Debian DLA-2405-1 : httpcomponents-client security update

Oleg Kalnichevski discovered that httpcomponents-client, a Java library for building HTTP-aware applications, can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. For Debian 9 stretch,...

[SECURITY] [DLA 2405-1] httpcomponents-client security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2404-1] eclipse-wtp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2404-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2403-1] rails security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2403-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2401-1 : sympa security update

Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers. A local attacker can obtain root access. For Debian 9 stretch, this problem has been fixed in version 6.2.16dfsg-3+deb9u3. We recommend that you upgrade your sympa packages. For the detailed security status...

Debian DLA-2398-1 : puma security update

Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. CVE-2020-11077 client could smuggle a request through a proxy, causing...

[SECURITY] [DLA 2401-1] sympa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2401-1 [email protected] https://www.debian.org/lts/security/ October 07, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

[SECURITY] [DLA 2399-1] packagekit security update

Debian LTS Advisory DLA-2399-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez October 07, 2020 https://wiki.debian.org/LTS Package : packagekit Version : 1.1.5-2+deb9u2 CVE ID : CVE-2020-16121 CVE-2020-16122 Two vulnerabilities have been discovered in...

Debian DLA-2397-1 : php7.0 security update

A vulnerability was discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an...

[SECURITY] [DLA 2397-1] php7.0 security update

Debian LTS Advisory DLA-2397-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez October 06, 2020 https://wiki.debian.org/LTS Package : php7.0 Version : 7.0.33-0+deb9u10 CVE ID : CVE-2020-7070 A vulnerability was discovered in PHP, a server-side, HTML-embedded...

Debian DLA-2391-1 : ruby2.3 security update

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick bundled along with ruby2.3 was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to...

Debian DLA-2389-1 : ruby-rack-cors security update

This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 9 stretch, this problem has been fixed in version 0.4.0-1+deb9u2. We recommend that you upgrade your ruby-rack-cors packages. For...

Debian DLA-2393-1 : snmptt security update

It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the process or cause a...

Debian DLA-2395-1 : libvirt security update

A double free vulnerability was discovered in libvirt, a toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. For Debian 9 stretch, this problem has been fixed in version 3.0.0-4+deb9u5. We recommend that you upgrade your libvirt packages. For the...

Debian: Security Advisory (DLA-2393-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2393-1] snmptt security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2393-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 01, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2395-1] libvirt security update

Debian LTS Advisory DLA-2395-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez October 02, 2020 https://wiki.debian.org/LTS Package : libvirt Version : 3.0.0-4+deb9u5 CVE ID : CVE-2020-25637 Debian Bug : 971555 A double free vulnerability was discovered in...

[SECURITY] [DLA 2392-1] jruby security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2392-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2391-1] ruby2.3 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2391-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2389-1] ruby-rack-cors security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...