Debian 10249 Published by

The following updates has been released for Debian GNU/Linux:

DLA 1183-1: samba security update
DLA 1184-1: optipng security update
DSA 4045-1: vlc security update



DLA 1183-1: samba security update




Package : samba
Version : 2:3.6.6-6+deb7u15
CVE ID : CVE-2017-15275

Volker Lendecke of SerNet and the Samba team discovered that Samba, a
SMB/CIFS file, print, and login server for Unix, is prone to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.

For Debian 7 "Wheezy", these problems have been fixed in version
2:3.6.6-6+deb7u15.

We recommend that you upgrade your samba packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1184-1: optipng security update




Package : optipng
Version : 0.6.4-1+deb7u3
CVE ID : CVE-2017-1000229
Debian Bug : 882032

An integer overflow vulnerability was found in optipng, an advanced
PNG optimizer that also recognizes other external file formats. This
may lead to arbitrary code execution when a maliciously crafted TIFF
file is processed.

For Debian 7 "Wheezy", these problems have been fixed in version
0.6.4-1+deb7u3.

We recommend that you upgrade your optipng packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4045-1: vlc security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4045-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 21, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2017-9300 CVE-2017-10699

Several vulnerabilities have been found in VLC, the VideoLAN project's
media player. Processing malformed media files could lead to denial of
service and potentially the execution of arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.2.7-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.7-1~deb9u1.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/