Debian 9844 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 793-1] opus security update
[DLA 794-1] groovy security update
[DSA 3769-1] libphp-swiftmailer security update
[DSA 3770-1] mariadb-10.0 security update



[DLA 793-1] opus security update

Package : opus
Version : 0.9.14+20120615-1+nmu1+deb7u1
CVE ID : CVE-2017-0381
Debian Bug : 851612

A remote code execution vulnerability was discovered in opus, an audio
codec, that could enable an attacker using a specially crafted file to
cause memory corruption during media file and data processing.

For Debian 7 "Wheezy", these problems have been fixed in version
0.9.14+20120615-1+nmu1+deb7u1.

We recommend that you upgrade your opus packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 794-1] groovy security update

Package : groovy
Version : 1.8.6-1+deb7u2
CVE ID : CVE-2016-6814
Debian Bug : 851408

It was found that a flaw in Apache Groovy, a dynamic language for the
Java Virtual Machine, allows remote code execution wherever
deserialization occurs in the application. It is possible for an
attacker to craft a special serialized object that will execute code
directly when deserialized. All applications which rely on
serialization and do not isolate the code which deserializes objects
are subject to this vulnerability.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.6-1+deb7u2.

We recommend that you upgrade your groovy packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3769-1] libphp-swiftmailer security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3769-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
January 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libphp-swiftmailer
CVE ID : CVE-2016-10074
Debian Bug : 849626

Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a
mailing solution for PHP, did not correctly validate user input. This
allowed a remote attacker to execute arbitrary code by passing
specially formatted email addresses in specific email headers.

For the stable distribution (jessie), this problem has been fixed in
version 5.2.2-1+deb8u1.

For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 5.4.2-1.1.

We recommend that you upgrade your libphp-swiftmailer packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3770-1] mariadb-10.0 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3770-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mariadb-10.0
CVE ID : CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244
CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291
CVE-2017-3312 CVE-2017-3317 CVE-2017-3318
Debian Bug : 842895 851755

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.29. Please see the MariaDB 10.0 Release Notes for further
details:

https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/

For the stable distribution (jessie), these problems have been fixed in
version 10.0.29-0+deb8u1.

We recommend that you upgrade your mariadb-10.0 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/