Debian DLA-2520-1 : golang-websocket security update

There was an integer overflow vulnerability concerning the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. For Debian 9 stretch, this problem has been fixed in...

Debian: Security Advisory (DLA-2518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2520-1] golang-websocket security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2520-1 [email protected] https://www.debian.org/lts/security/ Brian May January 07, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2517-1 : dovecot security update

It was discovered that there were two issues in the Dovecot IMAP server : - CVE-2020-24386: Prevent an issue where an attacker could cause Dovecot to discover file system directory structure and even access other users' emails using a pecially crafted command. - CVE-2020-25275: Prevent an issue...

[SECURITY] [DLA 2517-1] dovecot security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2517-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 05, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2516-1 : gssproxy security update

It was discovered that there was an issue in the gssproxy privilege separation caused by gssproxy not unlocking condmutex prior to calling pthreadexit. For Debian 9 'Stretch', this problem has been fixed in version 0.5.1-2+deb9u1. We recommend that you upgrade your gssproxy packages. For the...

Debian DLA-2515-1 : csync2 security update

It was discovered that csync2, a cluster synchronization tool, did not correctly check for the return value from GnuTLS security routines. It neglected to repeatedly call this function as required by the design of the API. For Debian 9 'Stretch', this problem has been fixed in version...

Debian DLA-2514-1 : flac security update

Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888 Memory leak via a specially crafted FLAC file CVE-2020-0499 Out of bounds read due to a heap buffer overflow For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u1. We...

Debian DLA-2513-1 : p11-kit security update

Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS11 modules. CVE-2020-29361 Multiple integer overflows CVE-2020-29362 Heap-based buffer over-read For Debian 9 stretch, these problems have been fixed in version...

Debian: Security Advisory (DLA-2516-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2516-1] gssproxy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2516-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 04, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2515-1] csync2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2515-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 04, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2514-1] flac security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2514-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2511-1 : highlight.js security update

An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange behavior or crashes of applications that do not correctly handle unknown...

Debian DLA-2507-1 : libxstream-java security update

Several security vulnerabilities were discovered in XStream, a Java library to serialize objects to XML and back again. CVE-2020-26258 XStream is vulnerable to a Server-Side Forgery Request which can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data fr...

[SECURITY] [DLA 2512-1] libhibernate3-java security update

Debian LTS Advisory DLA-2512-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 03, 2021 https://wiki.debian.org/LTS Package : libhibernate3-java Version : 3.6.10.Final-6+deb9u1 CVE ID : CVE-2020-25638 A flaw was found in hibernate-core. A SQL injection in...

[SECURITY] [DLA 2507-1] libxstream-java security update

Debian LTS Advisory DLA-2507-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 31, 2020 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u1 CVE ID : CVE-2020-26258 CVE-2020-26259 Debian Bug : 977625 977624 Several security...

[SECURITY] [DLA 2511-1] highlight.js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2511-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 30, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2510)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2510-1] libdatetime-timezone-perl new upstream release

------------------------------------------------------------------------- Debian LTS Advisory DLA-2510-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2020 https://wiki.debian.org/LTS -...