14409 matches found
[SECURITY] [DLA 1940-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.189-3+deb9u1deb8u1 CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821...
[SECURITY] [DLA 1942-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-16993 In phpBB, includes/acp/acpbbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a...
[SECURITY] [DLA 1941-1] netty security update
Package : netty Version : 1:3.2.6.Final-2+deb8u1 CVE ID : CVE-2019-16869 Netty mishandled whitespace before the colon in HTTP headers such as a “Transfer-Encoding : chunked” line, which lead to HTTP request smuggling. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1900-2] apache2 regression update
Package : apache2 Version : 2.4.10-10+deb8u16 CVE ID : CVE-2019-10092 Debian Bug : 941202 The update of apache2 released as DLA-1900-1 contained an incomplete fix for CVE-2019-10092, a limited cross-site scripting issue affecting the modproxy error page. The old patch rather introduced a new CSRF...
[SECURITY] [DLA 1939-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u11 CVE ID : CVE-2018-20650 CVE-2018-21009 CVE-2019-12493 Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650 A missing check for the dict data type could lead to a denial of service. CVE-2018-21009 An integer overflow might...
[SECURITY] [DLA 1938-1] file-roller security update
Package : file-roller Version : 3.14.1-1+deb8u1 CVE ID : CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. For Debian 8 "Jessie", this proble...
[SECURITY] [DSA 4538-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4538-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1937-1] httpie security update
Package : httpie Version : 0.8.0-1+deb8u1 CVE ID : CVE-2019-10751 Debian Bug : 940058 An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his o...
[SECURITY] [DSA 4537-1] file-roller security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4537-1] file-roller security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1936-1] cups security update
Package : cups Version : 1.7.5-11+deb8u6 CVE ID : CVE-2018-4300 An issue has been found in cups, the Common UNIX Printing Systemtm. While generating a session cookie for the CUPS web interface, a predictable random number seed was used. This could lead to unauthorized scripted access to the enabl...
[SECURITY] [DLA 1935-1] e2fsprogs security update
Package : e2fsprogs Version : 1.42.12-2+deb8u1 CVE ID : CVE-2019-5094 Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code. Fo...
[SECURITY] [DLA 1934-1] cimg security update
Package : cimg Version : 1.5.9+dfsg-1+deb8u1 CVE ID : CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174 Several issues have been found in cimg, a powerful image processing library. CVE-2019-1010174 is related to a missing string...
[SECURITY] [DSA 4536-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4536-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4536-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4536-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4535-1] e2fsprogs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4535-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4535-1] e2fsprogs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4535-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4534-1] golang-1.11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4534-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1933-1] ruby-nokogiri security update
Package : ruby-nokogiri Version : 1.6.3.1+ds-1+deb8u1 CVE ID : CVE-2019-5477 A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. For Debian 8 "Jessie", this problem has been fixed in version 1.6.3.1+ds-1+deb8u1. We recommend th...
[SECURITY] [DLA 1932-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u12 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths...
[SECURITY] [DSA 4533-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4533-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1930-1] linux security update
Package : linux Version : 3.16.74-1 CVE ID : CVE-2016-10905 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-9506 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15218 CVE-2019-15219...
[SECURITY] [DSA 4532-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4532-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4531-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4531-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1931-1] libgcrypt20 security update
Package : libgcrypt20 Version : 1.6.3-2+deb8u6 CVE ID : CVE-2019-13627 Debian Bug : 938938 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version 1.6.3-2+deb8u6. We recommend that you...
[SECURITY] [DLA 1928-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u6 Debian Bug : 805222 An update has been made to php5, a server-side, HTML-embedded scripting language. Specficially, as reported in 805222, the ability to build extensions in certain older versions of PHP within Debian has been hindered by an upstream...
[SECURITY] [DSA 4530-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4530-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4530-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4530-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1929-1] php-pecl-http security update
Package : php-pecl-http Version : 2.0.4-1+deb8u1 CVE ID : CVE-2016-7398 A vulnerability has been discovered in php-pecl-http, the peclhttp module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the mergeparam function allows attackers to crash PHP and possibly execute arbitrary...
[SECURITY] [DSA 4529-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4529-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1927-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u12 CVE ID : CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Debian Bug : 826151 832619 864219 929353 931351 933741 933742 939868 939869 Several vulnerabilities were found in QEMU, a fa...
[SECURITY] [DSA 4528-1] bird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4528-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4527-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4527-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4526-1] opendmarc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4526-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4526-1] opendmarc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4526-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4525-1] ibus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4525-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4525-1] ibus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4525-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1926-1] thunderbird security update
Package : thunderbird Version : 1:60.9.0-1deb8u1 CVE ID : CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site...
[SECURITY] [DLA 1925-1] python2.7 security update
Package : python2.7 Version : 2.7.9-2+deb8u5 CVE ID : CVE-2019-16056 A vulnerability was discovered in Python, an interactive high-level object-oriented language. CVE-2019-16056 The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email...
[SECURITY] [DLA 1924-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u7 CVE ID : CVE-2019-16056 A vulnerability was discovered in Python, an interactive high-level object-oriented language. CVE-2019-16056 The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email...
[SECURITY] [DSA 4524-1] dino-im security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4524-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1922-1] wpa security update
Package : wpa Version : 2.3-1+deb8u9 CVE ID : CVE-2019-16275 Debian Bug : 940080 hostapd and wpasupplicant when controlling AP mode did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated...
[SECURITY] [DLA 1923-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u2 CVE ID : CVE-2015-3908 CVE-2015-6240 CVE-2018-10875 CVE-2019-10156 Debian Bug : 930065 Several vulnerabilities were discovered in Ansible, a configuration management, deployment, and task execution system. CVE-2015-3908 A potential man-in-the-middle...
[SECURITY] [DSA 4523-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4523-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1919-2] linux-4.9 security update
Package : linux-4.9 Version : 4.9.189-3deb8u1 CVE ID : CVE-2019-0136 CVE-2019-9506 CVE-2019-11487 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15807 CVE-2019-15924...
[SECURITY] [DSA 4522-1] faad2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4522-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre September 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1919-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.189-3deb8u1 CVE ID : CVE-2019-0136 CVE-2019-9506 CVE-2019-11487 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15807 CVE-2019-15924...
[SECURITY] [DLA 1921-1] dnsmasq security update
Package : dnsmasq Version : 2.72-3+deb8u5 CVE ID : CVE-2019-14513 Samuel R Lovejoy discovered a security vulnerability in dnsmasq. Carefully crafted packets by DNS servers might result in out of bounds read operations, potentially leading to a crash and denial of service. For Debian 8 "Jessie",...