14407 matches found
[SECURITY] [DLA 1211-1] libxml2 security update
Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy12 CVE ID : CVE-2017-15412 CVE-2017-15412 It was detected that some function calls in the XPath extensions functions could result in memory corruption due to "use after free". For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DLA 1199-1] thunderbird security update
Package : thunderbird Version : 1:52.5.0-1deb7u1 CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution o...
[SECURITY] [DSA 4035-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4034-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4034-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4023-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1113-1] ruby1.8 security update
Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence...
[SECURITY] [DLA 1103-1] bluez security update
Package : bluez Version : 4.99-2+deb7u1 CVE ID : CVE-2017-1000250 Debian Bug : 875633 The SDP server in BlueZ is vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the...
[SECURITY] [DSA 3972-1] bluez security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3972-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1093-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u16 CVE ID : CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 Debian Bug : 868513 872607 873880 873879 Several vulnerabilities have been discovered in the Tag Image File Format TIFF library and its associated tools. CVE-2017-11335 A heap based buffe...
[SECURITY] [DLA 1074-1] poppler security update
Package : poppler Version : 0.18.4-6+deb7u2 CVE ID : CVE-2013-4473 CVE-2013-4474 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 Several buffer and integer overflow issues were discovered in Poppler, a PDF library, that could lead to application crash or possibly other unspecified impact via maliciousl...
[SECURITY] [DLA 1046-1] lucene-solr security update
Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u2 CVE ID : CVE-2017-3163 Debian Bug : 867712 lucene-solr handler supports an HTTP API /replication?command=filecontent&file=filename which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user...
[SECURITY] [DLA 945-1] mysql-connector-java security update
Package : mysql-connector-java Version : 5.1.42-1deb7u1 CVE ID : CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 Several issues were discovered in mysql-connector-java that allow attackers to execute arbitrary code, insert or delete access to some of MySQL Connectors accessible data as well as...
[SECURITY] [DSA 3854-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3854-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3848-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 905-1] ghostscript security update
Package : ghostscript Version : 9.05dfsg-6.3+deb7u5 CVE ID : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 ghostscript is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2016-10219 Application crash with division by 0 in scan conversion code...
[SECURITY] [DLA 896-1] icedove/thunderbird security update
Package : icedove Version : 1:45.8.0-3deb7u1 CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...
[SECURITY] [DLA 868-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u12 CVE ID : CVE-2016-10062 CVE-2017-6498 CVE-2017-6500 Debian Bug : 849439 856878 856879 Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include denial of service and...
[SECURITY] [DSA 3795-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3757-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3757-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 689-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u18 CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 Debian Bug : 839834 841950 841955 842455 842463 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick EmulatorQemu. The Common...
[SECURITY] [DLA 648-1] c-ares security update
Package : c-ares Version : 1.9.1-3+deb7u1 CVE ID : CVE-2016-5180 Debian Bug : 839151 Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to...
[SECURITY] [DLA 640-1] icedove security update
Package : icedove Version : 1:45.3.0-1deb7u1 CVE ID : CVE-2016-2836 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For Debian 7 "Wheezy",...
[SECURITY] [DLA 574-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.16-1.1+deb7u3 CVE IDs : 2016-5240 2016-5241 It was discovered that there were two denial of service vulnerabilities in graphicsmagick, a collection of image processing tools: CVE-2016-5240: Prevent denial-of-service by detecting and rejecting negative...
[SECURITY] [DLA 543-1] sqlite3 security update
Package : sqlite3 Version : 3.7.13-1+deb7u3 CVE ID : CVE-2016-6153 It was discovered that sqlite3, a C library that implements a SQL database engine, would reject a temporary directory e.g., as specified by the TMPDIR environment variable to which the executing user did not have read permissions...
[SECURITY] [DSA 3615-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3615-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 526-1] mysql-connector-java security update
Package : mysql-connector-java Version : 5.1.39-1deb7u1 CVE ID : CVE-2015-2575 A vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J has been discovered that may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data a...
[SECURITY] [DLA 509-1] samba security update
Package : samba Version : 2:3.6.6-6+deb7u10 Debian Bug : 820982 821811 The Samba 2:3.6.6-6+deb7u9 release, issued by the DSA-3548-1, introduced different regressions causing trust relationship with Win 7 domains to fail. The fix for the CVE-2016-2115 has been reverted, so administrators should se...
[SECURITY] [DSA 3591-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3591-1 [email protected] https://www.debian.org/security/ Luciano Bello June 01, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3584-1] librsvg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 482-1] libgd2 security update
Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u3 CVE ID : CVE-2015-8874 Debian Bug : 824627 It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call. For...
[SECURITY] [DSA 3555-1] imlib2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3555-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini April 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3549-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3549-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3467-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3467-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS February 06, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3461-1] freetype security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3461-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3456-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3456-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3432-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3432-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3418-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3418-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 14, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3418-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3418-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 14, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 350-1] eglibc security update
Package : eglibc Version : 2.11.3-4+deb6u8 CVE ID : not assigned yet Debian Bug : 803927 The strxfrm function is vulnerable to integer overflows when computing memory allocation sizes similar to CVE-2012-4412. Furthermore since it fallbacks to use alloca when malloc fails, it is vulnerable to...
[SECURITY] [DSA 3406-1] nspr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3406-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 25, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3375-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3349-1] qemu-kvm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3349-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3303-1] cups-filters security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3303-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 07, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3291-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3277-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3277-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 02, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 207-1] subversion security update
Package : subversion Version : 1.6.12dfsg-7+deb6u2 CVE ID : CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2014-0032 CVE-2015-0248 CVE-2015-0251 Debian Bug : 704940 737815 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and...
[SECURITY] [DLA 143-1] python-django security update
Package : python-django Version : 1.2.3-3+squeeze12 CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 Multiple security issues have been found in Django: https://www.djangoproject.com/weblog/2015/jan/13/security/ For Debian 6 Squeeeze, they have been fixed in version 1.2.3-3+squeeze12 of...
[SECURITY] [DLA 97-1] eglibc security update
Package : eglibc Version : 2.11.3-4+deb6u2 CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv...
[SECURITY] [DLA 89-1] nss security update
Package : nss Version : 3.12.8-1+squeeze10 CVE ID : CVE-2014-1544 In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote...
[SECURITY] [DSA 3067-1] qemu-kvm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3067-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 06, 2014 http://www.debian.org/security/faq -...