1293 matches found
Debian DLA-2334-1 : ruby-websocket-extensions security update
It was discovered that there was a denial of service vulnerability in ruby-websocket-extensions, a library for managing long-lived HTTP 'WebSocket' connections. The parser took quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte...
[SECURITY] [DLA 2333-1] imagemagick security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2333-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 18, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2331-1 : posgresql-9.6 security update
Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain CREATE EXTENSION' statements. For Debian 9 stretch, this problem has been fixed in version...
Debian DLA-2328-1 : dovecot security update
Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-12100 Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673 Dovecot's NTLM implementation does not correctly check message buffer size, which lead...
Debian DLA-2326-1 : htmlunit security update
In HtmlUnit, a GUI-Less browser for Java programs, malicious JavaScript code was able to execute arbitrary Java code on the application. For Debian 9 stretch, this problem has been fixed in version 2.8-2+deb9u1. We recommend that you upgrade your htmlunit packages. For the detailed security statu...
Debian DLA-2330-1 : jruby security update
Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication...
Debian: Security Advisory (DLA-2332-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2332-2 : sane-backends regression update
A regression was introduced in DLA-2332-1, where changes in the Debian package building process triggered a bug in the sane-backends packages, causing missing files. For Debian 9 stretch, this problem has been fixed in version 1.0.25-4.1+deb9u2. We recommend that you upgrade your sane-backends...
[SECURITY] [DLA 2332-1] sane-backends security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2332-1 [email protected] https://www.debian.org/lts/security/ August 17, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
Debian: Security Advisory (DLA-2316-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2330-1] jruby security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2330-1 [email protected] https://www.debian.org/lts/security/ August 16, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
[SECURITY] [DLA 2329-1] libetpan security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2329-1 [email protected] https://www.debian.org/lts/security/ August 16, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
[SECURITY] [DLA 2327-1] lucene-solr security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2327-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 15, 2020 htps://wiki.debian.org/LTS -...
[SECURITY] [DLA 2328-1] dovecot security update
Debian LTS Advisory DLA-2328-1 [email protected] https://www.debian.org/lts/security/ August 15, 2020 https://wiki.debian.org/LTS Package : dovecot Version : 1:2.2.27-3+deb9u6 CVE ID : CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 Debian Bug : 968302 Several vulnerabilities have been...
Debian DLA-2325-1 : openjdk-8 security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure. For Debian 9 stretch, these problems have been fixed in version 8u265-b01-0+deb9u1. We recommend that you upgrade your openjdk...
[SECURITY] [DLA 2278-2] squid3 regression update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2278-2 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 13, 2020 https://wiki.debian.org/LTS -...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive information. obtain. Debian has made linux kernel 4.19 available for Debian 9.0 Stretch to address the vulnerabilities. You can install the custom...
Debian DLA-2320-1 : golang-github-seccomp-libseccomp-golang security update
A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Additionally, runc has been rebuilt with the fixed package. For Debian 9 stretch, this problem has been fixed in versi...
Debian DLA-2321-1 : firmware-nonfree new upstream version
The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later, this will provide a supported upgrade path for systems that currently use kernel and firmware...
[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2320-1 [email protected] https://www.debian.org/lts/security/ August 10, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...