14409 matches found
[SECURITY] [DLA 1829-1] firefox-esr security update
Package : firefox-esr Version : 60.7.1esr-1deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 "Jessie", this...
[SECURITY] [DLA 1691-1] exiv2 security update
From: Thorsten Alteholz [email protected] To: [email protected] Subject: SECURITY DLA 1691-1 exiv2 security update Package : exiv2 Version : 0.24-4.1+deb8u3 CVE ID : CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 Several issues have been found in...
[SECURITY] [DLA 1671-1] coturn security update
Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...
[SECURITY] [DSA 5480-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5480-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4930-1] libwebp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4930-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2093-1] firefox-esr security update
Package : firefox-esr Version : 68.4.1esr-1deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version 68.4.1esr-1deb8u1. We recommend...
[SECURITY] [DLA 1791-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...
[SECURITY] [DLA 1748-1] apache2 security update
Package : apache2 Version : 2.4.10-10+deb8u14 CVE ID : CVE-2019-0217 CVE-2019-0220 Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using...
[SECURITY] [DLA 1720-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u3 CVE ID : CVE-2019-9215 Debian Bug : 924655 It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this...
[SECURITY] [DLA 1667-1] dovecot security update
Package : dovecot Version : 1:2.2.13-12deb8u5 CVE ID : CVE-2019-3814 It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server. A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both authsslrequireclient,usernamefromcer...
[SECURITY] [DLA 1833-2] bzip2 regression update
Package : bzip2 Version : 1.0.6-4+deb7u2 CVE ID : CVE-2019-12900 The original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting certain lbzip2 files which were created with a buggy libzip2. Please see https://bugs.debian.org/9312...
[SECURITY] [DLA 1851-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u7 CVE ID : CVE-2016-9112 CVE-2018-20847 Debian Bug : 931294 844551 Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library. CVE-2016-9112 A floating point exception or divide by zero in the function opjpinextcprl may lead to ...
[SECURITY] [DLA 1797-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u17 CVE ID : CVE-2019-11358 CVE-2019-11831 Debian Bug : 927330 928688 Several security vulnerabilities have been discovered in drupal7, a PHP web site platform. The vulnerabilities affect the embedded versions of the jQuery JavaScript library and the Typo3...
[SECURITY] [DLA 2091-1] libjackson-json-java security update
Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...
[SECURITY] [DLA 1897-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u9 CVE ID : CVE-2019-14973 Even Rouault found an issue in tiff, a library providing support for the Tag Image File Format. Wrong handling off integer overflow checks, that are based on undefined compiler behavior, might result in an application crash. For...
[SECURITY] [DSA 4396-1] ansible security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5073-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5073-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4613-1] libidn2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4545-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4545-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4434-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4434-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4388-2] mosquitto regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4321-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4321-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1257-1] openssh security update
Package : openssh Version : 1:6.0p1-4+deb7u7 CVE ID : CVE-2016-10708 OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack. For Debian 7 "Wheezy", these problems have been fixed in version 1:6.0p1-4+deb7u7. We...
[SECURITY] [DLA 2024-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u7 CVE ID : CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 "Jessie", this issue has been fixed in phpmyadmin version...
[SECURITY] [DLA 1917-1] curl security update
Package : curl Version : 7.38.0-4+deb8u16 CVE ID : CVE-2019-5482 Debian Bug : 940010 It was discovered that there was a heap buffer overflow vulnerability in curl, the library and command-line tool for transferring data over the internet. For Debian 8 "Jessie", this issue has been fixed in curl...
[SECURITY] [DSA 4470-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4470-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1830-1] znc security update
Package : znc Version : 1.4-2+deb8u2 CVE ID : CVE-2019-12816 A vulnerability was discovered in the ZNC IRC bouncer which could result in remote code execution. For Debian 8 "Jessie", this problem has been fixed in version 1.4-2+deb8u2. We recommend that you upgrade your znc packages. Further...
[SECURITY] [DSA 4385-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1595-1] gnuplot5 security update
Package : gnuplot5 Version : 5.0.0rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow...
[SECURITY] [DLA 1936-1] cups security update
Package : cups Version : 1.7.5-11+deb8u6 CVE ID : CVE-2018-4300 An issue has been found in cups, the Common UNIX Printing Systemtm. While generating a session cookie for the CUPS web interface, a predictable random number seed was used. This could lead to unauthorized scripted access to the enabl...
[SECURITY] [DLA 1859-1] bind9 security update
Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u18 CVE ID : CVE-2018-5743 A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could lead to exhaustion of file descriptors. In the worst case this could affect the file...
[SECURITY] [DLA 1832-1] libvirt security update
Package : libvirt Version : 1.2.9-9+deb8u7 CVE IDs : CVE-2019-10161 CVE-2019-10167 Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc. CVE-2019-10161: Prevent an vulnerability where readonly clients cou...
[SECURITY] [DLA 1740-1] libav security update
Package : libav Version : 6:11.12-1deb8u6 CVE ID : CVE-2015-1872 CVE-2017-14058 CVE-2017-1000460 CVE-2018-6392 CVE-2018-1999012 Debian Bug : Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2015-1872 The ffmjpegdecodesof function i...
[SECURITY] [DLA 1738-1] gpsd security update
Package : gpsd Version : 3.11-3+deb8u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON...
[SECURITY] [DSA 4917-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4917-1 [email protected] https://www.debian.org/security/ Michael Gilbert May 17, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2628-1] python2.7 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2628-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 17, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 1963-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u12 CVE ID : CVE-2019-9959 CVE-2019-10871 Two buffer allocation issues were identified in poppler. CVE-2019-9959 An unexpected negative length value can cause an integer overflow, which in turn making it possible to allocate a large memory chunk on the hea...
[SECURITY] [DLA 1864-1] patch security update
Package : patch Version : 2.7.5-1+deb8u3 CVE ID : CVE-2019-13638 An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 "Jessie", this...
[SECURITY] [DLA 1844-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.3.3-1+deb8u2 CVE ID : CVE-2019-13031 Debian Bug : 931117 It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side...
[SECURITY] [DLA 1809-1] libav security update
Package : libav Version : 6:11.12-1deb8u7 CVE ID : CVE-2018-15822 CVE-2019-11338 Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty...
[SECURITY] [DLA 1668-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u7 CVE ID : CVE-2019-1000019 CVE-2019-1000020 Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that...
[SECURITY] [DLA 4031-1] git security update
Debian LTS Advisory DLA-4031-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton January 28, 2025 https://wiki.debian.org/LTS Package : git Version : 1:2.30.2-1+deb11u4 CVE ID : CVE-2024-50349 CVE-2024-52006 Debian Bug : 1093042 Multiple vulnerabilities were discovered...
[SECURITY] [DLA 2669-1] libxml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2669-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 30, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 1821-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u6 CVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616...
[SECURITY] [DLA 1789-1] intel-microcode security update
Package : intel-microcode Version : 3.20190514.1deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929007 This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support to implement mitigations for the MSBDS, MFBDS, MLPDS...
[SECURITY] [DSA 4411-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4411-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1665-1] netmask security update
Package : netmask Version : 2.3.12+deb8u1 Debian Bug : 921565 A buffer overflow was found in netmask which would crash when called with arbitrarily long inputs. For Debian 8 "Jessie", this problem has been fixed in version 2.3.12+deb8u1. We recommend that you upgrade your netmask packages. Furthe...
[SECURITY] [DLA 3876-1] setuptools security update
Debian LTS Advisory DLA-3876-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 05, 2024 https://wiki.debian.org/LTS Package : setuptools Version : 52.0.0-4+deb11u1 CVE ID : CVE-2022-40897 CVE-2024-6345 Debian Bug : Brief introduction CVE-2022-40897...
[SECURITY] [DLA 2593-1] ca-certificates whitelist Symantec CA
----------------------------------------------------------------------- Debian LTS Advisory DLA-2593-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 14, 2021 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2058-1] nss security update
Package : nss Version : 2:3.26-1+debu8u10 CVE ID : CVE-2019-17006 It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow. For Debian 8 "Jessie", this...