Debian: Security Advisory (DLA-1537-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2246-1] xawtv security update

Package : xawtv Version : 3.103-3+deb8u1 CVE ID : CVE-2020-13696 Debian Bug : 962221 An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem...

Debian DLA-2226-1 : gst-plugins-ugly0.10 security update

Two memory management issues were found in the asfdemux element of the GStreamer 'ugly' plugin collection, which can be triggered via a maliciously crafted file. For Debian 8 'Jessie', these problems have been fixed in version 0.10.19-2.1+deb8u1. We recommend that you upgrade your...

Debian DLA-2211-1 : log4net security update

It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as 'Mono'. This type of attack occurs when XML input containing a reference to an internet-faced entity is processed by a weakly...

[SECURITY] [DLA 2205-1] firefox-esr security update

Package : firefox-esr Version : 68.8.0esr-1deb8u1 CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debia...

[SECURITY] [DLA 2190-1] ruby-json security update

Package : ruby-json Version : 1.8.1-1+deb8u1 CVE ID : CVE-2020-10663 In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target...

Debian DLA-2170-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 68.7.0esr-1deb8u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenabl...

[SECURITY] [DLA 2170-1] firefox-esr security update

Package : firefox-esr Version : 68.7.0esr-1deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie",...

Debian DLA-2167-1 : python-bleach security update

A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial of service ReDoS. For Debian 8 'Jessie', this problem has been fixed in version...

[SECURITY] [DLA 2140-1] firefox-esr security update

Package : firefox-esr Version : 68.6.0esr-1deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary...

Debian DLA-2117-1 : zsh security update

A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted. For Debian 8 'Jessie', this problem has been fixed in version 5.0.7-5+deb8u1. We recommend...

[SECURITY] [DLA 2117-1] zsh security update

Package : zsh Version : 5.0.7-5+deb8u1 CVE ID : CVE-2019-20044 Debian Bug : 951458 A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted. For Debia...

[SECURITY] [DLA 2131-1] rrdtool security update

Package : rrdtool Version : 1.4.8-1.2+deb8u1 CVE ID : CVE-2014-6262 Multiple format string vulnerabilities in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argume...

Debian: Security Advisory (DLA-2125-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2102-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 68.5.0esr-1deb8u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenabl...

Debian DLA-2076-1 : slirp security update

An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead to a DoS or potential execute arbitrary code. For Debian 8 'Jessie', this problem has be...

[SECURITY] [DLA 2064-1] ldm security update

Package : ldm Version : 2:2.2.15-2+deb8u1 CVE ID : CVE-2019-20373 Debian Bug : 948538 It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For...

[SECURITY] [DLA 2055-1] igraph security update

Package : igraph Version : 0.7.1-2+deb8u1 CVE ID : CVE-2018-20349 An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in igraphistrdiff. For Debian 8 "Jessie", this problem has been fixed in version 0.7.1-2+deb8u...

Debian DLA-2006-1 : libxdmcp security update

It has been found, that libxdmcp, an X11 Display Manager Control Protocol library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 'Jessie', this problem has been fixed in version 1:1.1.1-1+deb8u1. We recommend that you upgrade your libxdmc...

Debian: Security Advisory (DLA-2000-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...