14410 matches found
[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl Version : 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019c. We recommend that you upgrade your...
[SECURITY] [DSA 4308-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5673-1] glibc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5673-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 23, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2547-1] wireshark security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2547-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 06, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2385-1] linux-4.19 security update
Debian LTS Advisory DLA-2385-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings September 28, 2020 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.146-1deb9u1 CVE ID : CVE-2019-3874 CVE-2019-19448 CVE-2019-19813 CVE-2019-19816 CVE-2020-10781...
[SECURITY] [DLA 2192-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u10 CVE ID : CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of...
[SECURITY] [DLA 2188-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u11 CVE ID : CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 Three issues have been found in php5, a server-side, HTML-embedded scripting language. CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash...
[SECURITY] [DSA 4635-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2116-1] libpam-radius-auth security update
Package : libpam-radius-auth Version : 1.3.16-4.4+deb8u1 CVE ID : CVE-2015-9542 Debian Bug : 951396 A vulnerability was found in pamradius: the password length check was done incorrectly in the addpassword function in pamradiusauth.c, resulting in a stack based buffer overflow. This could be used...
[SECURITY] [DSA 4623-1] postgresql-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4623-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2090-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u13 CVE ID : CVE-2020-7039 Debian Bug : 949085 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based buffer overflow or other out-of-bounds acces s whi...
[SECURITY] [DLA 1942-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-16993 In phpBB, includes/acp/acpbbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a...
[SECURITY] [DLA 1753-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e-0+deb8u1 CVE ID : not-available Debian Bug : 923926 Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when modfacl or modsftp is used which could lead to memory exhaustion and a denial-of-service. For Debian 8...
[SECURITY] [DSA 4427-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4427-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 08, 2019 https://www.debian.org/security/faq -...
[BSA-114] Security update for wordpress
Craig Small [email protected] uploaded new packages for wordpress which fixed the following security problems: CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution RCE in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting XSS in update-core.php CVE-2017-5490 Stored Cross-Site...
[SECURITY] [DSA 4951-1] bluez security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4951-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4933-1] nettle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4933-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4910-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4866-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4866-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4717-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4717-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2218-1] transmission security update
Package : transmission Version : 2.84-0.2+deb8u2 CVE ID : CVE-2018-10756 Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service crash or possible execution of arbitrary code. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DSA 4638-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4638-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 10, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2131-2] rrdtool regression update
Package : rrdtool Version : 1.4.8-1.2+deb8u2 CVE ID : CVE-2014-6262 Debian Bug : 952958 It was discovered that there was a regression in a previous fix, which resulted in the following error: ERROR: cannot compile regular expression: Error while compiling regular expression ^?:^%+|%%%+-...
[SECURITY] [DLA 2044-1] cyrus-sasl2 security update
Package : cyrus-sasl2 Version : 2.1.26.dfsg1-13+deb8u2 CVE ID : CVE-2019-19906 Debian Bug : 947043 There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an...
[SECURITY] [DLA 2001-1] libofx security update
Package : libofx Version : 1:0.9.10-1+deb8u2 CVE ID : CVE-2019-9656 Debian Bug : 924350 There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1746-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1683-1] rdesktop security update
Package : rdesktop Version : 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180...
[SECURITY] [DLA 1611-2] libav security update
Package : libav Version : 6:11.12-1deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1. CVE-2015-6823 The allocatebuffers function in libavcodec/alac.c did not...
[SECURITY] [DSA 4346-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4187-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4187-1 [email protected] https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 288-2] openssh regression update
Package : openssh Version : 1:5.5p1-6+squeeze7 CVE ID : CVE-2015-5600 In Debian LTS squeeze, the fix for CVE-2015-56001 in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that. The patch fixing...
[SECURITY] [DSA 5460-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5460-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 26, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3012-1] libxml2 security update
Debian LTS Advisory DLA-3012-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 17, 2022 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.4+dfsg1-2.2+deb9u7 CVE ID : CVE-2022-29824 Debian Bug : 1010526 Felix Wilhelm discovered that libxml2, the GNOME...
[SECURITY] [DLA 2723-1] linuxptp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2723-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 31, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2657-1] lz4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2657-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 12, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
[SECURITY] [DLA 2646-1] subversion security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2646-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky May 03, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2420-2] linux regression update
Debian LTS Advisory DLA-2420-2 [email protected] https://www.debian.org/lts/security/ Ben Hutchings October 31, 2020 https://wiki.debian.org/LTS Package : linux Version : 4.9.240-2 CVE ID : CVE-2019-9445 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2020-12351 CVE-2020-12352...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2198-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2043-2] gdk-pixbuf regression update
Package : gdk-pixbuf Version : 2.31.1-2+deb8u9 While preparing a fix for CVE-2017-6314 an unknown symbol guintcheckedmul was introduced. For Debian 8 "Jessie", this problem has been fixed in version 2.31.1-2+deb8u9. We recommend that you upgrade your gdk-pixbuf packages. Further information about...
[SECURITY] [DLA 1866-2] glib2.0 regression update
Package : glib2.0 Version : 2.42.1-1+deb8u3 CVE ID : CVE-2019-13012 Debian Bug : 933877 Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie. For Debian 8 "Jessie", this problem has been fixed in version 2.42.1-1+deb8u3. We...
[SECURITY] [DLA 1788-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Sambas Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. For Debian 8...
[SECURITY] [DLA 1661-1] mumble security update
Package : mumble Version : 1.2.8-2+deb8u1 CVE ID : CVE-2018-20743 Debian Bug : 919249 It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1621-1] c3p0 security update
Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External Entity XXE vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. For Debian 8 "Jessie", th...
[SECURITY] [DLA 1450-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u12 CVE ID : CVE-2018-1304 CVE-2018-1305 Debian Bug : 802312 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of "" the empty string which exactly maps to the context root was not...
[SECURITY] [DLA 1422-1] linux security update
Package : linux Version : 3.16.57-1 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 Several vulnerabilities have been discovere...
[SECURITY] [DLA 1009-1] apache2 security update
Package : apache2 Version : 2.2.22-13+deb7u9 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the...
[SECURITY] [DLA 3782-1] util-linux security update
Debian LTS Advisory DLA-3782-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 07, 2024 https://wiki.debian.org/LTS Package : util-linux Version : 2.33.1-0.1+deb10u1 CVE ID : CVE-2021-37600 CVE-2024-28085 Debian Bug : 826596 991619 1067849 CVE-2024-28085 Skyl...