[SECURITY] [DLA 1791-1] lemonldap-ng security update

Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...

[SECURITY] [DLA 1691-1] exiv2 security update

From: Thorsten Alteholz [email protected] To: [email protected] Subject: SECURITY DLA 1691-1 exiv2 security update Package : exiv2 Version : 0.24-4.1+deb8u3 CVE ID : CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 Several issues have been found in...

[SECURITY] [DSA 4565-2] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1797-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u17 CVE ID : CVE-2019-11358 CVE-2019-11831 Debian Bug : 927330 928688 Several security vulnerabilities have been discovered in drupal7, a PHP web site platform. The vulnerabilities affect the embedded versions of the jQuery JavaScript library and the Typo3...

[SECURITY] [DLA 1720-1] liblivemedia security update

Package : liblivemedia Version : 2014.01.13-1+deb8u3 CVE ID : CVE-2019-9215 Debian Bug : 924655 It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this...

[SECURITY] [DLA 1667-1] dovecot security update

Package : dovecot Version : 1:2.2.13-12deb8u5 CVE ID : CVE-2019-3814 It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server. A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both authsslrequireclient,usernamefromcer...

[SECURITY] [DSA 4930-1] libwebp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4930-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1897-1] tiff security update

Package : tiff Version : 4.0.3-12.3+deb8u9 CVE ID : CVE-2019-14973 Even Rouault found an issue in tiff, a library providing support for the Tag Image File Format. Wrong handling off integer overflow checks, that are based on undefined compiler behavior, might result in an application crash. For...

[SECURITY] [DLA 1833-2] bzip2 regression update

Package : bzip2 Version : 1.0.6-4+deb7u2 CVE ID : CVE-2019-12900 The original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting certain lbzip2 files which were created with a buggy libzip2. Please see https://bugs.debian.org/9312...

[SECURITY] [DSA 5073-1] expat security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5073-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2091-1] libjackson-json-java security update

Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...

[SECURITY] [DSA 4545-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4545-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1851-1] openjpeg2 security update

Package : openjpeg2 Version : 2.1.0-2+deb8u7 CVE ID : CVE-2016-9112 CVE-2018-20847 Debian Bug : 931294 844551 Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library. CVE-2016-9112 A floating point exception or divide by zero in the function opjpinextcprl may lead to ...

[SECURITY] [DLA 1748-1] apache2 security update

Package : apache2 Version : 2.4.10-10+deb8u14 CVE ID : CVE-2019-0217 CVE-2019-0220 Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using...

[SECURITY] [DSA 4388-2] mosquitto regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4321-1] graphicsmagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4321-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4613-1] libidn2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1917-1] curl security update

Package : curl Version : 7.38.0-4+deb8u16 CVE ID : CVE-2019-5482 Debian Bug : 940010 It was discovered that there was a heap buffer overflow vulnerability in curl, the library and command-line tool for transferring data over the internet. For Debian 8 "Jessie", this issue has been fixed in curl...

[SECURITY] [DSA 4470-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4470-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1830-1] znc security update

Package : znc Version : 1.4-2+deb8u2 CVE ID : CVE-2019-12816 A vulnerability was discovered in the ZNC IRC bouncer which could result in remote code execution. For Debian 8 "Jessie", this problem has been fixed in version 1.4-2+deb8u2. We recommend that you upgrade your znc packages. Further...

[SECURITY] [DSA 4434-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4434-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4396-1] ansible security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4385-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1257-1] openssh security update

Package : openssh Version : 1:6.0p1-4+deb7u7 CVE ID : CVE-2016-10708 OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack. For Debian 7 "Wheezy", these problems have been fixed in version 1:6.0p1-4+deb7u7. We...

[SECURITY] [DLA 2024-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u7 CVE ID : CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 "Jessie", this issue has been fixed in phpmyadmin version...

[SECURITY] [DLA 1936-1] cups security update

Package : cups Version : 1.7.5-11+deb8u6 CVE ID : CVE-2018-4300 An issue has been found in cups, the Common UNIX Printing Systemtm. While generating a session cookie for the CUPS web interface, a predictable random number seed was used. This could lead to unauthorized scripted access to the enabl...

[SECURITY] [DLA 1832-1] libvirt security update

Package : libvirt Version : 1.2.9-9+deb8u7 CVE IDs : CVE-2019-10161 CVE-2019-10167 Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc. CVE-2019-10161: Prevent an vulnerability where readonly clients cou...

[SECURITY] [DLA 1738-1] gpsd security update

Package : gpsd Version : 3.11-3+deb8u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON...

[SECURITY] [DLA 1595-1] gnuplot5 security update

Package : gnuplot5 Version : 5.0.0rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow...

[SECURITY] [DSA 5480-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5480-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2628-1] python2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2628-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 17, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 1864-1] patch security update

Package : patch Version : 2.7.5-1+deb8u3 CVE ID : CVE-2019-13638 An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 "Jessie", this...

[SECURITY] [DLA 1859-1] bind9 security update

Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u18 CVE ID : CVE-2018-5743 A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could lead to exhaustion of file descriptors. In the worst case this could affect the file...

[SECURITY] [DLA 1844-1] lemonldap-ng security update

Package : lemonldap-ng Version : 1.3.3-1+deb8u2 CVE ID : CVE-2019-13031 Debian Bug : 931117 It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side...

[SECURITY] [DLA 1740-1] libav security update

Package : libav Version : 6:11.12-1deb8u6 CVE ID : CVE-2015-1872 CVE-2017-14058 CVE-2017-1000460 CVE-2018-6392 CVE-2018-1999012 Debian Bug : Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2015-1872 The ffmjpegdecodesof function i...

[SECURITY] [DLA 1668-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u7 CVE ID : CVE-2019-1000019 CVE-2019-1000020 Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that...

[SECURITY] [DLA 4031-1] git security update

Debian LTS Advisory DLA-4031-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton January 28, 2025 https://wiki.debian.org/LTS Package : git Version : 1:2.30.2-1+deb11u4 CVE ID : CVE-2024-50349 CVE-2024-52006 Debian Bug : 1093042 Multiple vulnerabilities were discovered...

[SECURITY] [DSA 4917-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4917-1 [email protected] https://www.debian.org/security/ Michael Gilbert May 17, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1963-1] poppler security update

Package : poppler Version : 0.26.5-2+deb8u12 CVE ID : CVE-2019-9959 CVE-2019-10871 Two buffer allocation issues were identified in poppler. CVE-2019-9959 An unexpected negative length value can cause an integer overflow, which in turn making it possible to allocate a large memory chunk on the hea...

[SECURITY] [DLA 1809-1] libav security update

Package : libav Version : 6:11.12-1deb8u7 CVE ID : CVE-2018-15822 CVE-2019-11338 Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty...

[SECURITY] [DLA 1789-1] intel-microcode security update

Package : intel-microcode Version : 3.20190514.1deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929007 This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support to implement mitigations for the MSBDS, MFBDS, MLPDS...

[SECURITY] [DSA 4411-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4411-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1665-1] netmask security update

Package : netmask Version : 2.3.12+deb8u1 Debian Bug : 921565 A buffer overflow was found in netmask which would crash when called with arbitrarily long inputs. For Debian 8 "Jessie", this problem has been fixed in version 2.3.12+deb8u1. We recommend that you upgrade your netmask packages. Furthe...

[SECURITY] [DLA 2669-1] libxml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2669-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 30, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2593-1] ca-certificates whitelist Symantec CA

----------------------------------------------------------------------- Debian LTS Advisory DLA-2593-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 14, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2058-1] nss security update

Package : nss Version : 2:3.26-1+debu8u10 CVE ID : CVE-2019-17006 It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow. For Debian 8 "Jessie", this...

[SECURITY] [DSA 4513-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4513-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2330-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2330-1 [email protected] https://www.debian.org/lts/security/ August 16, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

[SECURITY] [DSA 4683-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4683-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2016-1] ssvnc security update

Package : ssvnc Version : 1.0.29-2+deb8u1 CVE ID : CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 Debian Bug : 945827 Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have...