1293 matches found
[SECURITY] [DLA 2287-1] poppler security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2287-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 23, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2285-1 : librsvg security update
Several vulnerabilities have been found in librsvg, an SVG rendering library. This update corrects some denial of service issues via exponential element processing, stack exhaustion or application crash when processing specially crafted files, as well as some memory safety issues. For Debian 9...
Debian DLA-2282-1 : rails security update
Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8163 A code injection vulnerability in Rails would allow an...
[SECURITY] [DLA 2284-1] ksh security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2284-1 [email protected] https://www.debian.org/lts/security/ Brian May July 21, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
[SECURITY] [DLA 2282-1] rails security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2282-1 [email protected] https://www.debian.org/lts/security/ July 20, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package :...
Debian: Security Advisory (DLA-2276-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2273-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2277-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2281-1] evolution-data-server security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2281-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 16, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2277-1 : openjpeg2 security update
The following CVEs were reported against src:openjpeg2. CVE-2019-12973 In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...
Debian DLA-2275-1 : ruby-rack security update
The following CVEs were reported against src:ruby-rack. CVE-2020-8161 A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure...
Debian DLA-2278-3 : squid3 regression update
The update of squid3 released as DLA-2278-2 introduced a regression due to the updated fix for CVE-2019-12529. The new Kerberos authentication code prevented base64 token negotiation. Updated squid3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixe...
Debian DLA-2279-1 : tomcat8 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2020-9484 When using Apache Tomcat and an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c...
[SECURITY] [DLA 2277-1] openjpeg2 security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2277-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 11, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
Debian DLA-2274-1 : fwupd security update
It was discovered that there was a possible signature verification issue in firmware update daemon library 'fwupd' as the return value of gpgmeopverifyresult was not being checked. For Debian 9 'Stretch', this issue has been fixed in fwupd version 0.7.4-2+deb9u1. We recommend that you upgrade you...
Debian DLA-2273-1 : shiro security update
It was discovered that there was two issues in shiro, a security framework for Java application : - CVE-2020-1957: Fix a path-traversal issue where a specially crafted request could cause an authentication bypass. - CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous...
[SECURITY] [DLA 2273-1] shiro security update
Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...
[SECURITY] [DLA 2272-1] Debian 8 Long Term Support reaching end-of-life
The Debian Long Term Support LTS Team hereby announces that Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015. Debian will not provide further security updates for Debian 8. A subset of jessie packages will be supported by...
Debian DSA-4718-1 : thunderbird - security update
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4718. The text...
[SECURITY] [DSA 4706-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4706-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2020 https://www.debian.org/security/faq -...