Debian Jessie Openstack images changelog 8.6.2 Updates in 2 source package(s), 5 binary package(s): Source bind9, binaries: libdns-export100 libirs-export91 libisc-export95 libisccfg-export90 bind9 (1:9.9.5.dfsg-9+deb8u8) jessie-security; urgency=medium * CVE-2016-8864: Fix assertion failure in DNAME processing with patch provided by ISC. Source tar, binaries: tar tar (1.27.1-2+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-6321: Bypassing the extract path name. When extracting, member names containing '..' components are skipped. (Closes: #842339) -- Steve McIntyre <93sam@debian.org> Thu, 17 Nov 2016 16:21:21 +0000 8.6.1 Updates in 3 source package(s), 7 binary package(s): Source openssl, binaries: libssl1.0.0 openssl openssl (1.0.1t-1+deb8u5) jessie-security; urgency=medium * The patch for CVE-2016-2182 was missing a fix. (Closes: #838652, #838659) openssl (1.0.1t-1+deb8u4) jessie-security; urgency=medium * Fix CVE-2016-2177 * Fix CVE-2016-2178 * Fix CVE-2016-2179 * Fix CVE-2016-2180 * Fix CVE-2016-2181 * Fix CVE-2016-2182 * Fix CVE-2016-2183 * Fix CVE-2016-6302 * Fix CVE-2016-6303 * Fix CVE-2016-6304 * Fix CVE-2016-6306 Source linux, binaries: linux-image-3.16.0-4-amd64 linux (3.16.36-1+deb8u2) jessie-security; urgency=high * KEYS: Fix short sprintf buffer in /proc/keys show function (CVE-2016-7042) * scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (CVE-2016-7425) * Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (CVE-2015-8956) * netfilter: x_tables: speed up jump target validation (Closes: #831014) * mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (CVE-2016-5195) Source bind9, binaries: libdns-export100 libirs-export91 libisc-export95 libisccfg-export90 bind9 (1:9.9.5.dfsg-9+deb8u7) jessie-security; urgency=high * CVE-2016-2775: lwresd crash with long query name. Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232. Closes: #831796. * CVE-2016-2776: assertion failure due to unspecified crafted query. Fix based on 43139-9-9.patch from ISC. Closes: #839010. -- Steve McIntyre <93sam@debian.org> Fri, 28 Oct 2016 00:22:22 +0100