[SECURITY] [DSA 4439-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4439-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4390-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4390-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1615-1] nagios3 security update

Package : nagios3 Version : 3.5.1.dfsg-2+deb8u1 CVE ID : CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 CVE-2018-18245 Debian Bug : 771466 823721 917138 Several issues were corrected in nagios3, a monitoring and management system for hosts, services and networks. CVE-2018-18245 Maximilia...

[SECURITY] [DLA 1602-1] nsis security update

Package : nsis Version : 2.46-10+deb8u1 CVE ID : CVE-2015-9267 CVE-2015-9268 Among others, Andre Heinicke from gpg4win.org found several issues of nsis, a tool for creating quick and user friendly installers for Microsoft Windows operating systems. The issues are fixed by ... ... using...

[SECURITY] [DLA 1422-2] linux security update

Package : linux Version : 3.16.57-2 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 The previous update to linux failed to buil...

[SECURITY] [DSA 5089-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5089-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4833-2] gst-plugins-bad1.0 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4833-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2369-1] libxml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2369-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 09, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4516-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4516-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1849-1] zeromq3 security update

Package : zeromq3 Version : 4.0.5+dfsg-2+deb8u2 CVE ID : CVE-2019-13132 Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket...

[SECURITY] [DLA 1787-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u2deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into...

[SECURITY] [DLA 1778-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u5 CVE ID : CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection...

[SECURITY] [DSA 4413-1] ntfs-3g security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4982-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4982-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 08, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2563-1] openssl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2563-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 18, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2437-1] krb5 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2437-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 07, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4614-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1873-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u3 CVE ID : CVE-2019-12815 Debian Bug : 932453 Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. For Debian 8 "Jessie", this problem has...

[SECURITY] [DSA 4477-1] zeromq3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4477-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1734-1] libraw security update

Package : libraw Version : 0.16.0-9+deb8u4 CVE ID : CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5808 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Secunia Research has discovered multiple vulnerabilities in libraw, a raw image decoder library, which can be exploited to cause a Denial of Servic...

[SECURITY] [DLA 1728-1] openssh security update

Package : openssh Version : 1:6.7p1-5+deb8u8 CVE ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Debian Bug : 793412 919101 923486 Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer...

[SECURITY] [DSA 4416-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4388-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4774-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2034-1] davical security update

Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DLA 1766-1] evolution security update

Package : evolution Version : 3.12.9git20141130.241663-1+deb8u1 CVE ID : CVE-2018-15587 Debian Bug : 924616 Hanno Böck discovered that GNOME Evolution is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the...

[SECURITY] [DLA 1749-1] golang security update

Package : golang Version : 2:1.3.3-1+deb8u2 CVE ID : CVE-2019-9741 Debian Bug : 924630 It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For...

[SECURITY] [DLA 1674-1] php5 security update

Package : php5 Version : 5.6.39+dfsg-0+deb8u2 CVE ID : CVE-2018-1000888 php-pear in php5 contains CWE-502 Deserialization of Untrusted Data and CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in its ArchiveTar class. When extract is called...

[SECURITY] [DLA 1660-1] rssh security update

Package : rssh Version : 2.3.4-4+deb8u2 CVE ID : CVE-2019-3463 CVE-2019-3464 More vulnerabilities were found by Nick Cleaton in the rssh code that could lead to arbitrary code execution under certain circumstances. CVE-2019-3463 reject rsync --daemon and --config command-line options; arbitrary...

[SECURITY] [DLA 1630-1] libav security update

Package : libav Version : 6:11.12-1deb8u4 CVE ID : CVE-2017-9993 CVE-2017-9994 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14170 CVE-2017-14171 CVE-2017-14767 CVE-2017-15672 CVE-2017-17130 CVE-2018-6621 CVE-2018-7557 CVE-2018-14394 CVE-2018-1999010 Several security vulnerabilities were...

[SECURITY] [DSA 2292-1] ISC DHCP security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2292-1 [email protected] http://www.debian.org/security/ Florian Weimer August 11, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 5022-1] apache-log4j2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5022-1 [email protected] https://www.debian.org/security/ Markus Koschany December 16, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4822-1] p11-kit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4822-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2221-1] sqlite3

Package : sqlite3 Version : 3.8.7.1-1+deb8u6 CVE ID : CVE-2020-13434 An integer overflow vulnerability was found in the sqlite3strvappendf function of the src/printf.c file of sqlite3 from version 3.8.3. For Debian 8 "Jessie", this problem has been fixed in version 3.8.7.1-1+deb8u6. We recommend...

[SECURITY] [DLA 1992-1] ghostscript security update

Package : ghostscript Version : 9.26adfsg-0+deb8u6 CVE ID : CVE-2019-14869 Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions...

[SECURITY] [DSA 4553-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4553-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1965-1] nfs-utils security update

Package : nfs-utils Version : 1.2.8-9+deb8u1 CVE ID : CVE-2019-3689 Debian Bug : 940848 In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and manag...

[SECURITY] [DSA 4540-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4540-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1825-1] kdepim security update

Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart...

[SECURITY] [DLA 1739-1] rails security update

Package : rails Version : 2:4.1.8-1+deb8u5 CVE ID : CVE-2019-5418 CVE-2019-5419 Debian Bug : 924520 John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to render fil...

[SECURITY] [DSA 4415-1] passenger security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4689-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2161-1] tika security update

Package : tika Version : 1.5-1+deb8u1 CVE ID : CVE-2020-1950 CVE-2020-1951 Debian Bug : 954302 954303 Two security issues have been detected in tika and fixed. CVE-2020-1950: carefully crafted or corrupt PSD file can cause excessive memory usage in Apache. CVE-2020-1951: Infinite Loop DoS...

[SECURITY] [DSA 4615-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4615-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1949-1] xen security update

Package : xen Version : 4.4.4lts5-0+deb8u1 CVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 XSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalatio...

[SECURITY] [DSA 4527-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4527-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1895-1] libmspack security update

Package : libmspack Version : 0.5-1+deb8u4 CVE ID : CVE-2019-1010305 JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information. For Debian 8 "Jessie", this problem has...

[SECURITY] [DLA 1894-1] libapache2-mod-auth-openidc security

Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u1 CVE ID : CVE-2019-1010247 Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll...

[SECURITY] [DLA 1852-1] python3.4 security update

Package : python3.4 Version : 3.4.2-1+deb8u5 CVE ID : CVE-2019-9948 The urllib library in Python ships support for a second, not well known URL scheme for accessing local files "localfile://". This scheme can be used to circumvent protections that try to block local file access and only block the...

[SECURITY] [DLA 1813-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read...