[SECURITY] [DLA 1105-1] clamav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: clamav Version: 0.99.2+dfsg-0+deb7u3 CVE ID : CVE-2017-6418 CVE-2017-6420 clamav is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2017-6418 out-of-bounds read in libclamav/message.c, allowing remote attackers to cause a denial of service via a crafted e-mail message. CVE-2017-6420 use-after-free in the wwunpack function (libclamav/wwunpack.c), allowing remote attackers to cause a denial of service via a crafted PE file with WWPack compression. For Debian 7 "Wheezy", these problems have been fixed in version 0.99.2+dfsg-0+deb7u3. We recommend that you upgrade your clamav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlnFdpEACgkQLVy48vb3 khkktggAj2ypS5W9mbo6JY/DPUrH7vFRillZKHifwWnbqZ6NdSLo94chCasrSGeQ uT4JBLouAeTxFMSEwMWa66KKgrpO951NU4LycZlGdZUDJ+gEI2pwVEEk3BpQRcip UzhhUyk6KxK/0xaddVnW3qm+UDUn2MkAO160m/qcQnTFbBWWpGhkCn/WdPLsywn2 ovpQrR+w+gBtqXC9w8pzYPYuNVOEIy9TB13aZQgG9tX2X/TRnhpv5LgftIYS+bzp 45LcsUcrcotA3gafhLMJ01P0uaXjrczglxMmhm9fq+oqeVIXQIqVfyW0KMBLuxun x4+wKbBS8k5PEm1rSNYMPXH9p0e8Sg== =j3iE -END PGP SIGNATURE-
[SECURITY] [DLA 1106-1] libgd2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libgd2 Version: 2.0.36~rc1~dfsg-6.1+deb7u10 CVE ID : CVE-2017-6362 A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u10. We recommend that you upgrade your libgd2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnFOaoACgkQnUbEiOQ2 gwIRjA//eq8NJlb7k37ZdvANbkLxYmxE1UjEr0qcWSJfdzNfYddZDlWRUGOp82G6 8J+/mFaFcflUPBbGSbbbjTUUR+1M5MV14SV58D81I9NT0Scdo2tLjTwpnevbCrhp XyqtnPsd2sbMNl5zsO5a7cZSuw2JilXkG8SHahCc0LY0/OleiqmmLunGBsnwG9Jc KXWqdS8J1PjRSXiXZqbJQEy15jd32WOSwCzSTl3JvZmvA9hv1GqFUyvJ4KmfZH9M 6g8Aj810M+FY2IM1TrefdEliGc7RKkWJTtB+chxg19ZBPlo5fceU2XpqqJDZc9Co ADzPbJrwaENk3a1M2rpA4VylJm1kZuDY97OqCMe+NSRk5HrB9MDgI0WNFaQhKAJl FIhWAyeG4nFY/v5WQM3nhgp9aQ09Y5xlaOCBFMTbEyke6yVUZGUcylGZ4FU2e95X iKZaba9KS9Vt4YF1MBVrP2hixmIzIyavACTfYvN18TK6EWDAoU1OBoLzfPGxfGac 9ln0vXTIIOrCaDMu7sahcoULWGNH6/ZSIeaE8ADrhaWu6hvGEwQgHXzGyBFkho42 Ntex8zGKQWRGCUnXJNMg9pzK+P20ZNt4v+rNnWHhYHNWOTlfI7pnzw6rool+2/N5 VuiW9gdGShNFNLrGWw/E+vb9H28ZWs831yxWPVeICKS8r72dfxU= =mA3t -END PGP SIGNATURE-