[SECURITY] [DLA 1753-3] proftpd-dfsg regression update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u2 Debian Bug : 929020 The update of proftpd-dfsg issued as DLA-1753-1 caused a regression when the creation of a directory failed during sftp transfer. The sftp session would be terminated instead of failing gracefully due to a non-existing...

[SECURITY] [DSA 4353-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 10, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5169-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5169-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4578-1] libvpx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4578-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update

Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272 Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null...

[SECURITY] [DLA 3776-1] nodejs security update

Debian LTS Advisory DLA-3776-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 26, 2024 https://wiki.debian.org/LTS Package : nodejs Version : 10.24.0dfsg-1deb10u4 CVE ID : CVE-2023-30590 CVE-2023-46809 CVE-2024-22025 Debian Bug : 1039990 1064055...

[SECURITY] [DLA 2596-1] tomcat8 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2594-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky March 15, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2565-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2565-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 18, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4824-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4824-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4810-2] lxml regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4810-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2124-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u9 CVE ID : CVE-2020-7059 CVE-2020-7060 Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure...

[SECURITY] [DLA 2092-1] qtbase-opensource-src security update

Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u4 CVE ID : CVE-2020-0569 In Qt5s plugin loader code as found in qtbase-opensource-src, it was possible to side-load plugins from "the" local folder in addition to a system-widely defined library path. For Debian 8 "Jessie", this problem...

[SECURITY] [DLA 2013-1] libvorbis security update

Package : libvorbis Version : 1.3.4-2+deb8u2 CVE ID : CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 Several issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. The fix for CVE-2017-14160 and CVE-2018-10393 improve the bound checking for very low sampl...

[SECURITY] [DLA 1886-1] openjdk-7 security update

Package : openjdk-7 Version : 7u231-2.6.19-1deb8u1 CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the...

[SECURITY] [DLA 1724-1] ntfs-3g security update

Package : ntfs-3g Version : 1:2014.2.15AR.2-1+deb8u4 CVE ID : CVE-2019-9755 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 8 "Jessie", this problem has been fix...

[SECURITY] [DSA 4391-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4391-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2960-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2960-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 22, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2689-1] linux security update

Debian LTS Advisory DLA-2689-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 22, 2021 https://wiki.debian.org/LTS Package : linux Version : 4.9.272-1 CVE ID : CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672...

[SECURITY] [DSA 4921-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4612-1] prosody-modules security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4612-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1798-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...

[SECURITY] [DLA 1785-1] imagemagick security update

Package : imagemagick Version : 8:6.8.9.9-5+deb8u16 CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11537 CVE-2017-12140 CVE-2017-12430 CVE-2017-12432 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-126...

[SECURITY] [DLA 1771-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1deb8u1 CVE ID : CVE-2018-14625 CVE-2018-16884 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-1000026 CVE-2019-3459 CVE-2019-3460 CVE-2019-3701 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-8980 CVE-2019-9213 Debian Bug : 904385 9181...

[SECURITY] [DLA 1736-1] dovecot security update

Package : dovecot Version : 1:2.2.13-12deb8u6 CVE ID : CVE-2019-7524 A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take...

[SECURITY] [DLA 1687-1] sox security update

Package : sox Version : 14.4.1-5+deb8u1 CVE ID : CVE-2014-8145 Debian Bug : 773720 Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package. For Debian 8 "Jessie", this problem has been fixed in version 14.4.1-5+deb8u1. We...

[SECURITY] [DSA 5900-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5900-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4857-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4857-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4839-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1784-1] postgresql-9.4 new minor release

Package : postgresql-9.4 Version : 9.4.22-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.22-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Note that the end of life of the 9.4...

[SECURITY] [DLA 1743-1] thunderbird security update

Package : thunderbird Version : 1:60.6.1-1deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code o...

[SECURITY] [DSA 5128-1] openjdk-17 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5128-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4994-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4994-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4795-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4795-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 21, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2456-1] python3.5 security update

Debian LTS Advisory DLA-2456-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez November 18, 2020 https://wiki.debian.org/LTS Package : python3.5 Version : 3.5.3-1+deb9u3 CVE ID : CVE-2019-20907 CVE-2020-26116 Debian Bug : Multiple security issues were discovere...

[SECURITY] [DSA 4595-1] debian-lan-config security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4595-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4586-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1730-3] libssh2 regression update

Package : libssh2 Version : 1.4.3-4.1+deb8u4 CVE ID : CVE-2019-3859 CVE-2019-13115 Various security problems have been additionally fixed in libssh2, an SSH client implementation written in C++. CVE-2019-3859 While investigating the impact of CVE-2019-13115 in Debian jessies version of libssh2, i...

[SECURITY] [DLA 1827-1] gvfs security update

Package : gvfs Version : 1.22.2-1+deb8u1 CVE ID : CVE-2019-12795 Debian Bug : 930376 Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File System. The gvfsd daemon opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this...

[SECURITY] [DSA 4402-1] mumble security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4402-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1611-1] libav security update

Package : libav Version : 6:11.12-1deb8u2 CVE ID : CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 Severa...

[SECURITY] [DLA 2558-2] xterm regression update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2558-2 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 21, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2048-1] libxml2 security update

Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u8 CVE ID : CVE-2019-19956 It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 "Jessie", this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8. We recommend...

[SECURITY] [DSA 4593-1] freeimage security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4593-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre December 27, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1918-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u3 CVE ID : CVE-2019-16163 Debian Bug : 939988 The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process. For Debian 8 "Jessie", this problem has been fix...

[SECURITY] [DSA 4383-1] libvncserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4383-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5111-1] zlib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5111-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 01, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4919-1] lz4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4919-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2227-1] bind9 security update

Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u19 CVE ID : CVE-2020-8616 CVE-2020-8617 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An...

[SECURITY] [DSA 4514-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4514-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1863-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u4deb8u1 CVE ID : CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges und...