Debian DLA-2493-1 : openssl1.0 security update

David Benjamin discovered a flaw in the GENERALNAMEcmp function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version 1.0.2u-1deb9u3. We recommend that you upgrade your openssl1.0 packages. For the detailed security stat...

Debian DLA-2492-1 : openssl security update

David Benjamin discovered a flaw in the GENERALNAMEcmp function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version 1.1.0l-1deb9u2. We recommend that you upgrade your openssl packages. For the detailed security status ...

[SECURITY] [DLA 2493-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2493-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 14, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2493-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2491-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2491-1] openexr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2491-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 13, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2489-1 : minidlna security update

It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability. For Debian 9 stretch, these problems have been fixed in version...

Debian DLA-2490-1 : x11vnc security update

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of anoth...

[SECURITY] [DLA 2340-2] sqlite3 regression update

Debian LTS Advisory DLA-2340-2 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 10, 2020 https://wiki.debian.org/LTS Package : sqlite3 Version : 3.16.2-5+deb9u3 CVE ID : CVE-2019-20218 The update of sqlite3 released as DLA-2340-1 contained an incomplete...

Debian DLA-2486-1 : xorg-server security update

Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation. For Debian 9 stretch, these problems have been fixed in version 2:1.19.2-1+deb9u7. We recommend that you upgrade your xorg-server packages. For...

Debian DLA-2487-1 : apt security update

It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2488-2 : python-apt regression update

The update for python-apt released as 2488-1 introduced a regression by causing a segmentation fault, which is now fixed with this update. For Debian 9 stretch, this problem has been fixed in version 1.4.3. We recommend that you upgrade your python-apt packages. For the detailed security status o...

[SECURITY] [DLA 2486-1] xorg-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2486-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 09, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)

The http2 server support in this package was vulnerable to certain types of DOS attacks. CVE-2019-9512 This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of response...

Debian DLA-2484-1 : python-certbot - switch to ACMEv2 API

Let's Encrypt's ACMEv1 API is deprecated and in the process of being shut down. Beginning with brownouts in January 2021, and ending with a total shutdown in June 2021, the Let's Encrypt APIs will become unavailable. To prevent users having disruptions to their certificate renewals, this update...

[SECURITY] [DLA 2484-1] python-certbot - switch to ACMEv2 API

----------------------------------------------------------------------- Debian LTS Advisory DLA-2484-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2479-1 : thunderbird security update

Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 1:78.5.1-1deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed...

Debian DLA-2480-2 : salt regression update

Past security updates of Salt, a remote execution manager, introduced regressions for which follow-up fixes were published : CVE 2020-16846 regression 'salt-ssh' master key initialization fails CVE 2021-3197 regression Valid parameters are discarded for the SSHClient CVE 2020-28243 follow-up...

Debian DLA-2482-1 : debian-security-support security update

debian-security-support, the Debian security support coverage checker, has been updated in stretch-security. This marks the end of life of the mongodb package in stretch due to licence incompatibility. See https://lists.debian.org/debian-lts/2020/11/msg00058.html and https://bugs.debian.org/91553...

[SECURITY] [DLA 2482-1] debian-security-support security update

Debian LTS Advisory DLA-2482-1 [email protected] https://www.debian.org/lts/security/ Holger Levsen December 04, 2020 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:9+2020.12.04 debian-security-support, the Debian security support coverage checker, has been...