1293 matches found
[SECURITY] [DLA 2482-1] debian-security-support security update
Debian LTS Advisory DLA-2482-1 [email protected] https://www.debian.org/lts/security/ Holger Levsen December 04, 2020 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:9+2020.12.04 debian-security-support, the Debian security support coverage checker, has been...
[SECURITY] [DLA 2481-1] openldap security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2481-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 04, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2477-1 : jupyter-notebook security update
It was discovered that there was an issue in the 'jupyter-notebook' interactive notebook system where a maliciously-crafted link could redirect the browser to a malicious/spoofed website. For Debian 9 'Stretch', this problem has been fixed in version 4.2.3-4+deb9u2. We recommend that you upgrade...
[SECURITY] [DLA 2478-1] postgresql-9.6 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2478-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2477-1] jupyter-notebook security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2477-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 02, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2476-1 : brotli security update
A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite. For Debian 9 stretch, this problem has been fixed in version 0.5.2+dfsg-2+deb9u1. We recommend that you upgrade your brotli packages. For the detailed security status of brotli please refer to its security...
Debian LTS: Security Advisory for zsh (DLA-2470-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 2476-1] brotli security update
Debian LTS Advisory DLA-2476-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 01, 2020 https://wiki.debian.org/LTS Package : brotli Version : 0.5.2+dfsg-2+deb9u1 CVE ID : CVE-2020-8927 A buffer overflow was discovered in Brotli, a generic-purpose...
Debian DLA-2470-1 : zsh security update
Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory...
Debian DLA-2473-1 : vips security update
In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version 8.4.5-1+deb9u2. We recommend that you upgrade your vips packages. For the detailed security...
Debian DLA-2474-1 : musl security update
The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress no overflow or writing past the end of the destination...
Debian DLA-2472-1 : mutt security update
In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u4. We recommend that you upgrad...
Debian DLA-2468-1 : tcpflow security update
An issue has been found in tcpflow, a TCP flow recorder. Due to an overflow vulnerability in function handle80211, an out-of-bounds read with access to sensitive memory or a denial of service might happen. For Debian 9 stretch, this problem has been fixed in version 1.4.4+repack1-3+deb8u1. We...
Debian DLA-2467-2 : lxml regression update
The fix for CVE-2020-27783, released as DLA 2467-1, was incomplete as the component was still affected by the vulnerability. This update includes an additional patch that completes the fix. Note that a package with version 3.7.1-1+deb9u2 was uploaded, but before the publication of the advisory a...
Debian DLA-2466-1 : drupal7 security update
Two vulnerabilities were found in the ArchiveTar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives. For Debian 9 stretch, these problems have been fixed in version 7.52-2+deb9u13. We recommend that you upgrade...
[SECURITY] [DLA 2468-1] tcpflow security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2468-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 29, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2466-1] drupal7 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2466-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2020 https://wiki.debian.org/LTS -...
Lxml Cross-Site Scripting Vulnerability
Lxml is a software from the individual developer of Lxml that interacts with Python to locate elements in Html. Lxml suffers from a cross-site scripting vulnerability that arises from javascript escaping via a combination of noscript and style. The following products and versions are affected:...
Debian: Security Advisory (DLA-2465-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2465-1 : php-pear security update
It was discovered that there was a filename sanitisation issue in php-pear, a distribution system for reusable PHP components. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.1+submodules+notgz-9+deb9u2. We recommend that you upgrade your php-pear packages. For the detailed...