[SECURITY] [DLA 1940-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.189-3+deb9u1deb8u1 CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821...

[SECURITY] [DLA 1718-1] sqlalchemy security update

Package : sqlalchemy Version : 0.9.8+dfsg-0.1+deb8u1 CVE ID : CVE-2019-7164 CVE-2019-7548 Debian Bug : 922669 Two vulnerabilities were discovered in SQLALchemy, a Python SQL Toolkit and Object Relational Mapper. CVE-2019-7164 SQLAlchemy allows SQL Injection via the orderby parameter. CVE-2019-754...

[SECURITY] [DLA 1608-1] php5 security update

Package : php5 Version : 5.6.39+dfsg-0+deb8u1 CVE ID : CVE-2018-19518 CVE-2018-19935 Vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. Note that this update includes a change to the default behavior for IMAP connections. See below for details...

[SECURITY] [DLA 1606-1] gcc-4.9 bugfix update

Package : gcc-4.9 Version : 4.9.2-10+deb8u2 Debian Bug : 727621 This update fixes libstdc++ std::future support on armel, which is necessary to get firefox-esr and thunderbird updates built on that architecture. For Debian 8 "Jessie", this problem has been fixed in version 4.9.2-10+deb8u2. Furthe...

[SECURITY] [DSA 5895-1] xz-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5895-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3588-1] vim security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3588-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 29, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5477-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5477-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 14, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5376-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2742-1] ffmpeg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2742-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky August 14, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2558-1] xterm security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2558-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 14, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2488-2] python-apt regression update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2488-2 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 26, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2478-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2478-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4680-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4625-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4625-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 15, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1933-1] ruby-nokogiri security update

Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477 A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend th...

[SECURITY] [DLA 1871-1] vim security update

Package : vim Version : 2:7.4.488-7+deb8u4 CVE ID : CVE-2017-11109 CVE-2017-17087 CVE-2019-12735 Debian Bug : 867720 930020 Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service invalid free or possibly hav...

[SECURITY] [DLA 1817-1] libgd2 security update

Package : libgd2 Version : 2.1.0-5+deb8u13 CVE ID : CVE-2019-11038 Debian Bug : 929821 An unitialized read was discovered in the XBM support of libgd2, a library for programmatic graphics creation and manipulation. The unitialized read might lead to information disclosure. For Debian 8 "Jessie",...

[SECURITY] [DSA 4443-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4443-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3896-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2695-1] klibc security update

Debian LTS Advisory DLA-2695-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 28, 2021 https://wiki.debian.org/LTS Package : klibc Version : 2.0.4-9+deb9u1 CVE ID : CVE-2021-31870 CVE-2021-31871 CVE-2021-31872 CVE-2021-31873 Debian Bug : 989505 Several...

[SECURITY] [DLA 2638-1] jackson-databind security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2638-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 25, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2569-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2569-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2366-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2366-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 07, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4600-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4600-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2055-1] igraph security update

Package : igraph Version : 0.7.1-2+deb8u1 CVE ID : CVE-2018-20349 An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in igraphistrdiff. For Debian 8 "Jessie", this problem has been fixed in version 0.7.1-2+deb8u...

[SECURITY] [DLA 2017-1] asterisk security update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u7 CVE ID : CVE-2019-13161 CVE-2019-18610 CVE-2019-18790 Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161 An attacker was able to crash Asterisk when handling an SDP answer to an outgoing T.38...

[SECURITY] [DSA 4572-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1937-1] httpie security update

Package : httpie Version : 0.8.0-1+deb8u1 CVE ID : CVE-2019-10751 Debian Bug : 940058 An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his o...

[SECURITY] [DLA 1931-1] libgcrypt20 security update

Package : libgcrypt20 Version : 1.6.3-2+deb8u6 CVE ID : CVE-2019-13627 Debian Bug : 938938 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version 1.6.3-2+deb8u6. We recommend that you...

[SECURITY] [DLA 1858-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u8 CVE ID : CVE-2019-12525 CVE-2019-12529 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing. CVE-2019-12525 Due to incorrect buffer...

[SECURITY] [DLA 1843-1] pdns security update

Package : pdns Version : 3.4.1-4+deb8u10 CVE ID : CVE-2019-10162 CVE-2019-10163 Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. CVE-2019-10162 An...

[SECURITY] [DLA 1756-1] libxslt security update

Package : libxslt Version : 1.1.28-2+deb8u4 CVE ID : CVE-2019-11068 Debian Bug : 926895 It was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format. The xsltCheckRead and xsltCheckWrite routines...

[SECURITY] [DLA 2596-1] shadow security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2596-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 17, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4851-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4851-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 13, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2491-1] openexr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2491-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 13, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2128-1] openjdk-7 security update

Package : openjdk-7 Version : 7u251-2.6.21-1deb8u1 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of...

[SECURITY] [DLA 2018-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u5 CVE ID : CVE-2019-19269 In modtls a crash with empty CRL was fixed. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5. We recommend that you upgrade your proftpd-dfsg packages. Further information about...

[SECURITY] [DLA 2000-1] pam-python security update

Package : pam-python Version : 1.0.4-1.1+deb8u1 CVE ID : CVE-2019-16729 Debian Bug : 942514 It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root...

[SECURITY] [DLA 1867-1] wpa security update

Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...

[SECURITY] [DSA 4407-1] xmltooling security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4407-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1694-1] qemu security update

Package : qemu Version : 1:2.1+dfsg-12+deb8u10 CVE ID : CVE-2018-12617 CVE-2018-16872 CVE-2019-6778 Debian Bug : 916397, 902725, 921525 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-12617 The qmpguestfileread function qga/commands-posix.c is affected by an intege...

[SECURITY] [DLA 1680-1] tiff security update

Package : tiff Version : 4.0.3-12.3+deb8u8 CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663 Brief introduction CVE-2018-17000 A NULL pointer dereference in the function TIFFmemcmp at tifunix.c called from TIFFWriteDirectoryTagTransferfunction allows an attacker to cause a denial-of-service...

[SECURITY] [DLA 1600-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u4 CVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-5601 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Debian Bug : 853278 875960 875974 875966 874539 840934 840935 8616...

[SECURITY] [DLA 2733-1] tomcat8 security update

Debian LTS Advisory DLA-2733-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 05, 2021 https://wiki.debian.org/LTS Package : tomcat8 Version : 8.5.54-0+deb9u7 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 991046 Several security vulnerabilitie...

[SECURITY] [DLA 2676-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2676-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 05, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4628-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4628-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4616-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

[SECURITY] [DSA 4538-1] wpa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4538-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1885-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u5deb8u1 CVE ID : CVE-2017-18509 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have...