[SECURITY] [DLA 1735-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u7 CVE ID : CVE-2019-8320 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Several vulnerabilities have been discovered in rubygems embedded in ruby2.1, the interpreted scripting language. CVE-2019-8320 A Directory Traversal issue was discovered in...

[SECURITY] [DLA 1682-1] uriparser security update

Package : uriparser Version : 0.8.0.1-2+deb8u2 CVE ID : CVE-2018-20721 Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1", were possible. For Debia...

[SECURITY] [DLA 1612-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u6 CVE ID : CVE-2018-1000877 CVE-2018-1000878 Debian Bug : 916964 916963 Daniel Axtens discovered a double-free and use-after-free vulnerability in libarchives RAR decoder that can result in a denial-of-service application crash or may have other...

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1392-1] linux security update

Package : linux Version : 3.2.102-1 CVE ID : CVE-2018-1093 CVE-2018-1130 CVE-2018-8897 CVE-2018-10940 Debian Bug : 898100 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. CVE-2018-1093 Wen Xu reported that a crafted ext4 filesystem image could...

[SECURITY] [DSA 3659-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5083-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5083-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 19, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4958-1] exiv2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4958-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2663-1] libimage-exiftool-perl security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2663-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 16, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

[SECURITY] [DLA 2323-1] linux-4.19 new package

Debian LTS Advisory DLA-2323-1 [email protected] https://www.debian.org/lts/security/ August 12, 2020 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.132-1deb9u1 CVE ID : CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768...

[SECURITY] [DLA 2193-1] openjdk-7 security update

Package : openjdk-7 Version : 7u261-2.6.22-1deb8u1 CVE ID : CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS...

[SECURITY] [DSA 4601-1] ldm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4601-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1931-2] libgcrypt20 regression update

Package : libgcrypt20 Version : 1.6.3-2+deb8u8 CVE ID : CVE-2019-13627 It was discovered that the fix to address an ECDSA timing attack in the libgcrypt20 cryptographic library was incomplete. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version 1.6.3-2+deb8u8. Thanks to Albert...

[SECURITY] [DLA 1967-1] libpcap security update

Package : libpcap Version : 1.6.2-2+deb8u1 CVE ID : CVE-2019-15165 Debian Bug : 941697 libpcap Packet CAPture, a low-level network monitoring library, does not properly validate the PHB header length before allocating memory. This update added sanity checks for PHB header length. For Debian 8...

[SECURITY] [DLA 1631-1] libcaca security update

Package : libcaca Version : 0.99.beta19-2+deb8u1 CVE ID : CVE-2018-20544 CVE-2018-20546 CVE-2018-20547 CVE-2018-20549 Debian Bug : 917807 Several vulnerabilities were discovered in libcaca, a graphics library that outputs text: integer overflows, floating point exceptions or invalid memory reads...

[SECURITY] [DLA 1614-1] openjpeg2 security update

Package : openjpeg2 Version : 2.1.0-2+deb8u6 CVE ID : CVE-2018-6616 CVE-2018-14423 Debian Bug : 904873, 889683 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2018-6616 Excessive iteration in the opjt1encodecblks function openjp2/t1.c. Remote...

[SECURITY] [DLA 2935-1] expat security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2935-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 07, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4944-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4944-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4792-1] openldap security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4792-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2135-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u12 CVE ID : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and...

[SECURITY] [DLA 2085-1] zlib security update

Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointe...

[SECURITY] [DSA 4561-1] fribidi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4561-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4389-1] libu2f-host security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5492-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5492-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4950-1] ansible security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4950-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 07, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2714-1] linux-4.19 security update

Debian LTS Advisory DLA-2714-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings July 20, 2021 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.194-3deb9u1 CVE ID : CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693 Debian Bug : 990072 Several...

[SECURITY] [DLA 2509-1] tzdata new upstream version

------------------------------------------------------------------------- Debian LTS Advisory DLA-2509-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2425-1] openldap security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2425-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 01, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2220-1] cracklib2 security update

Package : cracklib2 Version : 2.9.2-1+deb8u1 CVE ID : CVE-2016-6318 It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 8 "Jessie", this problem has been fixed in version 2.9.2-1+deb8u1. We...

[SECURITY] [DLA 2216-1] ruby-rack security update

Package : ruby-rack Version : 1.5.2-3+deb8u3 CVE ID : CVE-2020-8161 There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this...

[SECURITY] [DSA 4641-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4641-1 [email protected] https://www.debian.org/security/ Alberto Garcia March 16, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2061-1] firefox-esr security update

Package : firefox-esr Version : 68.4.0esr-1deb8u1 CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration o...

[SECURITY] [DLA 2021-1] libav security update

Package : libav Version : 6:11.12-1deb8u9 CVE ID : CVE-2017-17127 CVE-2017-18245 CVE-2018-19128 CVE-2018-19130 CVE-2019-14443 CVE-2019-17542 Several security issues were fixed in libav, a multimedia library for processing audio and video files. CVE-2017-17127 The vc1decodeframe function in...

[SECURITY] [DLA 1979-1] italc security update

Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307 CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023...

[SECURITY] [DLA 1971-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u8 CVE ID : CVE-2019-18408 An issue has been found in libarchive, a multi-format archive and compression library. In case of a crafted archive containing several parts and one part being corrupt, there would be an use-after-free for the next part of the...

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4490-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1765-1] gpac security update

Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u3 CVE ID : CVE-2019-11221 CVE-2019-11222 Several issues have been found for gpac, an Open Source multimedia framework. Using crafted files one can trigger buffer overflow issues that could be used to crash the application. For Debian 8 "Jessie",...

[SECURITY] [DLA 1764-1] mercurial security update

Package : mercurial Version : 3.1.2-2+deb8u7 CVE ID : CVE-2019-3902 Debian Bug : 927674 It was discovered that there was a path traversal vulnerability in the "mercurial" distributed revision version control system. Symbolic links and subrepositories could be used defeat Mercurials path-checking...

[SECURITY] [DLA 1609-1] libapache-mod-jk security update

Package : libapache-mod-jk Version : 1.2.46-0+deb8u1 CVE ID : CVE-2018-11759 A vulnerability has been discovered in libapache-mod-jk, the Apache 2 connector for the Tomcat Java servlet engine. The libapache-mod-jk connector is susceptible to information disclosure and privilege escalation because...

[SECURITY] [DLA 1506-1] intel-microcode security update

Package : intel-microcode Version : 3.20180807a.1deb8u1 CVE ID : CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 CVE-2018-3639, CVE-2018-3640, CVE-2017-5715 Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from...

openssl security update

Package: openssl Version: 0.9.8o-4squeeze16 CVE ID: CVE-2014-0224 CVE-2012-4929 CVE-2014-0224 This update updates the upstream fix for CVE-2014-0224 to address problems with renegotiation under some conditions. original text: KIKUCHI Masashi discovered that carefully crafted handshakes can force...

[SECURITY] [DLA 4246-1] libowasp-esapi-java security update

Debian LTS Advisory DLA-4246-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 22, 2025 https://wiki.debian.org/LTS Package : libowasp-esapi-java Version : 2.4.0.0-0+deb11u1 CVE ID : CVE-2022-23457 CVE-2022-24891 CVE-2025-5878 Debian Bug : 1010339 1109378...

[SECURITY] [DSA 4963-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4963-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4888-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4888-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4844-1] dnsmasq security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4844-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 02, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4697-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4673-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4636-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4636-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1998-1] python-psutil security update

Package : python-psutil Version : 2.1.1-1+deb8u1 CVE ID : CVE-2019-18874 Debian Bug : 944605 It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data. This was caused by incorrect...