[SECURITY] [DLA 1954-1] lucene-solr security update

Package : lucene-solr Version : 3.6.2+dfsg-5+deb8u3 CVE ID : CVE-2019-0193 A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole...

[SECURITY] [DLA 1837-1] rdesktop security update

Package : rdesktop Version : 1.8.6-0+deb8u1 Debian Bug : 930387 Several security vulnerabilities were discovered in the rdesktop RDP client, which could result in buffer overflows and execution of arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 1.8.6-0+deb8u1. We...

[SECURITY] [DSA 4406-1] waagent security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4406-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1676-1] unbound security update

Package : unbound Version : 1.4.22-3+deb8u4 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...

[SECURITY] [DLA 3011-1] vim security update

Debian LTS Advisory DLA-3011-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 16, 2022 https://wiki.debian.org/LTS Package : vim Version : 2:8.0.0197-4+deb9u6 CVE ID : CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443 CVE-2022-0572 CVE-2022-1154...

[SECURITY] [DLA 2574-1] openldap security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2574-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 21, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2440-1] poppler security update

Debian LTS Advisory DLA-2440-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 08, 2020 https://wiki.debian.org/LTS Package : poppler Version : 0.48.0-2+deb9u4 CVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058 CVE-2018-20650 CVE-2018-20662 CVE-2019-73...

[SECURITY] [DLA 2382-1] curl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2382-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 26, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4757-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4757-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 31, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2069-1] cacti security update

Package : cacti Version : 0.8.8b+dfsg-8+deb8u9 CVE ID : CVE-2020-7106 It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We...

[SECURITY] [DLA 1962-1] graphite-web security update

Package : graphite-web Version : 0.9.12+debian-6+deb8u1 CVE ID : CVE-2017-18638 The sendemail function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource...

[SECURITY] [DLA 1900-2] apache2 regression update

Package : apache2 Version : 2.4.10-10+deb8u16 CVE ID : CVE-2019-10092 Debian Bug : 941202 The update of apache2 released as DLA-1900-1 contained an incomplete fix for CVE-2019-10092, a limited cross-site scripting issue affecting the modproxy error page. The old patch rather introduced a new CSRF...

[SECURITY] [DLA 1886-2] openjdk-7 regression update

Package : openjdk-7 Version : 7u231-2.6.19-1deb8u2 Debian Bug : 935082 750400 The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream develope...

[SECURITY] [DLA 1828-1] python-urllib3 security update

Package : python-urllib3 Version : 1.9.1-3+deb8u1 CVE ID : CVE-2019-11236 Debian Bug : 927172 A vulnerability was discovered in python-urllib3, an HTTP library with thread-safe connection pooling, whereby an attacker can inject CRLF characters in the request parameter. For Debian 8 "Jessie", this...

[SECURITY] [DLA 1703-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u5 CVE ID : CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 Several deserialization flaws were discovered in jackson-databind, a fast and powerful...

[SECURITY] [DSA 4377-2] rssh regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4345-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3129-1] gdal security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3129-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2691-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2691-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 25, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4643-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4630-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4624-1] evince security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4624-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4592-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4454-2] qemu regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4454-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1793-1] dhcpcd5 security update

Package : dhcpcd5 Version : 6.0.5-2+deb8u1 CVE ID : CVE-2019-11579 Debian Bug : 928104 It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version 6.0.5-2+deb8u1. Thanks to Ro...

[SECURITY] [DLA 1792-1] ghostscript security update

Package : ghostscript Version : 9.26adfsg-0+deb8u3 CVE ID : CVE-2019-3839 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER...

[SECURITY] [DLA 1786-1] qt4-x11 security update

Package : qt4-x11 Version : 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 CVE ID : CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19873 Debian Bug : 923003 Multiple issues have been addressed in Qt4. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted...

[SECURITY] [DLA 1692-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web servers user can access. This is related to the mysql.allowlocalinfile PHP configuration. Wh...

[SECURITY] [DLA 1596-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u6 CVE ID : CVE-2018-19132 Debian Bug : 912294 It was discovered that there can be a denial of service DoS vulnerability in squid3 due to a memory leak in SNMP query rejection code when SNMP is enabled. In environments where per-process memory restrictions a...

[SECURITY] [DSA 4659-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2033-1] php-horde security update

Package : php-horde Version : 5.2.1+debian0-2+deb8u5 CVE ID : CVE-2019-12095 A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DLA 1980-1] wordpress security update

Package : wordpress Version : 4.1.28+dfsg-0+deb8u1 CVE ID : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671 CVE-2019-17675 Debian Bug : 942459 Several vulnerabilities in wordpress, a web blogging tool, have been fixed. CVE-2019-17669 Server Side Request Forgery SSRF vulnerability because URL...

[SECURITY] [DSA 4549-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4549-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4548-1] openjdk-8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4548-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1920-1] golang-go.crypto security update

Package : golang-go.crypto Version : 0.0hg190-1+deb8u2 CVE ID : CVE-2019-11841 This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidatin...

[SECURITY] [DLA 1760-1] wget security update

Package : wget Version : 1.16-1+deb8u6 CVE ID : CVE-2019-5953 Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers IRI in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code o...

[SECURITY] [DLA 1693-1] gpac security update

Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u2 CVE ID : CVE-2018-7752 CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all...

[SECURITY] [DLA 1690-1] liblivemedia security update

Package : liblivemedia Version : 2014.01.13-1+deb8u2 CVE ID : CVE-2019-6256 CVE-2019-7314 Debian Bug : 919529 Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library: CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to ...

[SECURITY] [DLA 1648-1] firefox-esr security update

Package : firefox-esr Version : 60.5.0esr-1deb8u1 CVE ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For Debian 8 "Jessie",...

[SECURITY] [DSA 4376-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4359-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4359-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5096-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5096-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4945-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4945-1 [email protected] https://www.debian.org/security/ Alberto Garcia July 28, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2228-1] json-c security update

Package : json-c Version : 0.11-4+deb8u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. For Debian 8 "Jessie", this problem has been fixed in version 0.11-4+deb8u1. ...

[SECURITY] [DSA 4692-1] netqmail security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4677-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4667-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4667-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4568-1] postgresql-common security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4568-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1991-1] libssh2 security update

Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server m...

[SECURITY] [DSA 4547-1] tcpdump security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4547-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2019 https://www.debian.org/security/faq -...