Debian 9844 Published by

The following updates has been released for Debian:

[DLA 525-1] gimp security update
[DLA 526-1] mysql-connector-java security update
[DLA 527-1] nss security update
[DSA 3606-1] libpdfbox security update



[DLA 525-1] gimp security update

Package : gimp
Version : 2.8.2-2+deb7u2
CVE ID : CVE-2016-4994

It was discovered that there was a use-after-free vulnerability
in the channel and layer properties parsing process in Gimp, the
GNU Image Manipulation Program.

For Debian 7 "Wheezy", this issue has been fixed in gimp version
2.8.2-2+deb7u2.

We recommend that you upgrade your gimp packages.

[DLA 526-1] mysql-connector-java security update

Package : mysql-connector-java
Version : 5.1.39-1~deb7u1
CVE ID : CVE-2015-2575


A vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/J) has been discovered that may result in
unauthorized update, insert or delete access to some MySQL Connectors
accessible data as well as read access to a subset of MySQL Connectors.
The issue is addressed by updating to the latest stable release of
mysql-connector-java since Oracle did not release further information.

Please see Oracle's Critical Patch Update advisory for further details.

http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL

For Debian 7 "Wheezy", these problems have been fixed in version
5.1.39-1~deb7u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 527-1] nss security update

Package : nss
Version : 2:3.14.5-1+deb7u8
CVE ID : CVE-2016-2834

Four moderate rated networking security issues were found in NSS.

For Debian 7 "Wheezy", these problems have been fixed in version
2:3.14.5-1+deb7u8.

We recommend that you upgrade your nss packages and restart any
applications that use them.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3606-1] libpdfbox security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3606-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libpdfbox-java
CVE ID : CVE-2016-2175

It was discovered that pdfbox, a PDF library for Java, was susceptible
to XML External Entity attacks.

For the stable distribution (jessie), this problem has been fixed in
version 1:1.8.7+dfsg-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 1:1.8.12-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.12-1.

We recommend that you upgrade your libpdfbox-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/