Debian DLA-2438-1 : raptor2 security update

It was discovered that there were two heap overflow vulnerabilities in raptor2, a set of parsers for RDF files that is used, amongst others, in LibreOffice. For Debian 9 'Stretch', this problem has been fixed in version 2.0.14-1+deb9u1. We recommend that you upgrade your raptor2 packages. For the...

Debian DLA-2437-1 : krb5 security update

It was discovered that there was a denial of service vulnerability in the MIT Kerberos network authentication system, krb5. The lack of a limit in the ASN.1 decoder could lead to infinite recursion and allow an attacker to overrun the stack and cause the process to crash. For Debian 9 'Stretch',...

Debian DLA-2436-1 : sddm security update

It was discovered that there was an issue in the sddm display manager where local unprivileged users could create a connection to the X server. For Debian 9 'Stretch', this problem has been fixed in version 0.14.0-4+deb9u2. We recommend that you upgrade your sddm packages. For the detailed securi...

Debian DLA-2435-1 : guacamole-server security update

The server component of Apache Guacamole, a remote desktop gateway, did not properly validate data received from RDP servers. This could result in information disclosure or even the execution of arbitrary code. CVE-2020-9497 Apache Guacamole does not properly validate data received from RDP serve...

[SECURITY] [DLA 2440-1] poppler security update

Debian LTS Advisory DLA-2440-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 08, 2020 https://wiki.debian.org/LTS Package : poppler Version : 0.48.0-2+deb9u4 CVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058 CVE-2018-20650 CVE-2018-20662 CVE-2019-73...

Debian: Security Advisory (DLA-2437-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2439-1] libexif security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2439-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 07, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2438-1] raptor2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2438-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 07, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2436-1] sddm security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2436-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 06, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2429-1 : wordpress security update

There were several vulnerabilites reported against wordpress, as follows : CVE-2020-28032 WordPress before 4.7.19 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. CVE-2020-28033 WordPress before 4.7.19 mishandles embeds from disabled sites on a multisite...

Debian: Security Advisory (DLA-2433-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2433-1 : bouncycastle security update

It was discovered that there was an issue in the bouncycastle crypto library where attackers could obtain sensitive information due to observable differences in its response to invalid input. For Debian 9 'Stretch', this problem has been fixed in version 1.56-1+deb9u3. We recommend that you upgra...

Debian DLA-2430-1 : blueman security update

Vaisha Bernard discovered that Blueman, a graphical bluetooth manager performed insufficient validation on a D-Bus interface, which could result in denial of service or privilege escalation. For Debian 9 stretch, this problem has been fixed in version 2.0.4-1+deb9u1. We recommend that you upgrade...

Debian DLA-2431-2 : libonig regression update

It was discovered that CVE-2020-26159 in the Oniguruma regular expressions library, notably used in PHP mbstring, was a false-positive. In consequence the patch for CVE-2020-26159 was reverted. For reference, the original advisory text follows. CVE-2020-26159 In Oniguruma an attacker able to supp...

[SECURITY] [DLA 2433-1] bouncycastle security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2433-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 05, 2020 https://wiki.debian.org/LTS -...

[SECURITY][DLA 2431-1] libonig security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2431-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 05, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2431-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2430-1] blueman security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2430-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 03, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2429-1] wordpress security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2429-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 03, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-2426-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...