14407 matches found
[SECURITY] [DLA 2181-1] shiro security update
Package : shiro Version : 1.2.3-1+deb8u1 CVE ID : CVE-2020-1957 Debian Bug : 955018 It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. For Debian 8...
[SECURITY] [DLA 2163-1] tinyproxy security update
Package : tinyproxy Version : 1.8.3-3+deb8u1 CVE ID : CVE-2017-11747 Debian Bug : 870307 948283 A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon. CVE-2017-11747 main.c in Tinyproxy created a /var/run/tinyproxy/tinyproxy.pid file after...
[SECURITY] [DSA 4636-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4636-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2083-1] hiredis security update
Package : hiredis Version : 0.11.0-4+deb8u1 CVE ID : CVE-2020-7105 Debian Bug : 949995 It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 "Jessie", these iss...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2030-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u10 CVE ID : CVE-2019-17267 CVE-2019-17531 More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking mor...
[SECURITY] [DSA 4416-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4405-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4405-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4347-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4306-1] python2.7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4306-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1510-1] glusterfs security update
Package : glusterfs Version : 3.5.2-2+deb8u4 CVE ID : CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 Debian Bug : 909215 Multiple security vulnerabilities were discovered in...
[SECURITY] [DSA 4277-1] mutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4277-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1415-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u3 CVE ID : CVE-2016-6609 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-9865 CVE-2017-18264 Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration...
[SECURITY] [DSA 4215-1] batik security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4195-1] wget security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4195-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1350-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u25 CVE ID : CVE-2018-7550 Debian Bug : 892041 The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, whi...
[SECURITY] [DLA 1320-1] samba security update
Package : samba Version : 3.6.6-6+deb7u16 CVE ID : CVE-2018-1050 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba i...
[SECURITY] [DLA 1311-1] adminer security update
Package : adminer Version : 3.3.3-1+deb7u1 CVE ID : CVE-2018-7667 Debian Bug : 893668 It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary systems and...
[SECURITY] [DLA 1303-1] python-django security update
Package : python-django Version : 1.4.22-1+deb7u4 CVE ID : CVE-2018-7536 CVE-2018-7537 Several functions were extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in several regular expressions. CVE-2018-7536 The django.utils.html.urlize function was extremel...
[SECURITY] [DLA 1286-1] quagga security update
Package : quagga Version : 0.99.22.4-1+wheezy3+deb7u3 CVE ID : CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that...
[SECURITY] [DSA 4072-1] bouncycastle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4072-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1195-1] curl security update
Package : curl Version : 7.26.0-1+wheezy23 CVE ID : CVE-2017-8817 CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern,...
[SECURITY] [DLA 1151-2] wordpress regression update
Package : wordpress Version : 3.6.1+dfsg-1deb7u19 Debian Bug : 881088 The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed a...
[SECURITY] [DSA 4024-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4024-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4020-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4020-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1154-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.16-1.1+deb7u12 CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 CVE-2017-14994 CVE-2017-14997 CVE-2017-15930 Debian Bug : 879999 Multiple vulnerabilities were found in graphicsmagick. CVE-2017-14103 The ReadJNGImage and ReadOneJNGImage...
[SECURITY] [DLA 1134-1] sdl-image1.2 security update
Package : sdl-image1.2 Version : 1.2.12-2+deb7u1 CVE ID : CVE-2017-2887 Debian Bug : 878267 It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow resulting in potential co...
[SECURITY] [DSA 3982-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3969-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3969-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3952-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3942-1] supervisor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3942-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1048-1] ghostscript security update
Package : ghostscript Version : 9.05dfsg-6.3+deb7u7 CVE ID : CVE-2017-7207 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2017-11714 Debian Bug : 858350 869977 869907 869910 869913 869915 869916 869917 Several issues were found in Ghostscript, the GPL...
[SECURITY] [DLA 1025-2] bind9 regression update
Package : bind9 The security update announced as DLA-1025-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. F...
[SECURITY] [DSA 3913-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3904-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3904-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3903-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3903-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 990-1] expat security update
Package : expat Version : 2.1.0-1+deb7u5 CVE ID : CVE-2017-9233 It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library: https://libexpat.github.io/doc/cve-2017-9233/ For Debian 7 "Wheezy", this issue has been fixed in expat version 2.1.0-1+deb7u5. We...
[SECURITY] [DLA 984-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u14 CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 Debian Bug : 863185 850316 tiff was affected by multiple memory leaks CVE-2017-9403, CVE-2017-9404 that could result in denial of service. Furthermore, while the current version in Debian wa...
[SECURITY] [DLA 963-1] exiv2 security update
Package : exiv2 Version : 0.23-1+deb7u1 CVE ID : CVE-2017-9239 Debian Bug : 863410 It was discovered that the exiv2 library fails to parse some crafted tiff images, leading to denial of service via application crash. For Debian 7 "Wheezy", these problems have been fixed in version 0.23-1+deb7u1. ...
[SECURITY] [DLA 952-1] kde4libs security update
Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...
[SECURITY] [DSA 3839-1] freetype security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 918-1] freetype security update
Package : freetype Version : 2.4.9-1.1+deb7u6 CVE ID : CVE-2017-8105 Debian Bug : 861220 860303 It was found that an out of bounds write caused by a heap-based buffer overflow could be triggered in freetype via a crafted font. This update also reverts the fix for CVE-2016-10328, as it was...
[SECURITY] [DLA 911-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u12 CVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Debian Bug : 859998 860000 860001 860003 Multiple security issues have been found in the tiff...
[SECURITY] [DLA 910-1] libreoffice security update
Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u9 CVE ID : CVE-2017-3157 CVE-2017-7870 CVE-2017-3157 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157...
[SECURITY] [DSA 3816-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3816-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 823-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.28-4+deb7u11 CVE ID : CVE-2017-6056 Debian Bug : 854551 The update for tomcat7 issued as DLA-823-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original...
[SECURITY] [DSA 3780-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3780-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3774-1] lcms2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 773-3] python-crypto regression update
Package : python-crypto Version : 2.6-4+deb7u6 CVE ID : CVE-2013-7459 Debian Bug : 849495, 850025, 850077 It was discovered that the previous attempt to fix the regression in python-crypto, a cryptographic algorithms and protocols for Python, was incorrect. This regression was initially introduce...
[SECURITY] [DSA 3751-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq -...