Debian 9843 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 953-1] graphicsmagick security update
[DLA 954-1] openjdk-7 security update
[DLA 955-1] rzip security update



[DLA 953-1] graphicsmagick security update

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u7
CVE ID : CVE-2017-9098
Debian Bug : 862967

Chris Evans discovered that graphicsmagick used uninitialized memory
in the RLE decoder, allowing an remote attacker to leak sensitive
information from process memory space.

More information are available at:
https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u7.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 954-1] openjdk-7 security update

Package : openjdk-7
Version : 7u131-2.6.9-2~deb7u1
CVE ID : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533
CVE-2017-3539 CVE-2017-3544

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in privilege
escalation, denial of service, newline injection in SMTP or use of
insecure cryptography.

For Debian 7 "Wheezy", these problems have been fixed in version
7u131-2.6.9-2~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 955-1] rzip security update

Package : rzip
Version : 2.1-1+deb7u1
CVE ID : CVE-2017-8364
Debian Bug : 861614

Agostino Sarubbo of Gentoo discovered a heap buffer overflow write
in the rzip program when uncompressing maliciously crafted files.

For Debian 7 "Wheezy", these problems have been fixed in version
2.1-1+deb7u1.

We recommend that you upgrade your rzip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS