Debian DLA-2703-1 : ieee-data - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2703 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security...

Debian: Security Advisory (DLA-2702-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2701-1] openexr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2701-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 03, 2021 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2699-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2698-1] node-bl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2698-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 01, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2696-1] libjdom2-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2696-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 29, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2692-1 : bluez - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2692 advisory. Two issues have been found in bluez, a package with Bluetooth tools and daemons. One issue is about a man- in-the-middle attack during secure pairing, the other is...

Debian DLA-2693-1 : xmlbeans - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2693 advisory. The XML parsers used by XMLBeans did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include the possibility for XML Entity...

[SECURITY] [DLA 2692-1] bluez security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2692-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 27, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2691-1 : libgcrypt20 - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2691 advisory. An issue has been found in libgcrypt20, a crypto library. Mishandling of ElGamal encryption results in a possible side-channel attack and an interoperability problem with...

Debian DLA-2688-1 : jetty9 security update

Steven Seeley discovered that in jetty, a Java servlet engine and webserver, requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. An attacker may access sensitive information regarding the implementation of a web application. For...

[SECURITY] [DLA 2687-1] prosody security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2687-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 15, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2687-2 : prosody regression update

It was discovered that the previous upload of the package prosody versioned 0.9.12-2+deb9u3 introduced a regression in the modauthinternalhashed module. Big thanks to Andre Bianchi for the reporting an issue and for testing the update. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2686-1 : python-urllib3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2686 advisory. Several vulnerabilities were discovered in python-urllib3, a HTTP client for Python. CVE-2018-20060 Urllib3 does not remove the Authorization HTTP header when...

[SECURITY] [DLA 2686-1] python-urllib3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2686-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 15, 2021 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2685-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2684-1 : lasso security update

A vulnerability was discovered in lasso, a library for Liberty Alliance and SAML protocols, which results to a improper verification of a cryptographic signature. For Debian 9 stretch, this problem has been fixed in version 2.5.0-5+deb9u1. We recommend that you upgrade your lasso packages. For th...

[SECURITY] [DLA 2684-1] lasso security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2684-1 [email protected] https://www.debian.org/lts/security/ Yadd June 10, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

Debian DLA-2682-1 : mrxvt security update

mrxvt, lightweight multi-tabbed X terminal emulator, allowed potentially remote code execution because of improper handling of certain escape sequences ESC G Q. For Debian 9 stretch, this problem has been fixed in version 0.5.4-2+deb9u1. We recommend that you upgrade your mrxvt packages. For the...

Debian DLA-2683-1 : rxvt security update

rxvt, VT102 terminal emulator for the X Window System, allowed potentially remote code execution because of improper handling of certain escape sequences ESC G Q. For Debian 9 stretch, this problem has been fixed in version 1:2.7.10-7+deb9u2. We recommend that you upgrade your rxvt packages. For...