Debian 9844 Published by

The following updates are available for Debian:

[DLA 606-1] tiff security update
[DSA 3656-1] tryton-server security update
[DSA 3657-1] libarchive security update



[DLA 606-1] tiff security update

Package : tiff
Version : 4.0.2-6+deb7u6
CVE ID : CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316
CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322
CVE-2016-5323 CVE-2016-5875

Several vulnerabilities were found in the tiff library, potentially
causing denial of services to applications using it.

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u6.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3656-1] tryton-server security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3656-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 30, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tryton-server
CVE ID : CVE-2016-1241 CVE-2016-1242

Two vulnerabilities have been discovered in the server for the Tryton
application platform, which may result in information disclosure of
password hashes or file contents.

For the stable distribution (jessie), these problems have been fixed in
version 3.4.0-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.4-1.

We recommend that you upgrade your tryton-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3657-1] libarchive security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3657-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 30, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libarchive
CVE ID : CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920
CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8925
CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931
CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300
CVE-2016-4302 CVE-2016-4809 CVE-2016-5844

Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in
libarchive; processing malformed archives may result in denial of
service or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 3.1.2-11+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 3.2.1-1.

For the unstable distribution (sid), these problems have been fixed in
version 3.2.1-1.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/