Eric Sesterhenn, from X41 D-Sec GmbH, discovered several
vulnerabilities in tnef, a tool used to unpack MIME attachments of
type application/ms-tnef. Multiple heap overflows, type confusions
and out of bound reads and writes could be exploited by tricking a
user into opening a malicious attachment. This would result in denial
of service via application crash, or potential arbitrary code
execution.

This update fixes several vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service or the execution of arbitrary
code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.

Multiple vulnerabilities have been found in the PDF viewer MuPDF, which
may result in denial of service or the execution of arbitrary code if
a malformed PDF file is opened.

It was discovered that a maliciously crafted query can cause ISC’s
BIND DNS server (named) to crash if both Response Policy Zones (RPZ)
and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It
is uncommon for both of these options to be used in combination, so
very few systems will be affected by this problem in practice.

Several vulnerabilities were discovered in the Apache2 HTTP server.

Stevie Trujillo discovered a local file write vulnerability in munin, a
network-wide graphing framework, when CGI graphs are enabled. GET
parameters are not properly handled, allowing to inject options into
munin-cgi-graph and overwriting any file accessible by the user
running the cgi-process.

Several vulnerabilities were discovered in the shadow suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

Ben Hayak discovered that objects embedded in Writer and Calc documents
may result in information disclosure. Please see
https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
for additional information.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

Several vulnerabilities were discovered in spice, a SPICE protocol
client and server library. The Common Vulnerabilities and Exposures
project identifies the following problems: