14409 matches found
[SECURITY] [DLA 2538-1] mariadb-10.1 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2538-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 31, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2493-1] openssl1.0 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2493-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 14, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2223-1] salt security update
Package : salt Version : 2014.1.13+ds-3+deb8u1 CVE ID : CVE-2020-11651 CVE-2020-11652 Debian Bug : 959684 Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software. CVE-2020-11651 The salt-master process ClearFuncs class does not...
[SECURITY] [DSA 4689-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4526-1] opendmarc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4526-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1895-1] libmspack security update
Package : libmspack Version : 0.5-1+deb8u4 CVE ID : CVE-2019-1010305 JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information. For Debian 8 "Jessie", this problem has...
[SECURITY] [DLA 1894-1] libapache2-mod-auth-openidc security
Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u1 CVE ID : CVE-2019-1010247 Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll...
[SECURITY] [DLA 1852-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u5 CVE ID : CVE-2019-9948 The urllib library in Python ships support for a second, not well known URL scheme for accessing local files "localfile://". This scheme can be used to circumvent protections that try to block local file access and only block the...
[SECURITY] [DLA 1813-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read...
[SECURITY] [DLA 1791-1] faad2 security update
Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to...
[SECURITY] [DLA 1708-1] zabbix security update
Package : zabbix Version : 1:2.2.23+dfsg-0+deb8u1 CVE ID : CVE-2016-10742 CVE-2017-2826 Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution. CVE-2016-10742 Zabbix allowed remote attackers to redirect to external links by misusing the request...
[SECURITY] [DSA 4348-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA-1589-1] keepalived security update
Package : icecast2 Version : 1:1.2.13-1+deb8u1 CVE ID : CVE-2018-19115 Debian Bug : 914393 keepalived has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 5563-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5563-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 23, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2953-1] openssl1.0 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2953-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 17, 2022 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4942-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2378-1] openssl1.0 security update
Debian LTS Advisory DLA-2378-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 25, 2020 https://wiki.debian.org/LTS Package : openssl1.0 Version : 1.0.2u-1deb9u2 CVE ID : CVE-2020-1968 Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovs...
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4584-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4455-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1794-1] libspring-security-2.0-java security update
Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance, resultin...
[SECURITY] [DLA 1717-1] rdflib security update
Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...
[SECURITY] [DSA 4373-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4373-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3704-1] memcached security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3704-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5367-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5367-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5020-1] apache-log4j2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5020-1 [email protected] https://www.debian.org/security/ Markus Koschany December 11, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2340-2] sqlite3 regression update
Debian LTS Advisory DLA-2340-2 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 10, 2020 https://wiki.debian.org/LTS Package : sqlite3 Version : 3.16.2-5+deb9u3 CVE ID : CVE-2019-20218 The update of sqlite3 released as DLA-2340-1 contained an incomplete...
[SECURITY] [DSA 4807-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4807-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4693-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2213-1] exim4 security update
Package : exim4 Version : 4.84.2-2+deb8u7 CVE ID : CVE-2020-12783 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
Package : gst-plugins-base0.10 Version : 0.10.36-2+deb8u2 CVE ID : CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an...
[SECURITY] [DSA 4555-1] pam-python security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4555-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1956-1] ruby-openid security update
Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...
[SECURITY] [DSA 4539-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1866-1] glib2.0 security update
Package : glib2.0 Version : 2.42.1-1+deb8u2 CVE ID : CVE-2018-16428 CVE-2018-16429 CVE-2019-13012 Debian Bug : 931234 Various minor issues have been addressed in the GLib library. GLib is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME. CVE-2018-16428 In GNOME...
[SECURITY] [DLA 1776-1] librecad security update
Package : librecad Version : 2.0.4-1+deb8u1 CVE ID : CVE-2018-19105 Debian Bug : 928477 A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause other unspecified impact when opening a specially crafted file. For Debian 8...
[SECURITY] [DLA 1767-1] monit security update
Package : monit Version : 1:5.9-1+deb8u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file...
[SECURITY] [DSA 2161-2] OpenJDK security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2161-2 [email protected] http://www.debian.org/security/ Florian Weimer February 14, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DLA 2668-1] samba security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2668-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 29, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4859-1] libzstd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4859-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 20, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2076-1] slirp security update
Package : slirp Version : 1:1.0.17-7+deb8u1 CVE ID : CVE-2020-7039 Debian Bug : 949085 An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead t...
[SECURITY] [DLA 2020-1] libonig security update
Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...
[SECURITY] [DLA 1954-1] lucene-solr security update
Package : lucene-solr Version : 3.6.2+dfsg-5+deb8u3 CVE ID : CVE-2019-0193 A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole...
[SECURITY] [DSA 4423-1] putty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4423-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1676-1] unbound security update
Package : unbound Version : 1.4.22-3+deb8u4 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...
[SECURITY] [DLA 1646-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u9 CVE ID : CVE-2018-17958 CVE-2018-19364 CVE-2018-19489 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-17958 The rtl8139 emulator is affected by an integer overflow and subsequent buffer overflow. This vulnerability migh...
[SECURITY] [DSA 4319-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5059-1] policykit-1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5059-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 25, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4864-1] python-aiohttp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4864-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2021 https://www.debian.org/security/faq -...