Aggiornamento del Sistema（DSA-3541-1 &DSA-3542-1 &DSA-3543-1）

The security updates of libreoffice, tomcat8, libcommons-fileupload-java, libvirt, tomcat7, wireshark, horizon, libgd2, pidgin, squid3, openssh, phpmyadmin, ntp, libgd2, php5, mariadb-10.0 and collctd.   Vulnerability Information DSA-3608-1 libreoffice — Security Updates Security database details: Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.   DSA-3609-1 tomcat8 — Security Updates Security database details: Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.   DSA-3611-1 libcommons-fileupload-java— Security Updates Security database details: The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.   DSA-3613-1 libvirt— Security Updates Security database details: Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work …Read more

The security updates of wireshark, atheme-services, libgd2 and symfony.   Vulnerability Information DSA-3585-1 wireshark — security update Security database details: Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.   DSA-3586-1 atheme-services — security update Security database details: It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.   DSA-3587-1 libgd2 — security update Security database details: Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.   DSA-3588-1 symfony — security update Security database details: CVE-2016-1902 : Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes() or openssl_random_pseudo_bytes() are not available, the output of SecureRandom should not be consider secure. CVE-2016-4423 : Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames.   Fixing Status wireshark security vulnerabilities have been fixed in version 2:4.3.7+dfsg-1; atheme-services security vulnerabilities have been …Read more

The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick.   Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.   DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.   DSA-3570-1 mercurial— Security Updates Security database details: CVE-2016-3105: Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.   DSA-3571-1 ikiwiki— Security Updates Security database details: CVE-2016-4561: Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki’s use of imagemagick in the img plugin.   …Read more

The security updates of openssl and libpam-sshauth.   Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108: David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109: Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.   DSA-3567-1 libpam-sshauth–Security Updates Security database details: CVE-2016-4422: The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent …Read more

The security updates of imlib2 and libgd2.   Vulnerability Information DSA-3555-1 imlib2 –Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2×1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in an application crash or information leak. CVE-2016-4024: Yuriy M. Kaminskiy discovered an integer overflow that could lead to an insufficient heap allocation and out-of-bound memory write.   DSA-3556-1 libgd2 –Security Updates Security database details: CVE-2016-3074：Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application. …Read more

The security updates of samba, chromium-browser and openssh.   Vulnerability Information DSA-3548-1 samba— Security Update Security database details: CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel’s endpoint, and obtain sensitive session information. This flaw corresponds to the same vulnerability as CVE-2015-0005 for Windows, discovered by Alberto Solino from Core Security. CVE-2016-2112: Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can downgrade LDAP connections to avoid integrity protection. CVE-2016-2113: Stefan Metzmacher of SerNet and the Samba Team discovered that man-in-the-middle attacks are possible for client triggered LDAP connections and ncacn_http connections. CVE-2016-2114: Stefan Metzmacher of SerNet and the Samba Team discovered that Samba does not enforce required smb signing even if explicitly configured. CVE-2016-2115: Stefan Metzmacher of SerNet and the Samba Team discovered that SMB connections for IPC traffic are not integrity-protected. CVE-2016-2118: Stefan …Read more

The security updates of roundcube, mercurial and oar.   Vulnerability Information DSA-3541-1 roundcube— Security Update Security database details: CVE-2015-8770: High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.   DSA-3542-1 mercurial— Security Update Security database details: Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone. CVE-2016-3069: Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git repositories with specially crafted names. CVE-2016-3630: It was discovered that Mercurial does not properly perform bounds-checking in its binary delta decoder, which may be exploitable for remote code execution via clone, push or pull.   DSA-3543-1 oar— Security Update Security database details: CVE-2016-1235: Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation.   Fixing Status roundcube security vulnerabilities have been fixed in version 1.1.4+dfsg.1-1; mercurial security …Read more