[SECURITY] [DLA 2565-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2565-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 18, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2562-1] mumble security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2562-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 18, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2561-1 : ruby-mechanize security update

Mechanize is an open source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's...

Debian DLA-2558-2 : xterm regression update

DLA 2558-2 backported a part of the upstream patch which fails to deal with the realloc failures in Debian stretch. This update reverts that part of the patch since it's not really needed and just focuses on fixing CVE-2021-27135. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2559-1 : busybox security update

Busybox, utility programs for small and embedded systems, was affected by several security vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2011-5325 A path traversal vulnerability was found in Busybox implementation of tar. tar will extract a...

Debian DLA-2557-1 : linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial o...

Debian DLA-2556-1 : unbound1.9 security update

Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package. CVE-2020-12662 Unbound has Insufficient Control of Network Message Volume...

[SECURITY] [DLA 2559-1] busybox security update

Debian LTS Advisory DLA-2559-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 15, 2021 https://wiki.debian.org/LTS Package : busybox Version : 1:1.22.0-19+deb9u1 CVE ID : CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-165...

[SECURITY] [DLA 2557-1] linux-4.19 security update

Debian LTS Advisory DLA-2557-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings February 12, 2021 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.171-2deb9u1 CVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568...

[SECURITY] [DLA 2556-1] unbound1.9 security update

Debian LTS Advisory DLA-2556-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 12, 2021 https://wiki.debian.org/LTS Package : unbound1.9 Version : 1.9.0-2+deb10u2deb9u1 CVE ID : CVE-2020-12662 CVE-2020-12663 CVE-2020-28935 Debian Bug : 977165 Several...

Debian DLA-2555-1 : netty security update

It was discovered that there was an insecure temporary file issue that could have lead to disclosure of arbitrary local files. For Debian 9 'Stretch', this problem has been fixed in version 1:4.1.7-2+deb9u3. We recommend that you upgrade your netty packages. For the detailed security status of...

[SECURITY] [DLA 2553-1] xcftools security update

Debian LTS Advisory DLA-2553-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 09, 2021 https://wiki.debian.org/LTS Package : xcftools Version : 1.0.7-6+deb9u1 CVE ID : CVE-2019-5086 CVE-2019-5087 Debian Bug : 945317 Claudio Bozzato of Cisco Talos...

Debian: Security Advisory (DLA-2551-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2553-2 : xcftools regression update

The patch to address CVE-2019-5086 and CVE-2019-5087 was not portable and did not work on 32 bit processor architectures. This update fixes the problem. For reference, the original advisory text follows. Claudio Bozzato of Cisco Talos discovered an exploitable integer overflow vulnerability in th...

Debian DLA-2550-1 : openjpeg2 security update

Various overflow errors were identified and fixed. CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. CVE-2020-27823 Wrong computation of x1,y1 if -d option is used, resulting in heap buffer overflow. CVE-2020-27824 Global buffer overflow on...

[SECURITY] [DLA 2550-1] openjpeg2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2550-1 [email protected] https://www.debian.org/lts/security/ Brian May February 09, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2549-1] gdisk security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2549-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 08, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2546-1 : intel-microcode security update

CVE-2020-8695 Observable discrepancy in the RAPL interface for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2020-8696 Improper removal of sensitive information before storage or transfer in some IntelR Processors may allow a...

Debian: Security Advisory (DLA-2547-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2548-1] privoxy security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2548-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 07, 2021 https://wiki.debian.org/LTS -...