[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1549-1] xen security update

Package : xen Version : 4.4.4lts2-0+deb8u1 CVE ID : CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15597 CVE-2017-17046 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2018-10471 CVE-2018-10982 Multiple vulnerabilities have been...

[SECURITY] [DLA 2734-1] curl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2734-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 09, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4541-1] libapreq2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4541-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1688-1] waagent update

Package : waagent Version : 2.2.18-3deb8u1 A newer version of waagent is needed for several features of the Azure platform. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u1. We recommend that you upgrade your waagent packages. Further information about Debian LTS...

[SECURITY] [DSA 4461-1] zookeeper security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4461-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4392-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4392-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1607-1] samba security update

Package : samba Version : 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Flori...

[SECURITY] [DLA 3758-1] tiff security update

Debian LTS Advisory DLA-3758-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA March 11, 2024 https://wiki.debian.org/LTS Package : tiff Version : 4.1.0+git191117-2deb10u9 CVE ID : CVE-2023-3576 CVE-2023-52356 Two vulnerabilities were discovered in tiff, Tag Image Fil...

[SECURITY] [DSA 4881-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4881-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1826-1] glib2.0 security update

Package : glib2.0 Version : 2.42.1-1+deb8u1 CVE ID : CVE-2019-12450 Debian Bug : 929753 It was discovered that GLib does not properly restrict some file permissions while a copy operation is in progress; instead, default permissions are used. For Debian 8 "Jessie", this problem has been fixed in...

[SECURITY] [DLA 1811-1] miniupnpd security update

Package : miniupnpd Version : 1.8.20140523-4+deb8u1 CVE ID : CVE-2017-1000494 CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device a...

[SECURITY] [DLA 1790-1] lemonldap-ng security update

Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session...

[SECURITY] [DSA 4440-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4440-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1721-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u8 CVE ID : CVE-2019-9752 It has been discovered that OTRS Open source Ticket Request System is susceptible to code injection vulnerability. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order t...

[SECURITY] [DLA 1861-1] libsdl2-image security update

Package : libsdl2-image Version : 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 Debian Bug : 932754, 932755 The following issues have been found in libsdl2-image, the...

[SECURITY] [DSA 5860-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5860-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 07, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4867-1] grub2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4587-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1699-1] ldb security update

Package : ldb Version : 2:1.1.20-0+deb8u2 CVE ID : CVE-2019-3824 Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 "Jessie", this problem has been fixed in version 2:1.1.20-0+deb8u2. We...

[SECURITY] [DLA 1500-1] openssh security update

Package : openssh Version : 1:6.7p1-5+deb8u6 CVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 Debian Bug : 790798 793616 795711 848716 848717 Several vulnerabilitie...

[SECURITY] [DLA 3143-1] strongswan security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3143-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 10, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2015-1] nss security update

Package : nss Version : 2:3.26-1+debu8u8 CVE ID : CVE-2019-17007 Debian Bug : Handling of Netscape Certificate Sequences in CERTDecodeCertPackage may haved crash with a NULL deref leading to a Denial-of-Service. For Debian 8 "Jessie", this problem has been fixed in version 2:3.26-1+debu8u8. We...

[SECURITY] [DLA 1924-1] python3.4 security update

Package : python3.4 Version : 3.4.2-1+deb8u7 CVE ID : CVE-2019-16056 A vulnerability was discovered in Python, an interactive high-level object-oriented language. CVE-2019-16056 The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email...

[SECURITY] [DLA 1679-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u1 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include GD graphics, multi-byte string handling, phar file format handling, and xmlrpc. CVEs have not yet been...

[SECURITY] [DSA 4322-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4587-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1925-1] python2.7 security update

Package : python2.7 Version : 2.7.9-2+deb8u5 CVE ID : CVE-2019-16056 A vulnerability was discovered in Python, an interactive high-level object-oriented language. CVE-2019-16056 The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email...

[SECURITY] [DSA 4460-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4460-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5092-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5092-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 07, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4478-1] dosbox security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4478-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1775-1] phpbb3 security update

Package : phpbb3 Version : 3.0.12-5+deb8u3 CVE ID : CVE-2019-9826 Colin Snover discovered a denial-of-service vulnerability in phpBB3, a full-featured web forum. Previous versions allowed users to run searches that might result in long execution times and load on larger boards when using the...

[SECURITY] [DSA 4425-1] wget security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4425-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2629-1] libebml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2629-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 18, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 1700-1] uw-imap security update

Package : uw-imap Version : 8:2007fdfsg-4+deb8u1 CVE ID : CVE-2018-19518 Debian Bug : 914632 A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input e.g.,...

[SECURITY] [DSA 5173-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5173-1 [email protected] https://www.debian.org/security/ Ben Hutchings July 03, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1781-1] qemu security update

Package : qemu Version : 1:2.1+dfsg-12+deb8u11 CVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824 Debian Bug : 901017 912535 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-11806 It was found that the SLiRP networking implementation could use a wro...

[SECURITY] [DLA 2672-1] libwebp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2677-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 05, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 1833-1] bzip2 security update

Package : bzip2 Version : 1.0.6-7+deb8u1 CVE ID : CVE-2016-3189 CVE-2019-12900 Two issues in bzip2, a high-quality block-sorting file compressor, have been fixed. One, CVE-2019-12900, is a out-of-bounds write when using a crafted compressed file. The other, CVE-2016-3189, is a potential...

[SECURITY] [DLA 2014-1] vino security update

Package : vino Version : 3.14.0-2+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 Debian Bug : 945784 Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that...

[SECURITY] [DLA 1987-1] firefox-esr security update

Package : firefox-esr Version : 68.2.0esr-1deb8u1 CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the...

[SECURITY] [DSA 4367-2] systemd regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2710-2] rabbitmq-server regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2710-2 [email protected] https://www.debian.org/lts/security/ Abhijith PA July 25, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4937-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4937-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1984-1] gdal security update

Package : gdal Version : 1.10.1+dfsg-8+deb8u1 CVE ID : CVE-2019-17545 GDAL through 3.0.1 had a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold was exceeded. For Debian 8 "Jessie", this problem has been fixed in version 1.10.1+dfsg-8+deb8u1. We recommend that...

[SECURITY] [DLA 1829-1] firefox-esr security update

Package : firefox-esr Version : 60.7.1esr-1deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 "Jessie", this...

[SECURITY] [DLA 1671-1] coturn security update

Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...

[SECURITY] [DSA 4682-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4682-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2093-1] firefox-esr security update

Package : firefox-esr Version : 68.4.1esr-1deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version 68.4.1esr-1deb8u1. We recommend...

[SECURITY] [DSA 4505-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4505-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 22, 2019 https://www.debian.org/security/faq -...