14318 matches found
[SECURITY] [DSA 5105-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5105-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1584-1] ruby-i18n security update
Package : ruby-i18n Version : 0.6.9-2+deb8u1 CVE ID : CVE-2014-10077 Debian Bug : 913093 It was discovered that there was a remote denial-of-service vulnerability in ruby-i18n, a I18n and localization solution for Ruby. An application crash could be engineering a situation where :somekey is prese...
[SECURITY] [DLA 1824-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u3deb8u1 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 Debian Bug : 928989 Several vulnerabilities...
[SECURITY] [DLA 1819-1] pyxdg security update
Package : pyxdg Version : 0.25-4+deb8u1 CVE ID : CVE-2019-12761 Debian Bug : 930099 It was discovered that there was a code injection issue in PyXDG, a library used to locate "FreeDesktop.org" configuration/cache/etc. directories. A lack of sanitisation allowed arbitrary Python code embedded in t...
[SECURITY] [DSA 4377-3] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...
[SECURITY] [DLA 1581-1] uriparser security update
Package : uriparser Version : 0.8.0.1-2+deb8u1 CVE ID : CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 Multiple vulnerabilities have been discovered in uriparser, an Uniform Resource Identifiers URIs parsing library. CVE-2018-19198 UriQuery.c allows an out-of-bounds write via a uriComposeQuery or...
[SECURITY] [DLA 1834-1] python2.7 security update
Package : python2.7 Version : 2.7.9-2+deb8u3 CVE ID : CVE-2018-14647 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160 Debian Bug : 921039 921040 924073 Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language,...
[SECURITY] [DSA 4381-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4381-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1698-2] file regression update
Package : file Version : 1:5.22+15-2+deb8u7 This update fixes a regression in introduced in 1:5.22+15-2+deb8u5 causing truncated output of the interpreter name, thanks to Christoph Biedl for reporting the problem and cause. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DSA 4368-1] zeromq3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4368-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1789-2] intel-microcode security update
Package : intel-microcode Version : 3.20190618deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929073 DLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. This...
[SECURITY] [DLA 1806-1] thunderbird security update
Package : thunderbird Version : 1:60.7.0-1deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in...
[SECURITY] [DLA 1666-1] freerdp security update
Package : freerdp Version : 1.1.0git20140921.1.440916e+dfsg1-13deb8u3 CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Debian Bug : For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of t...
[SECURITY] [DLA 2577-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2577-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 1846-1] unzip security update
Package : unzip Version : 6.0-16+deb8u4 CVE ID : CVE-2019-13232 Debian Bug : 931433 David Fifield discovered a way to construct non-recursive "zip bombs" that achieve a high compression ratio by overlapping files inside the zip container. However the output size increases quadratically in the inp...
[SECURITY] [DLA 1799-1] linux security update
Package : linux Version : 3.16.68-1 CVE ID : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091 CVE-2019-11190 CVE-2019-11486 CVE-2019-11599 Debian Bug : 927781 Several...
[SECURITY] [DLA 1594-1] xml-security-c security update
Package : xml-security-c Version : 1.7.2-3+deb8u2 A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification...
[SECURITY] [DLA 1634-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u16 CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747 CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409 CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325...
[SECURITY] [DLA 1394-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u13 CVE ID : CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service application crash or out of bounds memor...
[SECURITY] [DLA 2715-1] systemd security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2715-1 [email protected] https://www.debian.org/lts/security/ Salvatore Bonaccorso July 20, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 1587-1] pixman security update
Package : pixman Version : 0.32.6-3+deb8u1 CVE ID : CVE-2015-5297 CVE-2015-5297 Numerical overflow in pointer arithmetic. For Debian 8 "Jessie", this problem has been fixed in version 0.32.6-3+deb8u1. We recommend that you upgrade your pixman packages. Further information about Debian LTS securit...
[SECURITY] [DLA 3288-1] curl security update
Debian LTS Advisory DLA-3288-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez January 28, 2023 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u4 CVE ID : CVE-2022-27774 CVE-2022-32221 CVE-2022-35252 CVE-2022-43552 Debian Bug : Several...
[SECURITY] [DLA 1678-1] thunderbird security update
Package : thunderbird Version : 1:60.5.1-1deb8u1 CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505. CVE-2018-18509 CVE-2019-5785 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or...
[SECURITY] [DLA 1597-1] gnuplot security update
Package : gnuplot Version : 4.6.6-2+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow cases whic...
[SECURITY] [DLA 1585-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...
[SECURITY] [DSA 4942-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4156-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4156-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1847-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u7 CVE ID : CVE-2019-13345 Debian Bug : 931478 It was discovered that there were multiple cross-site scripting vulnerabilities in the squid3 caching proxy server. For Debian 8 "Jessie", these issues have been fixed in squid3 version 3.4.8-6+deb8u7. We...
[SECURITY] [DLA 1592-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u7 CVE ID : CVE-2018-19141 CVE-2018-19143 Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may...
[SECURITY] [DSA 4400-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4400-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1896-1] commons-beanutils security update
Package : commons-beanutils Version : 1.9.2-1+deb8u1 CVE ID : CVE-2019-10086 It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code. For Debian 8 "Jessie", this issue has been fixed in commons-beanutils versi...
[SECURITY] [DSA 3750-1] libphp-phpmailer security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3750-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst December 31, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4536-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4536-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4511-1] nghttp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4511-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1854-1] libonig security update
Package : libonig Version : 5.9.5-3.2+deb8u2 CVE ID : CVE-2019-13224 Debian Bug : 931878 A use-after-free in onignewdeluxe in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacke...
[SECURITY] [DSA 4441-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2670-1] nginx security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2670-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 30, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DSA 4467-1] vim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4467-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1822-1] php-horde-form security update
Package : php-horde-form Version : 2.0.8-2+deb8u1 CVE ID : CVE-2019-9858 Debian Bug : 930321 The Horde Application Framework contained a remote code execution vulnerability. A remote attacker could use this flaw to use image uploads in forms to install and execute a file in an arbitrary writable...
[SECURITY] [DLA 1628-2] jasper regression update
Package : jasper Version : 1.900.1-debian1-2.4+deb8u6 The update of jasper issued as DLA-1628-1 caused a regression due to the fix for CVE-2018-19542, a NULL pointer dereference in the function jp2decode, which could lead to a denial-of-service. In some cases not only invalid jp2 files but also...
[SECURITY] [DLA 1591-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...
[SECURITY] [DSA 4366-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4366-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3796-2] sitesummary regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3796-2 [email protected] https://www.debian.org/security/ Sebastien Delafond March 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1835-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u3 CVE ID : CVE-2018-14647 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 Debian Bug : 921039 924072 Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Pythons elementtree C...
[SECURITY] [DSA 4454-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1725-1] rsync security update
Package : rsync Version : 3.1.1-3+deb8u2 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2018-5764 Trail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote and local...
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
Package : apache-log4j1.2 Version : 1.2.17-5+deb8u1 CVE ID : CVE-2019-17571 Debian Bug : 947124 Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combine...
[SECURITY] [DSA 4462-1] dbus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4462-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1955-1] tcpdump security update
Package : tcpdump Version : 4.9.3-1deb8u1 CVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882...