1293 matches found
Debian DLA-2388-1 : nss security update
Various vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack. CVE-2018-18508 NULL pointer dereference in several CMS functions resulting in a denial of service. CVE-2019-11719 Out-of-bounds read when...
Debian: Security Advisory (DLA-2388-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2387-2] firefox-esr regression update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2387-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2377-1 : qt4-x11 security update
Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518 Double-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image causes a segmentation fault. CVE-2018-19870 A malforme...
Debian DLA-2387-2 : firefox-esr regression update
This update fixes a problem that caused Firefox to fail to build on the arm64 and armhf architectures. For Debian 9 stretch, this problem has been fixed in version 78.3.0esr-1deb9u2. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please...
Debian DLA-2386-1 : libdbi-perl security update
Several vulnerabilities were discovered in the Perl5 Database Interface DBI. An attacker could trigger a denial of service DoS and possibly execute arbitrary code. CVE-2019-20919 The hvfetch documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls...
Debian DLA-2376-1 : qtbase-opensource-src security update
Several vulnerabilities were fixed in the Qt toolkit. CVE-2018-19872 A malformed PPM image causes a crash. CVE-2020-17507 Buffer over-read in the XBM parser. For Debian 9 stretch, these problems have been fixed in version 5.7.1+dfsg-3+deb9u3. We recommend that you upgrade your qtbase-opensource-s...
[SECURITY] [DLA 2387-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2387-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 28, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2386-1] libdbi-perl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2386-1 [email protected] https://www.debian.org/lts/security/ September 28, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
[SECURITY] [DLA 2377-1] qt4-x11 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2377-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 21, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2376-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2376-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 21, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2384-1 : yaws security update
Two issues have been found in yaws, a high performance HTTP 1.1 webserver written in Erlang. CVE-2020-24379 Reject external resource requests in DAV in order to avoid XML External Entity XXE attackes. CVE-2020-24916 Sanitize CGI executable in order to avoid command injection via CGI requests. For...
Debian DLA-2380-1 : ruby-gon security update
It was discovered that there was a cross-site scripting XSS vulnerability in ruby-gon, a Ruby library to send/convert data to JavaScript from a Ruby application. For Debian 9 'Stretch', this problem has been fixed in version 6.1.0-1+deb9u1. We recommend that you upgrade your ruby-gon packages. Fo...
Debian DLA-2381-1 : lua5.3 security update
A vulnerability was discovered in lua5.3, a simple, extensible, embeddable programming language whereby a a negation overflow and segmentation fault could be triggered in getlocal and setlocal, as demonstrated by getlocal3,2^31. For Debian 9 stretch, this problem has been fixed in version...
Debian DLA-2383-1 : nfdump security update
Two issues have been found in nfdump, a netflow capture daemon. Both issues are related to either a buffer overflow or an integer overflow, which could result in a denial of service or a local code execution. For Debian 9 stretch, these problems have been fixed in version 1.6.15-3+deb9u1. We...
Debian DLA-2379-3 : mediawiki regression update
The update of mediawiki released as DLA-2379-2 contained a defect in the patch for CVE-2020-25827 which resulted from a possible use of an uninitialized variable. Updated mediawiki packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in version...
Debian DLA-2382-1 : curl security update
An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination with CURLOPTCONNECTONLY, the wrong connection might be used when transfering data later. For Debian 9 stretch, this problem has been...
Debian: Security Advisory (DLA-2384-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2383-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2382-1] curl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2382-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 26, 2020 https://wiki.debian.org/LTS -...