[SECURITY] [DLA 1791-1] faad2 security update

Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to...

[SECURITY] [DSA 4348-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA-1589-1] keepalived security update

Package : icecast2 Version : 1:1.2.13-1+deb8u1 CVE ID : CVE-2018-19115 Debian Bug : 914393 keepalived has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code...

[SECURITY] [DLA 2753-1] qemu security update

Debian LTS Advisory DLA-2753-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 02, 2021 https://wiki.debian.org/LTS Package : qemu Version : 1:2.8+dfsg-6+deb9u15 CVE ID : CVE-2021-3527 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3713...

[SECURITY] [DLA 2538-1] mariadb-10.1 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2538-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 31, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2493-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2493-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 14, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2378-1] openssl1.0 security update

Debian LTS Advisory DLA-2378-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 25, 2020 https://wiki.debian.org/LTS Package : openssl1.0 Version : 1.0.2u-1deb9u2 CVE ID : CVE-2020-1968 Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovs...

[SECURITY] [DLA 2223-1] salt security update

Package : salt Version : 2014.1.13+ds-3+deb8u1 CVE ID : CVE-2020-11651 CVE-2020-11652 Debian Bug : 959684 Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software. CVE-2020-11651 The salt-master process ClearFuncs class does not...

[SECURITY] [DLA 1966-1] aspell security update

Package : aspell Version : 0.60.720110707-1.3+deb8u1 CVE ID : CVE-2019-17544 It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. For Debian 8 "Jessie",...

[SECURITY] [DSA 4526-1] opendmarc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4526-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 19, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1794-1] libspring-security-2.0-java security update

Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance, resultin...

[SECURITY] [DLA 1708-1] zabbix security update

Package : zabbix Version : 1:2.2.23+dfsg-0+deb8u1 CVE ID : CVE-2016-10742 CVE-2017-2826 Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution. CVE-2016-10742 Zabbix allowed remote attackers to redirect to external links by misusing the request...

[SECURITY] [DLA 1645-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u17 CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol - PMUL, a reliable multicast...

[SECURITY] [DSA 4373-1] coturn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4373-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3704-1] memcached security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3704-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SECURITY] [DSA 5367-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5367-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2953-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2953-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 17, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4942-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2340-2] sqlite3 regression update

Debian LTS Advisory DLA-2340-2 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 10, 2020 https://wiki.debian.org/LTS Package : sqlite3 Version : 3.16.2-5+deb9u3 CVE ID : CVE-2019-20218 The update of sqlite3 released as DLA-2340-1 contained an incomplete...

[SECURITY] [DSA 4807-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4807-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 08, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4693-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update

Package : gst-plugins-base0.10 Version : 0.10.36-2+deb8u2 CVE ID : CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4555-1] pam-python security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4555-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1956-1] ruby-openid security update

Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...

[SECURITY] [DSA 4539-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1866-1] glib2.0 security update

Package : glib2.0 Version : 2.42.1-1+deb8u2 CVE ID : CVE-2018-16428 CVE-2018-16429 CVE-2019-13012 Debian Bug : 931234 Various minor issues have been addressed in the GLib library. GLib is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME. CVE-2018-16428 In GNOME...

[SECURITY] [DLA 1776-1] librecad security update

Package : librecad Version : 2.0.4-1+deb8u1 CVE ID : CVE-2018-19105 Debian Bug : 928477 A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause other unspecified impact when opening a specially crafted file. For Debian 8...

[SECURITY] [DLA 1717-1] rdflib security update

Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...

[SECURITY] [DSA 2161-2] OpenJDK security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2161-2 [email protected] http://www.debian.org/security/ Florian Weimer February 14, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 5020-1] apache-log4j2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5020-1 [email protected] https://www.debian.org/security/ Markus Koschany December 11, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4859-1] libzstd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4859-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 20, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2213-1] exim4 security update

Package : exim4 Version : 4.84.2-2+deb8u7 CVE ID : CVE-2020-12783 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 "Jessie", this problem...

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...

[SECURITY] [DSA 4455-1] heimdal security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1767-1] monit security update

Package : monit Version : 1:5.9-1+deb8u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file...

[SECURITY] [DSA 4319-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5563-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5563-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 23, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2668-1] samba security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2668-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 29, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2409-1] mariadb-10.1 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2409-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 21, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2076-1] slirp security update

Package : slirp Version : 1:1.0.17-7+deb8u1 CVE ID : CVE-2020-7039 Debian Bug : 949085 An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead t...

[SECURITY] [DSA 4599-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2054-1] jhead security update

Package : jhead Version : 1:2.97-1+deb8u2 CVE ID : CVE-2018-16554 CVE-2018-17088 CVE-2019-1010301 CVE-2019-1010302 Debian Bug : 907925 908176 932145 932146 Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files. For Debian 8...

[SECURITY] [DLA 1954-1] lucene-solr security update

Package : lucene-solr Version : 3.6.2+dfsg-5+deb8u3 CVE ID : CVE-2019-0193 A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole...

[SECURITY] [DLA 1837-1] rdesktop security update

Package : rdesktop Version : 1.8.6-0+deb8u1 Debian Bug : 930387 Several security vulnerabilities were discovered in the rdesktop RDP client, which could result in buffer overflows and execution of arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 1.8.6-0+deb8u1. We...

[SECURITY] [DSA 4423-1] putty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4423-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1676-1] unbound security update

Package : unbound Version : 1.4.22-3+deb8u4 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...

[SECURITY] [DLA 3011-1] vim security update

Debian LTS Advisory DLA-3011-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 16, 2022 https://wiki.debian.org/LTS Package : vim Version : 2:8.0.0197-4+deb9u6 CVE ID : CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443 CVE-2022-0572 CVE-2022-1154...