14333 matches found
[SECURITY] [DLA 2219-1] feh security update
Package : feh Version : 2.12-1+deb8u1 CVE ID : CVE-2017-7875 Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8 "Jessie", this problem has been fixed in version 2.12-1+deb8u1. We recomme...
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2192-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u10 CVE ID : CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of...
[SECURITY] [DSA 4638-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4638-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 10, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2116-1] libpam-radius-auth security update
Package : libpam-radius-auth Version : 1.3.16-4.4+deb8u1 CVE ID : CVE-2015-9542 Debian Bug : 951396 A vulnerability was found in pamradius: the password length check was done incorrectly in the addpassword function in pamradiusauth.c, resulting in a stack based buffer overflow. This could be used...
[SECURITY] [DLA 2090-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u13 CVE ID : CVE-2020-7039 Debian Bug : 949085 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based buffer overflow or other out-of-bounds acces s whi...
[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl Version : 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019c. We recommend that you upgrade your...
[SECURITY] [DLA 1683-1] rdesktop security update
Package : rdesktop Version : 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180...
[SECURITY] [DLA 1611-2] libav security update
Package : libav Version : 6:11.12-1deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1. CVE-2015-6823 The allocatebuffers function in libavcodec/alac.c did not...
[SECURITY] [DSA 4346-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4187-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4187-1 [email protected] https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5673-1] glibc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5673-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 23, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3694-1] openssh security update
Debian LTS Advisory DLA-3694-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 25, 2023 https://wiki.debian.org/LTS Package : openssh Version : 1:7.9p1-10+deb10u4 CVE ID : CVE-2021-41617 CVE-2023-48795 CVE-2023-51385 Debian Bug : 995130 Several...
[SECURITY] [DSA 4951-1] bluez security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4951-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2723-1] linuxptp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2723-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 31, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4933-1] nettle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4933-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2646-1] subversion security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2646-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky May 03, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4910-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4866-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4866-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2385-1] linux-4.19 security update
Debian LTS Advisory DLA-2385-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings September 28, 2020 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.146-1deb9u1 CVE ID : CVE-2019-3874 CVE-2019-19448 CVE-2019-19813 CVE-2019-19816 CVE-2020-10781...
[SECURITY] [DLA 2218-1] transmission security update
Package : transmission Version : 2.84-0.2+deb8u2 CVE ID : CVE-2018-10756 Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service crash or possible execution of arbitrary code. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DLA 2198-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...
[SECURITY] [DLA 2131-2] rrdtool regression update
Package : rrdtool Version : 1.4.8-1.2+deb8u2 CVE ID : CVE-2014-6262 Debian Bug : 952958 It was discovered that there was a regression in a previous fix, which resulted in the following error: ERROR: cannot compile regular expression: Error while compiling regular expression ^?:^%+|%%%+-...
[SECURITY] [DSA 4627-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1866-2] glib2.0 regression update
Package : glib2.0 Version : 2.42.1-1+deb8u3 CVE ID : CVE-2019-13012 Debian Bug : 933877 Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie. For Debian 8 "Jessie", this problem has been fixed in version 2.42.1-1+deb8u3. We...
[SECURITY] [DLA 1788-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Sambas Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. For Debian 8...
[SECURITY] [DLA 1746-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1450-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u12 CVE ID : CVE-2018-1304 CVE-2018-1305 Debian Bug : 802312 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of "" the empty string which exactly maps to the context root was not...
[SECURITY] [DLA 288-2] openssh regression update
Package : openssh Version : 1:5.5p1-6+squeeze7 CVE ID : CVE-2015-5600 In Debian LTS squeeze, the fix for CVE-2015-56001 in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that. The patch fixing...
[SECURITY] [DSA 5522-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5522-1 [email protected] https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3012-1] libxml2 security update
Debian LTS Advisory DLA-3012-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 17, 2022 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.4+dfsg1-2.2+deb9u7 CVE ID : CVE-2022-29824 Debian Bug : 1010526 Felix Wilhelm discovered that libxml2, the GNOME...
[SECURITY] [DLA 2702-1] djvulibre security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2702-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 03, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DLA 2657-1] lz4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2657-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 12, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
[SECURITY] [DLA 2647-1] bind9 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2647-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 04, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2544-1] openldap security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2544-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 03, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4838-1] mutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4838-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 25, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2420-2] linux regression update
Debian LTS Advisory DLA-2420-2 [email protected] https://www.debian.org/lts/security/ Ben Hutchings October 31, 2020 https://wiki.debian.org/LTS Package : linux Version : 4.9.240-2 CVE ID : CVE-2019-9445 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2020-12351 CVE-2020-12352...
[SECURITY] [DLA 2416-1] thunderbird security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2416-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4717-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4717-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2044-1] cyrus-sasl2 security update
Package : cyrus-sasl2 Version : 2.1.26.dfsg1-13+deb8u2 CVE ID : CVE-2019-19906 Debian Bug : 947043 There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an...
[SECURITY] [DLA 2001-1] libofx security update
Package : libofx Version : 1:0.9.10-1+deb8u2 CVE ID : CVE-2019-9656 Debian Bug : 924350 There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DSA 4509-3] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4438-1] atftp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4438-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4418-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1714-1] libsdl2 security update
Package : libsdl2 Version : 2.0.2+dfsg1-6+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl2, a library that...
[SECURITY] [DLA 1661-1] mumble security update
Package : mumble Version : 1.2.8-2+deb8u1 CVE ID : CVE-2018-20743 Debian Bug : 919249 It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1621-1] c3p0 security update
Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External Entity XXE vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. For Debian 8 "Jessie", th...