18 matches found
Debian: Security Advisory (DLA-310-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1032-1 : unattended-upgrades regression update
Since the release of the last Debian stable release 'stretch', Debian LTS 'wheezy' has been renamed 'oldoldstable', which broke the unattended-upgrades package as described in bug 867169. Updates would simply not be performed anymore. For Debian 7 'Wheezy', these problems have been fixed in versi...
[SECURITY] [DLA 427-1] nss security update
Package : nss Version : 3.12.8-1+squeeze14 CVE ID : CVE-2016-1938 The smpdiv function in Mozilla Network Security Services NSS before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the 1 mpdiv or...
DLA-425-1 libssh - security update
Bulletin has no description...
Debian DLA-383-1 : claws-mail security update
'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the...
DLA-383-1 claws-mail - security update
Bulletin has no description...
Debian DLA-347-1 : putty security update
It was discovered that PuTTY's terminal emulator did not properly validate the parameter to the ECH erase characters control sequence, allowing a denial of service and possibly remote code execution. For the oldoldstable distribution squeeze, this problem has been fixed in version...
DLA-347-1 putty - security update
Bulletin has no description...
Debian DLA-340-1 : krb5 security update
CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the buildprincipalva function...
Debian DLA-316-1 : eglibc security update
Several vulnerabilities have been discovered in eglibc that may lead to a privilege escalation or denial of service. Glibc pointer guarding weakness A weakness in the dynamic loader prior has been found. The issue is that the LDPOINTERGUARD in the environment is not sanitized allowing local...
DLA-316-1 eglibc - security update
Bulletin has no description...
Debian DLA-310-1 : linux-2.6 security update
This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs Router Advertisements, without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivit...
Debian DLA-275-1 : ruby1.9.1 security update
It was discovered that the uri package in the Ruby standard library uses regular expressions that may result in excessive backtracking. Ruby applications that parse untrusted URIs using this library were susceptible to denial of service attacks by passing crafted URIs. For the oldoldstable...
Debian DLA-277-1 : libidn security update
Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names IDNs. In the case of the Jabber server, this results in information disclosure, and it is likely that some other applications using libidn have similar...
DLA-274-1 groovy - security update
Bulletin has no description...
DLA-277-1 libidn - security update
Bulletin has no description...
DLA-230-1 eglibc - security update
Bulletin has no description...
DLA-220-1 dpkg - security update
Bulletin has no description...