The following updates has been released for Debian GNU/Linux:
[DLA 1026-1] xorg-server security update
[DLA 1027-1] heimdal security update
[DSA 3909-1] samba security update
[DLA 1026-1] xorg-server security update
[DLA 1027-1] heimdal security update
[DSA 3909-1] samba security update
[DLA 1026-1] xorg-server security update
Package : xorg-server
Version : 2:1.12.4-6+deb7u7
CVE ID : CVE-2017-10971 CVE-2017-10972
Debian Bug : 867492 867492
CVE-2017-10971
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
CVE-2017-10972
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For Debian 7 "Wheezy", these problems have been fixed in version
2:1.12.4-6+deb7u7.
We recommend that you upgrade your xorg-server packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY][DLA 1027-1] heimdal security update
Package : heimdal
Version : 1.6~git20120403+dfsg1-2+deb7u1
CVE ID : CVE-2017-11103
Debian Bug : 868208
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual
authentication bypass vulnerability in Heimdal Kerberos. Also known as
Orpheus' Lyre, this vulnerability could be used by an attacker to mount
a service impersonation attack on the client if he's on the network
path between the client and the service.
More details can be found on the vulnerability website
(https://orpheus-lyre.info/).
For Debian 7 "Wheezy", these problems have been fixed in version
1.6~git20120403+dfsg1-2+deb7u1.
We recommend that you upgrade your heimdal packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DSA 3909-1] samba security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3909-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
July 14, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2017-11103
Debian Bug : 868209
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual
authentication bypass vulnerability in samba, the SMB/CIFS file, print, and
login server. Also known as Orpheus' Lyre, this vulnerability is located in
Samba Kerberos Key Distribution Center (KDC-REP) component and could be used by
an attacker on the network path to impersonate a server.
More details can be found on the vulnerability website
(https://orpheus-lyre.info/) and on the Samba project website
(https://www.samba.org/samba/security/CVE-2017-11103.html)
For the oldstable distribution (jessie), this problem has been fixed
in version 2:4.2.14+dfsg-0+deb8u7.
For the stable distribution (stretch), this problem has been fixed in
version 2:4.5.8+dfsg-2+deb9u1.
For the testing distribution (buster), this problem has been fixed
in version 2:4.6.5+dfsg-4.
For the unstable distribution (sid), this problem has been fixed in
version 2:4.6.5+dfsg-4.
We recommend that you upgrade your samba packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
