14313 matches found
[SECURITY] [DLA 2424-1] tzdata new upstream version
------------------------------------------------------------------------- Debian LTS Advisory DLA-2424-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk October 31, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2051-1] intel-microcode security update
Package : intel-microcode Version : 3.20191115.2deb8u1 CVE ID : CVE-2019-11135 CVE-2019-11139 This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA TSX Asynchronous Abort vulnerability. For affected CPUs, to fully mitigate the...
[SECURITY] [DLA 2415-1] freetype security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2415-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 25, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3114-1] mariadb-10.3 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3114-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 16, 2022 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4909-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4909-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1569-1] libdatetime-timezone-perl new upstream release
Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g This update includes the changes in tzdata 2018g for the Perl bindings. For the list of changes, see DLA-1363-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018g. We recommend that you upgrade your...
[SECURITY] [DLA 1568-1] curl security update
Package : curl Version : 7.38.0-4+deb8u13 CVE ID : CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839 CVE-2018-16842 Debian Bug : 848958 837945 836918 Several vulnerabilities were discovered in cURL, an URL transfer library. CVE-2016-7141 When built with NSS and the libnsspem.so library is...
[SECURITY] [DSA 4335-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4335-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1571-1] firefox-esr security update
Package : firefox-esr Version : 60.3.0esr-1deb8u1 CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code,...
[SECURITY] [DSA 4334-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4334-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1566-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.62-0+deb8u1 CVE ID : CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MyS...
[SECURITY] [DLA 1570-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.37-0+deb8u1 CVE ID : CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.37. Please s...
[SECURITY] [DLA 1565-1] glusterfs security update
Package : glusterfs Version : 3.5.2-2+deb8u5 CVE ID : CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14659 CVE-2018-14661 Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure,...
[SECURITY] [DSA 4333-1] icecast2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4469-1] libvirt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4331-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4331-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1572-1] nginx security update
Package : nginx Version : 1.6.2-5+deb8u6 CVE ID : CVE-2018-16845 Debian Bug : 913090 It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when...
[SECURITY] [DLA 1567-1] gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u1 CVE ID : CVE-2018-18718 Debian Bug : 912290 CVE-2018-18718 - CWE-415: Double Free The product calls free twice on the same memory address, potentially leading to modification of unexpected memory locations. There is a suspected double-free bug with...
[SECURITY] [DSA 4330-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update
From: Emilio Pozuelo Monfort [email protected] To: [email protected] Subject: SECURITY DLA 1569-2 libdatetime-timezone-perl regression update Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g.1 The previous update of libdatetime-timezone-perl to tzdata version 2018g w...
[SECURITY] [DLA 1838-1] mupdf security update
Package : mupdf Version : 1.5-1+deb8u6 CVE ID : CVE-2018-5686 CVE-2019-6130 CVE-2018-6192 Debian Bug : 887130 888487 918971 Several minor issues have been fixed in mupdf, a lightweight PDF viewer tailored for display of high quality anti-aliased graphics. CVE-2018-5686 In MuPDF, there was an...
[SECURITY] [DLA 1564-1] mono security update
Package : mono Version : 3.2.8+dfsg-10+deb8u1 CVE ID : CVE-2009-0689 It was found that Mono’s string-to-double parser may crash, on specially crafted input. This could lead to arbitrary code execution. CVE-2018-1002208: Mono embeds the sharplibzip library which is vulnerable to directory traversa...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1556-1] paramiko security update
Package : paramiko Version : 1.15.1-1+deb8u1 CVE ID : CVE-2018-7750 CVE-2018-1000805 CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processi...
[SECURITY] [DSA 4371-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4371-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4472-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4472-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1555-1] libmspack security update
Package : libmspack Version : 0.5-1+deb8u3 CVE ID : CVE-2018-18584 CVE-2018-18585 CVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write. CVE-2018-18585 Blank filenames having length zero or their 1st or 2nd...
[SECURITY] [DSA 4337-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4337-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1562-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u5 CVE ID : CVE-2017-18267 CVE-2018-10768 CVE-2018-13988 CVE-2018-16646 Debian Bug : 898357 909802 Various security issues were discovered in the poppler PDF rendering shared library. CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc i...
[SECURITY] [DSA 4338-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4338-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1744-1] tzdata new upstream version
Package : tzdata Version : 2019a-0+deb8u1 This update includes the changes in tzdata 2019a. Notable changes are: - Palestine started DST on 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 a...
[SECURITY] [DSA 4495-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1574-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u15 CVE ID : CVE-2018-18025 CVE-2018-18025 Fix for heap-based buffer over-read which can result in a denial of service via a crafted file. For Debian 8 "Jessie", this problem has been fixed in version 8:6.8.9.9-5+deb8u15. We recommend that you upgra...
[SECURITY] [DLA 1577-1] xen security update
Package : xen Version : 4.4.4lts4-0+deb8u1 CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege...
[SECURITY] [DLA 1561-1] phpldapadmin security update
Package : phpldapadmin Version : 1.2.2-5.2+deb8u1 CVE ID : CVE-2017-11107 Debian Bug : 867719 It was discovered that there was a cross-site scripting XSS vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1575-1] thunderbird security update
Package : thunderbird Version : 1:60.3.0-1deb8u1 CVE ID : CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393...
[SECURITY] [DLA 1578-1] spamassassin security update
Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...
[SECURITY] [DSA 4726-1] nss security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4726-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4387-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1560-1] gnutls28 security update
Package : gnutls28 Version : 3.3.30-0+deb8u1 CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS...
[SECURITY] [DLA 1558-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u6 CVE ID : CVE-2018-16395 CVE-2018-16396 CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 "Jessie", these problems have been fixed in...
[SECURITY] [DSA 4387-2] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-2 [email protected] https://www.debian.org/security/ Yves-Alexis Perez March 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1563-1] tzdata new upstream version
Package : tzdata Version : 2018g-0+deb8u1 tzdata upstream released version 2018g. Notables changes since 2018e previous version available in jessie include: - Morocco switched to permanent +01 on 2018-10-27. - Volgograd moved from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not...
[SECURITY] [DLA 1559-1] xen security update
Package : xen Version : 4.4.4lts3-0+deb8u1 CVE ID : CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-17044 CVE-2017-17045 CVE-2018-10472 CVE-2018-10981 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations...
[SECURITY] [DLA 1573-1] firmware-nonfree security update
Package : firmware-nonfree Version : 20161130-4deb8u1 CVE ID : CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 Debian Bug : 620066 724970 769633 774914 790061 793544 793874 795303 800090 800440 800820 801514 802970 803920 808792...
[SECURITY] [DLA 1576-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u1 CVE ID : CVE-2018-16837 Debian Bug : 912297 It was discovered that there was a potential SSH passphrase disclosure vulnerability in the ansible configuration management system, The "User" module leaked data that was passed as a parameter to the...
[SECURITY] [DSA 4321-2] graphicsmagick update
------------------------------------------------------------------------- Debian Security Advisory DSA-4321-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4339-1] ceph security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4329-1] teeworlds security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4329-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...