Debian DLA-2452-2 : libdatetime-timezone-perl regression update

2.09-1+2020d accidentally did omit changes to some files, resulting in warnings. For Debian 9 stretch, this problem has been fixed in version 2.09-1+2020d+1. We recommend that you upgrade your libdatetime-time zone-perl packages. NOTE: Tenable Network Security has extracted the preceding...

[SECURITY] [DLA 2453-1] restic security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2453-1 [email protected] https://www.debian.org/lts/security/ Brian May November 17, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2451-1] libvncserver security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2451-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 15, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2450-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2450-1] libproxy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2450-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2449-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2449-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2448-1] firefox-esr security update

Debian LTS Advisory DLA-2448-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez November 11, 2020 https://wiki.debian.org/LTS Package : firefox-esr Version : 78.4.1esr-1deb9u1 CVE ID : CVE-2020-26950 A use-after-free was found in the Mozilla Firefox web browser,...

Debian DLA-2447-2 : pacemaker regression update

The update of pacemaker released as DLA-2447-1 caused a regression when the communication between the Corosync cluster engine and pacemaker takes place. A permission problem prevents IPC requests between cluster nodes. The patch for CVE-2020-25654 has been reverted until a better solution can be...

Debian DLA-2448-1 : firefox-esr security update

A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 78.4.1esr-1deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security stat...

Debian DLA-2445-1 : libmaxminddb security update

A heap-based buffer over-read has been found in libmaxminddb, an IP geolocation database library. This could be exploited when the mmdblookup tool is used to open a specially crafted database file. For Debian 9 stretch, this problem has been fixed in version 1.2.0-1+deb9u1. We recommend that you...

Debian DLA-2444-1 : tcpdump security update

The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. The buffer should be big enough to hold the captured data, but it doesnt need to be big enough to hold the entire on-the-network packet, if we havent captured all of it. For Debian 9 stretch, this proble...

Debian DLA-2446-1 : moin security update

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki. CVE-2020-15275 Catarina Leite discovered that moin is prone to a stored XSS vulnerability via SVG attachments. CVE-2020-25074 Michael Chapman discovered that moin is prone to a remote code execution vulnerability via the cac...

Debian DLA-2443-1 : zeromq3 security update

It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE...

Debian: Security Advisory (DLA-2445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2446-1] moin security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2446-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 10, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2445-1] libmaxminddb security update

Debian LTS Advisory DLA-2445-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 10, 2020 https://wiki.debian.org/LTS Package : libmaxminddb Version : 1.2.0-1+deb9u1 CVE ID : CVE-2020-28241 Debian Bug : 973878 A heap-based buffer over-read has been found in...

[SECURITY] [DLA 2444-1] tcpdump security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2444-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 10, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2441-1 : sympa security update

A privilege escalation was discovered in Sympa, a modern mailing list manager. It is fixed when Sympa is used in conjunction with common MTAs such as Exim or Postfix by disabling a setuid executable, although no fix is currently available for all environments such as sendmail. Additionally, an...

Debian DLA-2442-1 : obfs4proxy security update

golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka...

[SECURITY] [DLA 2442-1] obfs4proxy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2442-1 [email protected] https://www.debian.org/lts/security/ Brian May November 10, 2020 https://wiki.debian.org/LTS -...