[SECURITY] [DSA 4452-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4452-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1548-1] libssh security update

Package : libssh Version : 0.6.3-4+deb8u3 CVE ID : CVE-2018-10933 Debian Bug : 911149 Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully...

[SECURITY] [DLA 1929-1] php-pecl-http security update

Package : php-pecl-http Version : 2.0.4-1+deb8u1 CVE ID : CVE-2016-7398 A vulnerability has been discovered in php-pecl-http, the peclhttp module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the mergeparam function allows attackers to crash PHP and possibly execute arbitrary...

[SECURITY] [DLA 1639-1] systemd security update

Package : systemd Version : 215-17+deb8u9 CVE ID : CVE-2018-16864 CVE-2018-16865 Debian Bug : 918841 918848 Multiple vulnerabilities were found in the journald component of systemd which can lead to a crash or code execution. CVE-2018-16864 An allocation of memory without limits, that could resul...

[SECURITY] [DSA 4339-2] ceph regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1562-3] poppler regression update

Package : poppler Version : 0.26.5-2+deb8u7 CVE ID : CVE-2018-16646 Debian Bug : A second regression issue has been resolved in the poppler PDF rendering shared library this time introduced with version 0.26.5-2+deb8u6 see DLA 1562-2. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function ...

[SECURITY] [DLA 1905-1] gosa security update

Package : gosa Version : 2.7.4+reloaded2-1+deb8u5 CVE ID : CVE-2019-14466 GOsa² used unserialize to restore filter settings from a cookie. Since this cookie was supplied by the client, authenticated users could have passed arbitrary content to unserialized, which opened GOsa² up to a potential PH...

[SECURITY] [DSA 4468-1] php-horde-form security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1782-1] openjdk-7 security update

Package : openjdk-7 Version : 7u221-2.6.18-1deb8u1 CVE ID : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of...

[SECURITY] [DSA 4464-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4464-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1706-1] poppler security update

Package : poppler Version : 0.26.5-2+deb8u8 CVE ID : CVE-2018-19058 CVE-2018-20481 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200 Debian Bug : 913177 917325 918158 921215 923414 Several security vulnerabilities were discovered in the poppler PDF rendering shared library. CVE-2018-19058 A reachable...

[SECURITY] [DLA 1659-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u14 CVE ID : CVE-2019-6339 A remote code execution vulnerability exists in PHPs built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on...

[SECURITY] [DLA 1579-1] openjpeg2 security update

Package : openjpeg2 Version : 2.1.0-2+deb8u5 CVE ID : CVE-2017-17480 CVE-2018-18088 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2017-17480 Write stack buffer overflow due to missing buffer length formatter in fscanf call jp3d and jpwl codecs...

[SECURITY] [DLA 2614-1] busybox security update

Debian LTS Advisory DLA-2614-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 01, 2021 https://wiki.debian.org/LTS Package : busybox Version : 1:1.22.0-19+deb9u2 CVE ID : CVE-2021-28831 Debian Bug : 986217 The gunzip decompressor of Busybox, tiny utilities...

[SECURITY] [DSA 4451-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4451-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1633-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195 Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer...

[SECURITY] [DSA 4456-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2774-1] openssl1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2774-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 30, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 1590-1] openjdk-7 security update

Package : openjdk-7 Version : 7u181-2.6.14-2deb8u1 CVE ID : CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service,...

[SECURITY] [DSA 5139-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5139-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1636-1] aria2 security update

Package : aria2 Version : 1.18.8-1+deb8u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 It was discovered that aria2 the lightweight command-line download utility can store passed user credentials in a log file when using the --log option. This might allow local users to obtain sensitive information...

[SECURITY] [DSA 4877-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4877-1 [email protected] https://www.debian.org/security/ Alberto Garcia March 27, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1919-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.189-3deb8u1 CVE ID : CVE-2019-0136 CVE-2019-9506 CVE-2019-11487 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15807 CVE-2019-15924...

[SECURITY] [DLA 1802-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u19 CVE ID : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Debian Bug : 926718 Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894 Assertion failure in dissectgssapiwork...

[SECURITY] [DSA 4489-1] patch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4431-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4458-1] cyrus-imapd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4458-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4699-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4699-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1865-1] sdl-image1.2 security update

Package : sdl-image1.2 Version : 1.2.12-5+deb9u2 CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 The following issues have been found in sdl-image1.2, the 1.x version of the...

[SECURITY] [DSA 4444-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1755-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u6 CVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Debian Bug : 927029 Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer...

[SECURITY] [DLA 1814-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u5 CVE ID : CVE-2019-12308 Debian Bug : 929927 It was discovered that there was a cross-site scripting XSS vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u...

[SECURITY] [DSA 4506-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4506-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1593-1] phpbb3 security update

Package : phpbb3 Version : 3.0.12-5+deb8u2 CVE ID : CVE-2018-19274 Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar...

[SECURITY] [DLA 2616-1] libxstream-java security update

Debian LTS Advisory DLA-2616-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 03, 2021 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u2 CVE ID : CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345...

[SECURITY] [DLA 2625-1] courier-authlib security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2625-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 14, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4344-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1663-1] python3.4 security update

Package : python3.4 Version : 3.4.2-1+deb8u2 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2018-20406 CVE-2019-5010 This DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues: CVE-2016-0772 The smtplib library in CPython does not return ...

[SECURITY] [DLA 1913-1] memcached security update

Package : memcached Version : 1.4.21-1.1+deb8u3 CVE ID : CVE-2019-15026 Debian Bug : 939337 It was discovered that there was a stack-based buffer over-read in memcached, the in-memory object caching system. For Debian 8 "Jessie", this issue has been fixed in memcached version 1.4.21-1.1+deb8u3. W...

[SECURITY] [DLA 1701-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u11 CVE ID : CVE-2019-1559 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive...

[SECURITY] [DLA 1583-1] jasper security update

Package : jasper Version : 1.900.1-debian1-2.4+deb8u4 CVE ID : CVE-2015-5203 CVE-2015-5221 CVE-2016-8690 CVE-2017-13748 CVE-2017-14132 Several security vulnerabilities were discovered in the JasPer JPEG-2000 library. CVE-2015-5203 Gustavo Grieco discovered an integer overflow vulnerability that...

[SECURITY] [DSA 4422-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1853-1] libspring-java security update

Package : libspring-java Version : 3.0.6.RELEASE-17+deb8u1 CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 Debian Bug : 760733 769698 796137 849167 Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. CVE-2014-3578 A...

[SECURITY] [DSA 4343-1] liblivemedia security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4343-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1812-1] doxygen security update

Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...

[SECURITY] [DLA 1804-1] curl security update

Package : curl Version : 7.38.0-4+deb8u15 CVE ID : CVE-2019-5436 Debian Bug : 929351 cURL, an URL transfer library, contains a heap buffer overflow in the function tftpreceivepacket that receives data from a TFTP server. It calls recvfrom with the default size for the buffer rather than with the...

[SECURITY] [DSA 4412-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4412-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3886-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3886-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4382-1] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1637-1] apt security update

Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt properly sanitize fields transmitted over the wire. This vulnerability could be...