1291 matches found
Debian DLA-2663-1 : libimage-exiftool-perl security update
A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed. For Debian 9 stretch, this problem has been fixed in version 10.40-1+deb9u...
Debian DLA-2662-1 : postgresql-9.6 security update
Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content. For Debian 9 stretch, these problems have been fixed in version 9.6.22-0+deb9u1. We recommend that you upgrade your postgresql-9....
[SECURITY] [DLA 2663-1] libimage-exiftool-perl security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2663-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 16, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
Debian DLA-2659-1 : graphviz security update
CVE-2018-10196 NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2020-18032 A buffer overflow was discovered in Graphviz, which could...
[SECURITY] [DLA 2660-1] libgetdata security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2660-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky May 13, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2657-1 : lz4 security update
It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 'Stretch', this problem has been fixed in version 0.0r131-2+deb9u1. We recommend that you upgrade your lz4 packages. For the detailed security status of lz4 please...
[SECURITY] [DLA 2657-1] lz4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2657-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 12, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
Debian DLA-2654-1 : composer security update
It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution. For Debian 9 stretch, this problem has been fixed in version 1.2.2-1+deb9u1. We recommend that you upgrade your composer packages. For the detaile...
Debian: Security Advisory (DLA-2656-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2654-1] composer security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2654-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
Debian DLA-2653-1 : libxml2 security update
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files, which could cause denial of service via application crash when parsing specially crafted files. For Debian 9 stretch, these problems have been fixed in version...
Debian DLA-2652-1 : unbound1.9 security update
Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial of...
Debian DLA-2648-2 : mediawiki regression update
The patch from latest upstream release to address CVE-2021-30152 was not portable to stretch-security version causing MediaWiki APIs to fail. This update includes a patch from upstream REL31 release which fix the issue. For Debian 9 stretch, this problem has been fixed in version 1:1.27.7-1deb9u9...
Debian DLA-2651-1 : python-django security update
It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework. The MultiPartParser, UploadedFile and FieldFile classes allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate...
[SECURITY] [DLA 2648-2] mediawiki regression update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2648-2 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 07, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2651-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2651-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 06, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
Debian: Security Advisory (DLA-2648-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2649-1] cgal security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2649-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky May 04, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2649-1 : cgal security update
Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL. CVE-2020-28601 An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigge...
Debian DLA-2647-1 : bind9 security update
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214 Greg Kuechle discovered that a malformed incoming IXFR transfer could trigger an assertion failure in named, resulting in denial of service. CVE-2021-25215 Siva Kakarla discovered that named could crash...