The security updates of rabbitmq-server, tiff, pdns, mapserver, libphp-swiftmailer, libxpm, openssl, lcms2, tcpdump, libgd2, wordpress, ntfs-3g, svgsalamander, viewvc, libevent, spice, libreoffice, munin, bind9, apache2,
mupdf, libquicktime, ruby-zip, zabbix, texlive-base, icoutils, chromium-browser, wireshark, ioquake3, r-base, audiofile, wordpress, jbig2dec, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, gstreamer1.0, eject, jhead, tryton-server, libreoffice, mysql-connector-java.
Vulnerability Information
DSA-3761-1 rabbitmq-server —Security Updates
Security database details:
It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn't correctly validate MQTT (MQ Telemetry Transport) connection authentication. This allowed anyone to login to an existing user account without having to provide a password.
DSA-3762-1 tiff —Security Updates
Security database details:
Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code.
DSA-3764-1 pdns —Security Updates
Security database details:
Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2016-2120: Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record.
- CVE-2016-7068: Florian Heinz and Martin Kluge reported that pdns parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded.
- CVE-2016-7072: Mongo discovered that the webserver in pdns is susceptible to a denial-of-service vulnerability, allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server.
- CVE-2016-7073 / CVE-2016-7074: Mongo discovered that pdns does not sufficiently validate TSIG signatures, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR.
DSA-3766-1 mapserver—Security Updates
Security database details:
It was discovered that mapserver, a CGI-based framework for Internet map services, was vulnerable to a stack-based overflow. This issue allowed a remote user to crash the service, or potentially execute arbitrary code.
DSA-3769-1 libphp-swiftmailer —Security Updates
Security database details:
Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers.
DSA-3772-1 libxpm —Security Updates
Security database details:
Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.
DSA-3773-1 openssl —Security Updates
Security database details:
Several vulnerabilities were discovered in OpenSSL:
- CVE-2016-7056: A local timing attack was discovered against ECDSA P-256.
- CVE-2016-8610: It was discovered that no limit was imposed on alert packets during an SSL handshake.
- CVE-2017-3731: Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.
DSA-3774-1 lcms2 —Security Updates
Security database details:
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in lcms2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applications using the lcms2 library.
DSA-3775-1 tcpdump —Security Updates
Security database details:
Multiple vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or the execution of arbitrary code.
DSA-3777-1 libgd2 —Security Updates
Security database details:
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
DSA-3779-1 wordpress —Security Updates
Security database details:
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims' credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks.
DSA-3780-1 ntfs-3g —Security Updates
Security database details:
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
DSA-3781-1 svgsalamander —Security Updates
Security database details:
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.
DSA-3784-1 viewvc —Security Updates
Security database details:
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.
DSA-3789-1 libevent —Security Updates
Security database details:
Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution.
DSA-3790-1 spice —Security Updates
Security database details:
Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2016-9577: Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf function. An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary code.
- CVE-2016-9578: Frediano Ziglio of Red Hat discovered that spice does not properly validate incoming messages. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash.
DSA-3792-1 libreoffice —Security Updates
Security database details:
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.
DSA-3794-1 munin —Security Updates
Security database details:
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process.
DSA-3795-1 bind9 —Security Updates
Security database details:
It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice.
DSA-3796-1 apache2—Security Updates
Security database details:
Several vulnerabilities were discovered in the Apache2 HTTP server.
- CVE-2016-0736: RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie.
- CVE-2016-2161: Maksim Malyutin discovered that malicious input to mod_auth_digest could cause the server to crash, causing a denial of service.
- CVE-2016-8743: David Dennerline, of IBM Security's X-Force Researchers, and Régis Leroy discovered problems in the way Apache handled a broad pattern of unusual whitespace patterns in HTTP requests. In some configurations, this could lead to response splitting or cache pollution vulnerabilities. To fix these issues, this update makes Apache httpd be more strict in what HTTP requests it accepts.
DSA-3797-1 mupdf —Security Updates
Security database details:
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
DSA-3800-1 libquicktime —Security Updates
Security database details:
Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application.
DSA-3801-1 ruby-zip —Security Updates
Security database details:
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
DSA-3802-1 zabbix —Security Updates
Security database details:
An SQL injection vulnerability has been discovered in the Latest data page of the web frontend of the Zabbix network monitoring system.
DSA-3803-1 texlive-base —Security Updates
Security database details:
It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document.
DSA-3807-1 icoutils —Security Updates
Security database details:
Multiple vulnerabilities were discovered in the icotool and wrestool tools of Icoutils, a set of programs that deal with MS Windows icons and cursors, which may result in denial of service or the execution of arbitrary code if a malformed .ico or .exe file is processed.
DSA-3810-1 chromium-browser —Security Updates
Security database details:
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2017-5029: Holger Fuhrmannek discovered an integer overflow issue in the libxslt library.
- CVE-2017-5030: Brendon Tiszka discovered a memory corruption issue in the v8 javascript library.
- CVE-2017-5031: Looben Yang discovered a use-after-free issue in the ANGLE library.
- CVE-2017-5032: Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.
- CVE-2017-5033: Nicolai Grødum discovered a way to bypass the Content Security Policy.
- CVE-2017-5034: Ke Liu discovered an integer overflow issue in the pdfium library.
- CVE-2017-5035: Enzo Aguado discovered an issue with the omnibox.
- CVE-2017-5036: A use-after-free issue was discovered in the pdfium library.
- CVE-2017-5037: Yongke Wang discovered multiple out-of-bounds write issues.
- CVE-2017-5038: A use-after-free issue was discovered in the guest view.
- CVE-2017-5039: jinmo123 discovered a use-after-free issue in the pdfium library.
- CVE-2017-5040: Choongwoo Han discovered an information disclosure issue in the v8 javascript library.
- CVE-2017-5041: Jordi Chancel discovered an address spoofing issue.
- CVE-2017-5042: Mike Ruddy discovered incorrect handling of cookies.
- CVE-2017-5043: Another use-after-free issue was discovered in the guest view.
- CVE-2017-5044: Kushal Arvind Shah discovered a heap overflow issue in the skia library.
- CVE-2017-5045: Dhaval Kapil discovered an information disclosure issue.
- CVE-2017-5046: Masato Kinugawa discovered an information disclosure issue.
DSA-3811-1 wireshark —Security Updates
Security database details:
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code.
DSA-3812-1 ioquake3 —Security Updates
Security database details:
It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content (pk3 files or game code), which allows malicious game servers to modify configuration settings including driver settings.
DSA-3813-1 r-base —Security Updates
Security database details:
Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation.
DSA-3814-1 audiofile —Security Updates
Security database details:
Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed.
DSA-3815-1 wordpress —Security Updates
Security database details:
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms.
DSA-3817-1 jbig2dec —Security Updates
Security database details:
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
DSA-3818-1 gst-plugins-bad1.0 —Security Updates
Security database details:
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
DSA-3819-1 gst-plugins-base1.0 —Security Updates
Security database details:
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
DSA-3820-1 gst-plugins-good1.0 —Security Updates
Security database details:
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
DSA-3821-1 gst-plugins-ugly1.0 —Security Updates
Security database details:
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
DSA-3822-1 gstreamer1.0 —Security Updates
Security database details:
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.
DSA-3823-1 eject —Security Updates
Security database details:
Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid() and setgid() when dropping privileges.
DSA-3825-1 jhead —Security Updates
Security database details:
It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed.
DSA-3826-1 tryton-server —Security Updates
Security database details:
It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents.
DSA-3837-1 libreoffice —Security Updates
Security database details:
It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened.
DSA-3840-1 mysql-connector-java —Security Updates
Security database details:
Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code. For additional details, please refer to the advisory at https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
Fixing Status
rabbitmq-server security vulnerabilities have been fixed in version 3.6.6-1; tiff security vulnerabilities have been fixed in version 4.0.7-4; pdns security vulnerabilities have been fixed in version 4.0.2-1; mapserver security vulnerabilities have been fixed in version 7.0.4-1; libphp-swiftmailer security vulnerabilities have been fixed in version 5.4.2-1.1; libxpm security vulnerabilities have been fixed in version 1:3.5.12-1; openssl security vulnerabilities have been fixed in version 1.1.0d-1 of the openssl, 1.0.2k-1 of the openssl1.0; lcms2 security vulnerabilities have been fixed in version 2.8-4; tcpdump security vulnerabilities have been fixed in version 4.9.0-1; libgd2 security vulnerabilities have been fixed in version 2.2.4-1; wordpress security vulnerabilities have been fixed in version 4.7.1+dfsg-1; ntfs-3g security vulnerabilities have been fixed in version 1:2016.2.22AR.1-4; svgsalamander security vulnerabilities have been fixed in version 1.1.1+dfsg-2; viewvc security vulnerabilities have been fixed in version 1.1.26-1; libevent security vulnerabilities have been fixed in version 2.0.21-stable-3; spice security vulnerabilities have been fixed in version 0.12.8-2.1; libreoffice security vulnerabilities have been fixed in version 1:5.2.3-1; munin security vulnerabilities have been fixed in version 2.0.32-1; bind9 security vulnerabilities have been fixed in version 1:9.10.3.dfsg.P4-12; apache2 security vulnerabilities have been fixed in version 2.4.25-1; mupdf security vulnerabilities have been fixed in version 1.9a+ds1-4; libquicktime security vulnerabilities have been fixed in version 2:1.2.4-10; ruby-zip security vulnerabilities have been fixed in version 1.2.0-1.1; zabbix security vulnerabilities have been fixed in version 1:3.0.7+dfsg-1; texlive-base security vulnerabilities have been fixed in version 2016.20161130-1; icoutils security vulnerabilities have been fixed in version 0.31.2-1; chromium-browser security vulnerabilities have been fixed in version 57.0.2987.98-1; wireshark security vulnerabilities have been fixed in version 2.2.5+g440fd4d-2; ioquake3 security vulnerabilities have been fixed in version 1.36+u20161101+dfsg1-2; r-base security vulnerabilities have been fixed in version 3.3.3-1; audiofile security vulnerabilities have been fixed in version 0.3.6-4; wordpress security vulnerabilities have been fixed in version 4.7.3+dfsg-1; jbig2dec security vulnerabilities have been fixed in version 0.13-4; gst-plugins-bad1.0 security vulnerabilities have been fixed in version 1.10.4-1; gst-plugins-base1.0 security vulnerabilities have been fixed in version 1.10.4-1; gst-plugins-good1.0 security vulnerabilities have been fixed in version 1.10.3-1; gst-plugins-ugly1.0 security vulnerabilities have been fixed in version 1.10.4-1; gstreamer1.0 security vulnerabilities have been fixed in version 1.10.3-1; eject security vulnerabilities have been fixed in version 2.1.5+deb1+cvs20081104-13.2; jhead security vulnerabilities have been fixed in version 1:3.00-4; tryton-server security vulnerabilities have been fixed in version 4.2.1-2; libreoffice security vulnerabilities have been fixed in version 2.1.5+deb1+cvs20081104-13.2; mysql-connector-java security vulnerabilities have been fixed in version 5.1.41-1.
We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.