[SECURITY] [DLA 2365-1] netty-3.9 security update

Debian LTS Advisory DLA-2365-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 04, 2020 https://wiki.debian.org/LTS Package : netty-3.9 Version : 3.9.9.Final-1+deb9u1 CVE ID : CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 Debian Bug : 941266 950966...

[SECURITY] [DLA 2364-1] netty security update

Debian LTS Advisory DLA-2364-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 04, 2020 https://wiki.debian.org/LTS Package : netty Version : 1:4.1.7-2+deb9u2 CVE ID : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 Debian Bug : 950966 9509...

Debian DLA-2363-1 : asyncpg security update

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2362-1 : uwsgi security update

Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. For Debian 9 stretch, this problem has been fixed in version...

Debian: Security Advisory (DLA-2362-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2363-1] asyncpg security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2363-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta September 03, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2362-1] uwsgi security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2362-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta September 03, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2361-1 : libx11 security update

Jayden Rivers found an integer overflow in the initom function of libX11, the X11 client-side library, which could lead to a double free. For Debian 9 stretch, this problem has been fixed in version 2:1.6.4-3+deb9u3. We recommend that you upgrade your libx11 packages. For the detailed security...

[SECURITY] [DLA 2360-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2360-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 31, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2357-1 : ros-actionlib security update

Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library. For Debian 9 stretch, this problem has been fixed in version 1.11.7-1+deb9u1. We recommend that you upgrade your ros-actionlib packages. For the detailed security status of ros-actionlib please refer to its securi...

Debian DLA-2349-1 : php-horde security update

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version 5.2.13+debian0-1+deb9u3. We recommend that you upgrade your php-horde packages. For the detailed security status...

Debian DLA-2347-1 : libvncserver security update

Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol. CVE-2019-20839 libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename. CVE-2020-14397 libvncserver/rfbregion.c has a NULL pointer dereferenc...

Debian DLA-2351-1 : php-horde-kronolith security update

In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a 'Calendar - New Event' action. For Debian 9 stretch, this problem has been fixed in version 4.2.19-1+deb9u2. We recommend that you upgrade your php-horde-kronolith packages. For the detailed...

Debian DLA-2348-1 : php-horde-core security update

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version 2.27.6+debian1-2+deb9u1. We recommend that you upgrade your php-horde-core packages. For the detailed security...

Debian DLA-2350-1 : php-horde-kronolith security update

In Horde Groupware, there has been an XSS via the Name field during creation of a new Resource. This could have been leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. For Debian 9 stretch, thi...

Debian: Security Advisory (DLA-2357-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2358-1 : openexr security update

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files. For Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u1. We recommend that y...

Debian DLA-2359-1 : xorg-server security update

Several issues have been found in xorg-server, the X server from xorg. Basically all issues are out-of-bounds access or integer underflows in different request handlers. One CVE is about a leak of uninitialize heap memory to clients. For Debian 9 stretch, these problems have been fixed in version...

[SECURITY] [DLA 2359-1] xorg-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2359-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 30, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2357-1] ros-actionlib security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2357-1 [email protected] https://www.debian.org/lts/security/ August 30, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...