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4011-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2017 https://www.debian.org/security/faq - - Package: quagga CVE ID : CVE-2017-16227 Debian Bug : 879474 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. For the oldstable distribution (jessie), this problem has been fixed in version 0.99.23.1-1+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1.1.1-3+deb9u1. We recommend that you upgrade your quagga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln3hTFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8YA//dSQ0B+YeZ9Za852evhaIDQe0VmCy/q8ilGzvIRSdl3gAWm3WcG7RNnc1 J6iXtBrR6TzaXLC82vQpOLUjHrlwZdiyQqyA5hMUP+tNnP9jnU8eNYgDEgr86DkR ICV/cTPV0ZYXus68zXlElQGcnMny3DXD3nR7u1BlF7bYUB7r6xTUS2qvxV423XeZ Gor7LJhmBuIykmJcQuMIR6CUNsXSHa7ZB7ebREG7ltF6oPMRpwD4ekZN70RskAAA HXO29RR3Fio+oN36sT8gVsG1WSaKioPttQ+EmeoIy2UhoP92DQNw7YXhZzz94XE4 cTcTgLd5vCjNNwVU+I/zo1tAx54MJZRyPWcLtKnQ+/Q6Cw3FDQNWaBNKPI8FxnHu gZKotp8sJa+Om3cZirxLDTY+dA/1cJ6frJTMpqKovGJ0pOh7SikPXqdu5VfcBwA8 howsGEHxK+8IC30lYUIK85Qe9byZC0gQPok51hR1+jBJO4zFqeMRkNjw9TKPqoA9 RBGumvS0jR/rBJWaSjpfj2idTqzNYsK11lgfrD+ZvnWQuQniWGHhtwrp0JHRop8u IAcpJWxVYqO0+CJiez4Gj35XBVaYx5f5vZ6nYYxUwIzwuBOpgdeNx/Xs5axsWohT eyq4GwigItHnBb/Hw9R8Mxx78PnHNoC8kWOS1iXRtPMAZuokLtM= =EjLm -END PGP SIGNATURE-
[SECURITY] [DSA 4010-1] git-annex security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4010-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq - - Package: git-annex CVE ID : CVE-2017-12976 Debian Bug : 873088 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. For the oldstable distribution (jessie), this problem has been fixed in version 5.20141125+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 6.20170101-1+deb9u1. We recommend that you upgrade your git-annex packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAln21ToACgkQEL6Jg/PV nWRtQAf9Ei+h60JxNnNzcD+Ymrw79U0YMEGLmvuBwDLVoChsHj9XYhMvW/AWCNhf G6zMjmhwNH33vY8XPfaOnTdZiKKY7sIdOqCFT0besXrxIutJqj9qv61A33s9XSXs KAvtCkI6IywY+Gwo7BYaohA2gIIvopLfW9ssc/ZwGMnNE5ahFX6jPFhZz4oL9Luj 9Y6HzJobJihAlVtaPki5wNwZcz2WshIp3yV6+0nsUpxDpomVimEWbcCkf2LdmP4p PsftHwRjMLNHZk4M1ZCF4EYi4rQh/P1ECxl45puuiOqI2kBIzxO/QJviTK2y3Rj0 +NLx8qR+fb/sKKLbgfKvQs0QSRkIpw== =VejX -END PGP SIGNATURE-