Debian 10163 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 989-1] jython security update
[DLA 991-1] firefox-esr security update
[DSA 3885-1] irssi security update



[DLA 989-1] jython security update

Package : jython
Version : 2.5.2-1+deb7u1
CVE ID : CVE-2016-4000
Debian Bug : 864859

Alvaro Munoz and Christian Schneider discovered that Jython, an
implementation of the Python language seamlessly integrated with Java,
would execute arbitrary code when deserializing objects.

For Debian 7 "Wheezy", these problems have been fixed in version
2.5.2-1+deb7u1.

We recommend that you upgrade your jython packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 991-1] firefox-esr security update

Package : firefox-esr
Version : 52.2.0esr-1~deb7u1
CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750
CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756
CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771
CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775
CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

Several security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, use-after-frees, buffer overflows
and other implementation errors may lead to the execution of arbitrary
code, denial of service or domain spoofing.

Debian follows the extended support releases (ESR) of Firefox. Support
for the 45.x series has ended, so starting with this update we're now
following the 52.x releases.

For Debian 7 "Wheezy", these problems have been fixed in version
52.2.0esr-1~deb7u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DSA 3885-1] irssi security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3885-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : irssi
CVE ID : CVE-2017-9468 CVE-2017-9469
Debian Bug : 864400

Multiple vulnerabilities have been discovered in Irssi, a terminal based
IRC client. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2017-9468

Joseph Bisch discovered that Irssi does not properly handle DCC
messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

CVE-2017-9469

Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.8.17-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.3-1.

We recommend that you upgrade your irssi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/