14325 matches found
[SECURITY] [DSA 4742-1] firejail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4742-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2276-1] mailman security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2276-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 10, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DSA 4713-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4713-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2251-1] rails security update
Package : rails Version : 2:4.1.8-1+deb8u7 CVE ID : CVE-2020-8164 CVE-2020-8165 Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the applicatio...
[SECURITY] [DLA 2250-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u18 CVE ID : CVE-2020-13662 Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DSA 4700-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4700-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4688-1] dpdk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2200-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u5 CVE ID : CVE-2020-12137 A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, becau...
[SECURITY] [DSA 4670-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4670-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2180-1] file-roller security update
Package : file-roller Version : 3.14.1-1+deb8u2 CVE ID : CVE-2020-11736 Debian Bug : 956638 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a files parent is a symlink to a directory outside of the intend...
[SECURITY] [DLA 2138-1] wpa security update
Package : wpa Version : 2.3-1+deb8u10 CVE ID : CVE-2019-10064 Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The problem was resolved by using the osgetrandom function which provides...
[SECURITY] [DLA 2105-1] postgresql-9.4 security update
Package : postgresql-9.4 Version : 9.4.26-0+deb8u1 CVE ID : CVE-2020-1720 Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version 9.4.26-0+deb8u1. We...
[SECURITY] [DLA 2099-1] checkstyle security update
Package : checkstyle Version : 5.9-1+deb8u2 CVE ID : CVE-2019-10782 Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External...
[SECURITY] [DLA 2012-1] libvpx security update
Package : libvpx Version : 1.3.0-3+deb8u2 CVE ID : CVE-2019-9232 CVE-2019-9433 Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232 There is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no addition...
[SECURITY] [DLA 1964-1] sudo security update
Package : sudo Version : 1.8.10p3-1+deb8u6 CVE ID : CVE-2019-14287 Debian Bug : 942322 In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can caus...
[SECURITY] [DSA 4531-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1840-1] golang-go.crypto security update
Package : golang-go.crypto Version : 0.0hg190-1+deb8u1 CVE ID : CVE-2019-11840 A flaw was found in the amd64 implementation of salsa20. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect...
[SECURITY] [DLA 1733-1] wpa security update
Package : wpa Version : 2.3-1+deb8u7 CVE ID : CVE-2016-10743 It was found that the fallback mechanism for generating a WPS pin in hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, used a low quality pseudorandom number generator. This was resolved by using only the high quali...
[SECURITY] [DLA 1641-1] mxml security update
Package : mxml Version : 2.6-2+deb8u1 CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004 Debian Bug : 825855 918007 Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to...
[SECURITY] [DSA 4304-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4304-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1495-1] git-annex security update
Package : git-annex Version : 5.20141125+oops-1+deb8u2 CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859 Debian Bug : 873088 The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data...
[SECURITY] [DSA 4266-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1406-1] firefox-esr security update
Package : firefox-esr Version : 52.9.0esr-1deb8u1 CVE ID : CVE-2018-5156 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors...
[SECURITY] [DSA 4231-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4150-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4150-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4140-1] libvorbis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4140-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4124-1] lucene-solr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4124-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4111-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4111-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1251-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u12 CVE ID : CVE-2018-5712 It was discovered that PHP5 was vulnerable to a reflected cross-site scripting XSS attack on the PHAR 404 error page by manipulating the URI of a request for a .phar file. This issue is only exploitable if the web server is configur...
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...
[SECURITY] [DSA 3981-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3971-1] tcpdump security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3971-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3945-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3945-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 996-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u14 CVE ID : CVE-2017-5664 Debian Bug : 864447 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to th...
[SECURITY] [DSA 3880-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3880-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 924-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.28-4+deb7u13 Debian Bug : 861872 The security update announced as DLA-924-1 introduced a regression in Tomcats APR protocol due to the fix for CVE-2017-5647 and prevented a successful sendfile request. For Debian 7 "Wheezy", these problems have been fixed in versio...
[SECURITY] [DSA 3832-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3832-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3805-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3805-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3770-1] mariadb-10.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3770-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3738-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3735-1] game-music-emu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3735-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3732-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3732-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 13, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 731-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u8 CVE ID : CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9821 CVE-2014-982...
[SECURITY] [DSA 3725-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3725-1 [email protected] https://www.debian.org/security/ Luciano Bello November 27, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3663-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 594-1] openssh security update
Package : openssh Version : 6.0p1-4+deb7u6 CVE ID : CVE-2016-6515 Debian Bug : 833823 OpenSSH secure shell client and server had a denial of service vulnerability reported. CVE-2016-6515 The password authentication function in sshd in OpenSSH before 7.3 does not limit password lengths for passwor...
[SECURITY] [DSA 3633-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3633-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 27, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3626-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3626-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3614-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 540-1] qemu security update
Package : qemu Version : 1.1.2+dfsg-6a+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Debian Bug : 823830 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA...