Debian: Security Advisory (DLA-2354-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2354-1] ndpi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2354-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 29, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2353-1] bacula security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2353-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 29, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2352-1] php-horde-gollem security update

Debian LTS Advisory DLA-2352-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-gollem Version : 3.0.10-1+deb9u2 CVE ID : CVE-2017-15235 The File Manager gollem module in Horde Groupware has allowed remot...

[SECURITY] [DLA 2351-1] php-horde-kronolith security update

Debian LTS Advisory DLA-2351-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-kronolith Version : 4.2.19-1+deb9u2 CVE ID : CVE-2017-16906 Debian Bug : 909737 In Horde Groupware, there has been an XSS...

[SECURITY] [DLA 2350-1] php-horde-kronolith security update

Debian LTS Advisory DLA-2350-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-kronolith Version : 4.2.19-1+deb9u1 CVE ID : CVE-2017-16908 Debian Bug : 909738 In Horde Groupware, there has been an XSS vi...

Debian DLA-2345-1 : php7.0 security update

It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file. For Debian 9 'Stretch', this problem has been fixed in version 7.0.33-0+deb9u9. We recommend that you upgrade your php7.0 packages. For the...

[SECURITY] [DLA 2345-1] php7.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2345-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 26, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2341-1 : inetutils security update

In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data. For Debian 9 stretch, this problem has been fixed in version 2:1.9.4-2+deb9u1. We recommend that you upgrade your inetutils-telnetd packages. For t...

Debian DLA-2344-1 : mongodb security update

A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. For Debian 9 stretch, this problem...

Debian DLA-2342-1 : libjackson-json-java security update

Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these...

Debian DLA-2343-1 : icingaweb2 security update

A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process. For Debian 9 stretch, this problem has been fixed in version 2.4.1-1+deb9u1. We recommend that you upgrade your icingaweb2 package...

[SECURITY] [DLA 2342-1] libjackson-json-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

[SECURITY] [DLA 2341-1] inetutils security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2341-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

Debian DLA-2340-2 : sqlite3 regression update

The update of sqlite3 released as DLA-2340-1 contained an incomplete fix for CVE-2019-20218. Updated sqlite3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in version 3.16.2-5+deb9u3. We recommend that you upgrade your sqlite3 packages. For the...

Debian DLA-2338-2 : proftpd-dfsg regression update

The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftpkexhandle in contrib/modsftp/kex.c which may cause a segmentation fault and thus prevent sftp connections. For Debian 9 stretch, this problem has been fixed in version 1.3.5e+r1.3.5b-4+deb9u2. ...

Debian DLA-2339-1 : software-properties security update

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository PPA. For Debian 9 stretch, this problem has been fixed in version...

Debian DLA-2336-1 : firejail security update

Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 It was reported that firejail does not respect the end-of-options separator '--', allowing an attacker with control over the command line option...

Debian DLA-2337-1 : python2.7 security update

Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language. CVE-2018-20852 By using a malicious server an attacker might steal cookies that are meant for other domains. CVE-2019-5010 NULL pointer dereference using a specially crafted X509 certificate...

Debian DLA-2335-1 : ghostscript security update

Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files. For Debian 9 stretch, these problems have been fixed in version 9.26adfsg-0+deb9u7. We...