9 matches found
[SECURITY] [DLA 1481-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.110-3+deb9u4deb8u1 CVE ID : CVE-2018-3620 CVE-2018-3646 Debian Bug : 906769 Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of...
[SECURITY] [DLA 1147-1] exiv2 security update
Package : exiv2 Version : 0.23-1+deb7u2 CVE ID : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 Debian Bug : 876893 The exiv2 library is vulnerable to multiple issues that can all lead to denial of service of the applications relying on the library to parse images...
[SECURITY] [DLA 383-1] claws-mail security update
Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...
[SECURITY] [DLA 325-1] linux-2.6 security update
Package : linux-2.6 Version : 2.6.32-48squeeze16 CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-7613 This update fixes the CVEs described below. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be...
[SECURITY] [DLA 266-1] libxml2 security update
Package : libxml2 Version : 2.7.8.dfsg-2+squeeze12 CVE ID : CVE-2015-1819 Debian Bug : 782782 782985 783010 This upload to Debian squeeze-lts fixes three issues found in the libxml2 package. 1 CVE-2015-1819 / 782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser whi...
[SECURITY] [DLA 175-1] gnupg security update
Package : gnupg Version : 1.4.10-4+squeeze7 CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Debian Bug : 778652 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by...
[SECURITY] [DLA 113-1] bsd-mailx security update
Package : bsd-mailx Version : 8.1.2-0.20100314cvs-1+deb6u1 CVE ID : CVE-2014-7844 It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can...
[SECURITY] [DLA 58-2] apt regression fix
Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...
[Backports-security-announce] Security update for znc
Patrick Matthäi uploaded new packages for znc which fixed the following security problems: TEMP-0537977-000291, Debian BTS 537977 It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the etch-backports...