Debian 9844 Published by

The following security updates has been released for Debian GNU/Linux

Debian 6 LTS:
[DLA 56-1] wordpress security update
[DLA 57-1] libstruts1.2-java security update

Debian 7:
[DSA 3027-1] libav security update
[DSA 3028-1] icedove security update



[DLA 56-1] wordpress security update

Package : wordpress
Version : 3.6.1+dfsg-1~deb6u5
CVE ID : CVE-2014-2053 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240
CVE-2014-5265 CVE-2014-5266

Multiple security issues have been discovered in Wordpress, a web
blogging tool, resulting in denial of service or information disclosure.

More information can be found in the upstream advisory at
https://wordpress.org/news/2014/08/wordpress-3-9-2/


[DLA 57-1] libstruts1.2-java security update

Package : libstruts1.2-java
Version : 1.2.9-4+deb6u1
CVE ID : CVE-2014-0114

It was discovered that missing access checks in the Struts ActionForm object
could result in the execution of arbitrary code. This update fixes this
problem.


[DSA 3027-1] libav security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3027-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2013-7020

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

For the stable distribution (wheezy), this problem has been fixed in
version 6:0.8.16-1.

For the testing distribution (jessie), this problem has been fixed in
version 6:11~alpha2-1.

For the unstable distribution (sid), this problem has been fixed in
version 6:11~alpha2-1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3028-1] icedove security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3028-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1562 CVE-2014-1567

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and use-after-frees may lead to the execution of arbitrary code
or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 24.8.0-1~deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/