[SECURITY] [DLA 2105-1] postgresql-9.4 security update

Package : postgresql-9.4 Version : 9.4.26-0+deb8u1 CVE ID : CVE-2020-1720 Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version 9.4.26-0+deb8u1. We...

[SECURITY] DLA-2066-1 gthumb security update

Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326 A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...

[SECURITY] [DLA 2039-1] libvorbis security update

Package : libvorbis Version : 1.3.4-2+deb8u3 CVE ID : CVE-2017-11333 CVE-2017-14633 Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function...

[SECURITY] [DSA 4531-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4330-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1495-1] git-annex security update

Package : git-annex Version : 5.20141125+oops-1+deb8u2 CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859 Debian Bug : 873088 The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data...

[SECURITY] [DSA 4279-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4279-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4266-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4231-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4218-1] memcached security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4218-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1355-1] mysql-5.5 security update

Package : mysql-5.5 Version : 5.5.60-0+deb7u1 CVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MyS...

[SECURITY] [DSA 4158-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4158-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1326-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u13 CVE ID : CVE-2018-7584 Wei Lei and Liu Yang of Nanyang Technological University discovered a stack-based buffer overflow in PHP5 when parsing a malformed HTTP response which can be exploited to cause a denial-of-service. For Debian 7 "Wheezy", these...

[SECURITY] [DSA 4037-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3981-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3945-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3945-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3944-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3944-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3942-1] supervisor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2017 https://www.debian.org/security/faq -...

[BSA-116] Security Update for openvpn

Bernhard Schmidt uploaded new packages for openvpn which fixed the following security problems: CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application...

[SECURITY] [DSA 3832-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3832-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 765-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing pack...

[SECURITY] [DSA 3738-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3737-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3737-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 16, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3728-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3728-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3725-1] icu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3725-1 [email protected] https://www.debian.org/security/ Luciano Bello November 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3663-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 594-1] openssh security update

Package : openssh Version : 6.0p1-4+deb7u6 CVE ID : CVE-2016-6515 Debian Bug : 833823 OpenSSH secure shell client and server had a denial of service vulnerability reported. CVE-2016-6515 The password authentication function in sshd in OpenSSH before 7.3 does not limit password lengths for passwor...

[SECURITY] [DSA 3619-1] libgd2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3619-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 545-1] icu security update

Package : icu Version : 4.8.1.1-12+deb7u4 CVE ID : CVE-2015-2632 CVE-2015-4844 CVE-2016-0494 Several security issues have been identified and corrected in ICU, the International Components for Unicode C and C++ library, in Debian Wheezy. CVE-2015-2632 Buffer overflow vulnerability. CVE-2015-4844...

[SECURITY] [DSA 3609-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 507-1] nss security update

Package : nss Version : 2:3.14.5-1+deb7u7 CVE ID : CVE-2015-4000 Debian Bug : N/A A vulnerability has been found in nss. CVE-2015-4000 With TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which...

[SECURITY] [DSA 3548-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3548-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3507-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3507-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 444-1] php5 security update

Package : php5 Version : 5.3.3.1-7+squeeze29 CVE ID : CVE-2015-2305 CVE-2015-2348 CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 375-1] libpng security update

Package : libpng Version : 1.2.44-1+squeeze6 CVE ID : CVE-2012-3425 CVE-2015-8472 CVE-2015-8540 CVE-2015-8472 update incomplete patch for CVE-2015-8126 CVE-2015-8540 underflow read in pngcheckkeyword in pngwutil.c CVE-2012-3425 The pngpushreadzTXt function in pngpread.c in libpng 1.0.x before...

[SECURITY] [DSA 3413-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 04, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3385-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 31, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3349-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3349-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3338-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3338-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3252-2] sqlite3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3252-2 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 14, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3125-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3125-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3075-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3008-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3008-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 21, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2963-1] lucene-solr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2963-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 17, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2758-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2758-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 17, 2013 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2528-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2528-1 [email protected] http://www.debian.org/security/ Florian Weimer August 14, 2012 http://www.debian.org/security/faq -...

[BSA-071] Security Update for request-tracker4

Dominic Hargreaves uploaded new packages for request-tracker4 which fixed the following security problems: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have be...

[SECURITY] [DSA 2400-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2400-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq -...