Debian 9843 Published by

The following updates has been released for Debian:

[DLA 635-1] dwarfutils security update
[DLA 637-1] openssl security update
[DLA 638-1] policycoreutils security update
[DLA 639-1] mactelnet security update
[DSA 3676-1] unadf security update
[DSA 3677-1] libarchive security update



[DLA 635-1] dwarfutils security update

Package : dwarfutils
Version : 20120410-2+deb7u1
CVE IDs : CVE-2016-7510 CVE-2016-7511

It was discovered that there were out-of-bounds read issues in dwarfutils, a
library to consume and produce DWARF debug information.

For Debian 7 "Wheezy", this issue has been fixed in dwarfutils version
20120410-2+deb7u1.

We recommend that you upgrade your dwarfutils packages.

[DLA 637-1] openssl security update

Package : openssl
Version : 1.0.1t-1+deb7u1
CVE ID : CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180
CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6303
CVE-2016-6304 CVE-2016-6306

Several vulnerabilities were discovered in OpenSSL:

CVE-2016-2177

Guido Vranken discovered that OpenSSL uses undefined pointer
arithmetic. Additional information can be found at
https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303

Shi Lei discovered an out-of-bounds memory read in
TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec()
and MDC2_Update().

CVE-2016-2183

DES-based cipher suites are demoted from the HIGH group to MEDIUM
as a mitigation for the SWEET32 attack.

CVE-2016-6302

Shi Lei discovered that the use of SHA512 in TLS session tickets
is susceptible to denial of service.

CVE-2016-6304

Shi Lei discovered that excessively large OCSP status request may
result in denial of service via memory exhaustion.

CVE-2016-6306

Shi Lei discovered that missing message length validation when parsing
certificates may potentially result in denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0.1t-1+deb7u1.

We recommend that you upgrade your openssl and libssl1.0.0 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


[DLA 638-1] policycoreutils security update

Package : policycoreutils
Version : 2.1.10-9+deb7u1
CVE ID : CVE-2016-7545
Debian Bug : 838599

It was discovered that there was a sandbox escape via the "TIOCSTI" ioctl in
policycoreutils, a set of programs required for the basic operation of an
SELinux-based system.

For Debian 7 "Wheezy", this issue has been fixed in policycoreutils version
2.1.10-9+deb7u1.

We recommend that you upgrade your policycoreutils packages.

[DLA 639-1] mactelnet security update

Package : mactelnet
Version : 0.3.4-1+deb7u1
CVE ID : CVE-2016-7115


CVE-2016-7115
Buffer overflow in the handle_packet function in mactelnet.c in the
client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to
execute arbitrary code via a long string in an MT_CPTYPE_ENCRYPTIONKEY
control packet.

For Debian 7 "Wheezy", these problems have been fixed in version
0.3.4-1+deb7u1.

We recommend that you upgrade your mactelnet packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3676-1] unadf security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3676-1 security@debian.org
https://www.debian.org/security/ Luciano Bello
September 24, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : unadf
CVE ID : CVE-2016-1243 CVE-2016-1244
Debian Bug : 838248

Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract
files from an Amiga Disk File dump (.adf):

CVE-2016-1243

A stack buffer overflow in the function extractTree() might allow an
attacker, with control on the content of a ADF file, to execute
arbitrary code with the privileges of the program execution.

CVE-2016-1244

The unADF extractor creates the path in the destination via a mkdir
in a system() call. Since there was no sanitization on the input of
the filenames, an attacker can directly inject code in the pathnames
of archived directories in an ADF file.

For the oldstable distribution (wheezy), these problems have been fixed
in version 0.7.11a-3+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 0.7.11a-3+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 0.7.11a-4.

We recommend that you upgrade your unadf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3677-1] libarchive security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3677-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libarchive
CVE ID : CVE-2016-5418 CVE-2016-6250 CVE-2016-7166
Debian Bug : 837714

Several vulnerabilities were discovered in libarchive, a multi-format
archive and compression library, which may lead to denial of service
(memory consumption and application crash), bypass of sandboxing
restrictions and overwrite arbitrary files with arbitrary data from an
archive, or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 3.1.2-11+deb8u3.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/