en

The security updates of wireshark, atheme-services, libgd2 and symfony.

 

Vulnerability Information

DSA-3585-1 wireshark — security update

Security database details:

  • Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

 

DSA-3586-1 atheme-services — security update

Security database details:

  • It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.

 

DSA-3587-1 libgd2 — security update

Security database details:

  • Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.

 

DSA-3588-1 symfony — security update

Security database details:

  • CVE-2016-1902 : Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes() or openssl_random_pseudo_bytes() are not available, the output of SecureRandom should not be consider secure.
  • CVE-2016-4423 : Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames.

 

Fixing Status

wireshark security vulnerabilities have been fixed in version 2:4.3.7+dfsg-1; atheme-services security vulnerabilities have been fixed in version 7.0.7-2; libgd2 security vulnerabilities have been fixed in version 2.2.1-1; symfony security vulnerabilities have been fixed in version 2.8.6+dfsg-1.

We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.

One Comment

Leave a Reply