1291 matches found
[SECURITY] [DLA 2533-1] crmsh security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2533-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 25, 2021 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DLA-2530-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2531-1 : python-bottle security update
The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
Debian DLA-2530-1 : drupal7 security update
Drupal identified a vulnerability in the verson of the ArchiveTar library it bundles CVE-2020-36193, which allows out-of-path extraction vulnerabilities, granting it the Drupal Security Advisory ID SA-CORE-2021-001 : https://www.drupal.org/sa-core-2021-001 For Debian 9 'Stretch', the fix to this...
[SECURITY] [DLA-2530-1] drupal7 security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2530-1 [email protected] https://www.debian.org/lts/security/ Gunnar Wolf January 21, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2529-1 : mutt security update
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...
[SECURITY] [DLA 2529-1] mutt security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2529-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 21, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2525-1 : wavpack security update
Multiple vulnerabilites in wavpack were found, like OOB read which could potentially lead to a DOS attack, unexpected control flow, crashes, integer overflow, and segfaults. For Debian 9 stretch, these problems have been fixed in version 5.0.0-2+deb9u3. We recommend that you upgrade your wavpack...
Debian DLA-2527-1 : snapd security update
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka...
Debian DLA-2526-1 : ruby-redcarpet security update
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml option was being used. For Debian 9 stretch, this proble...
Debian DLA-2528-1 : gst-plugins-bad1.0 security update
Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 1.10.4-1+deb9u1. We recommend that you upgrade your gst-plugins-bad1...
Debian: Security Advisory (DLA-2527-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2526-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2526-1] ruby-redcarpet security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2524-1] spice-vdagent security update
Debian LTS Advisory DLA-2524-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 13, 2021 https://wiki.debian.org/LTS Package : spice-vdagent Version : 0.17.0-1+deb9u1 CVE ID : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Debian Bug...
Debian DLA-2522-1 : coturn security update
A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses 127.x.x.x and ::1. A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the...
Debian: Security Advisory (DLA-2519-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4828-1 : libxstream-java - security update
Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
Debian DLA-2521-1 : firefox-esr security update
A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 78.6.1esr-1deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security stat...
Debian: Security Advisory (DLA-2521-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...