Multiple security vulnerabilities were discovered in the Tomcat
servlet and JSP engine, as well as in its Debian-specific maintainer
scripts. Those flaws allowed for privilege escalation, information
disclosure, and remote code execution.
Category Archives: Debian
Debian Security Advisories
DSA-3738 tomcat7 – security update
Multiple security vulnerabilities were discovered in the Tomcat
servlet and JSP engine, as well as in its Debian-specific maintainer
scripts. Those flaws allowed for privilege escalation, information
disclosure, and remote code execution.
DSA-3736 libupnp – security update
Two vulnerabilities were discovered in libupnp, a portable SDK for
UPnP devices.
DSA-3737 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
DSA-3735 game-music-emu – security update
Chris Evans discovered that incorrect emulation of the SPC700 audio
co-processor of the Super Nintendo Entertainment System allows the
execution of arbitrary code if a malformed SPC music file is opened.
Further information can be found at
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
DSA-3734 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
information leaks.
DSA-3733 apt – security update
Jann Horn of Google Project Zero discovered that APT, the high level
package manager, does not properly handle errors when validating
signatures on InRelease files. An attacker able to man-in-the-middle
HTTP requests to an apt repository that uses InRelease files
(clearsigned Release files), can take advantage of this flaw to
circumvent the signature of the InRelease file, leading to arbitrary
code execution.
DSA-3732 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
DSA-3731 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.
DSA-3730 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
same-origin policy bypass issues, integer overflows, buffer overflows
and use-after-frees may lead to the execution of arbitrary code or
denial of service.