Debian 9843 Published by

The following updates has been released for Debian:

[DLA 915-1] botan1.10 security update
[DLA 916-1] mysql-5.5 security update
[DLA 917-1] rtmpdump security update
[DSA 3834-1] mysql-5.5 security update



[DLA 915-1] botan1.10 security update

Package : botan1.10
Version : 1.10.5-1+deb7u3
CVE ID : CVE-2017-2801
Debian Bug : 860072


A bug in X509 DN string comparisons could result in out of bound reads.
This could result in information leakage, denial of service, or
potentially incorrect certificate validation results.


For Debian 7 "Wheezy", these problems have been fixed in version
1.10.5-1+deb7u3.

We recommend that you upgrade your botan1.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 916-1] mysql-5.5 security update

Package : mysql-5.5
Version : 5.5.55-0+deb7u1
CVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308
CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456
CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464
CVE-2017-3600
Debian Bug : 854713 860544

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.55, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
Patch Update advisory for further details:

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

For Debian 7 "Wheezy", these problems have been fixed in version
5.5.55-0+deb7u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 917-1] rtmpdump security update

Package : rtmpdump
Version : 2.4+20111222.git4e06e21-1+deb7u1
CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

Several vulnerabilities were found in rtmpdump and the librtmp
library.

CVE-2015-8270

A bug in AMF3ReadString in librtmp can cause a denial of service via
application crash to librtmp users that talk to a malicious server.

CVE-2015-8271

The AMF3_Decode function in librtmp doesn't properly validate its
input, which can lead to arbitrary code execution when talking
to a malicious attacker.

CVE-2015-8272

A bug in rtmpsrv can lead to a crash when talking to a malicious
client.

For Debian 7 "Wheezy", these problems have been fixed in version
2.4+20111222.git4e06e21-1+deb7u1.

We recommend that you upgrade your rtmpdump packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3834-1] mysql-5.5 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3834-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309
CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461
CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600
Debian Bug : 854713 860544

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.55, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
Patch Update advisory for further details:

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

For the stable distribution (jessie), these problems have been fixed in
version 5.5.55-0+deb8u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/