Debian 9844 Published by

The following updates has been released for Debian:

[DLA 912-1] tiff3 security update
[DLA 913-1] activemq security update
[DLA 914-1] minicom security update
[DSA 3833-1] libav security update



[DLA 912-1] tiff3 security update

Package : tiff3
Version : 3.9.6-11+deb7u5
CVE ID : CVE-2017-7593 CVE-2017-7594 CVE-2017-7595
CVE-2017-7596 CVE-2017-7597 CVE-2017-7599
CVE-2017-7600 CVE-2017-7601
Debian Bug : 860000 860001 860003

Multiple security issues have been found in the tiff3 image library
that may allow remote attackers to cause a denial of service
(application crash), to obtain sensitive information from process
memory or possibly have unspecified other impact via a crafted image.

For Debian 7 "Wheezy", these problems have been fixed in version
3.9.6-11+deb7u5.

We recommend that you upgrade your tiff3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 913-1] activemq security update

Package : activemq
Version : 5.6.0+dfsg-1+deb7u3
CVE ID : CVE-2015-7559
Debian Bug : 860866

It was found that Apache ActiveMQ exposed a remote shutdown command in
the ActiveMQConnection class. An attacker could use this flaw to
achieve denial of service on a client.

For Debian 7 "Wheezy", these problems have been fixed in version
5.6.0+dfsg-1+deb7u3.

We recommend that you upgrade your activemq packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 914-1] minicom security update

Package : minicom
Version : 2.6.1-1+deb7u1
CVE ID : CVE-2017-7467
Debian Bug : 860940

CVE-2017-7467
Out of bounds write in vt100.c

For Debian 7 "Wheezy", these problems have been fixed in version
2.6.1-1+deb7u1.

We recommend that you upgrade your minicom packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3833-1] libav security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3833-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2016-9821 CVE-2016-9822

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.9

For the stable distribution (jessie), these problems have been fixed in
version 6:11.9-1~deb8u1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/