[SECURITY] [DLA 1879-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u8 CVE ID : CVE-2019-14379 CVE-2019-14439 Debian Bug : 933393 Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was...

[SECURITY] [DLA 1878-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u5 CVE ID : CVE-2019-11041 CVE-2019-11042 Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DSA 4499-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4499-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4498-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4498-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4498-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4498-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4496-1] pango1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4496-1] pango1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1876-1] gosa security update

Package : gosa Version : 2.7.4+reloaded2-1+deb8u4 CVE ID : CVE-2019-11187 In GOsa², an LDAP web-frontend written in PHP, a vulnerability was found that could theoretically have lead to unauthorized access to the LDAP database managed with FusionDirectory. LDAP queries result status "Success" chec...

[SECURITY] [DLA 1875-1] fusiondirectory security update

Package : fusiondirectory Version : 1.0.8.2-5+deb8u2 CVE ID : CVE-2019-11187 In FusionDirectory, an LDAP web-frontend written in PHP originally derived GOsa² 2.6.x, a vulnerability was found that could theoretically lead to unauthorized access to the LDAP database managed with FusionDirectory. LD...

[SECURITY] [DSA 4495-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4495-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4494-1] kconfig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4494-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA-1874-1] postgresql-9.4 security update

Package : postgresql-9.4 Version : 9.4.24-0+deb8u1 CVE ID : CVE-2019-10208 CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of th...

[SECURITY] [DSA 4493-1] postgresql-11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4493-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4492-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4492-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1873-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u3 CVE ID : CVE-2019-12815 Debian Bug : 932453 Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. For Debian 8 "Jessie", this problem has...

[SECURITY] [DLA 1872-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u7 CVE IDs : CVE-2019-14232 CVE-2019-14233 Debian Bug : 934026 It was discovered that there were two vulnerabilities in the Django web development framework: CVE-2019-14232: Prevent a possible denial-of-service in django.utils.text.Truncator. If...

[SECURITY] [DLA 1866-2] glib2.0 regression update

Package : glib2.0 Version : 2.42.1-1+deb8u3 CVE ID : CVE-2019-13012 Debian Bug : 933877 Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie. For Debian 8 "Jessie", this problem has been fixed in version 2.42.1-1+deb8u3. We...

[SECURITY] [DSA 4491-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4491-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1871-1] vim security update

Package : vim Version : 2:7.4.488-7+deb8u4 CVE ID : CVE-2017-11109 CVE-2017-17087 CVE-2019-12735 Debian Bug : 867720 930020 Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service invalid free or possibly hav...

[SECURITY] [DLA 1870-1] thunderbird security update

Package : thunderbird Version : 1:60.8.0-1deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary cod...

[SECURITY] [DLA 1869-1] firefox-esr security update

Package : firefox-esr Version : 60.8.0esr-1deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the...

[SECURITY] [DLA 1868-1] squirrelmail security update

Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb8u4 CVE ID : CVE-2019-12970 A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails c...

[SECURITY] [DLA 1867-1] wpa security update

Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...

[SECURITY] [DSA 4490-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4490-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1866-1] glib2.0 security update

Package : glib2.0 Version : 2.42.1-1+deb8u2 CVE ID : CVE-2018-16428 CVE-2018-16429 CVE-2019-13012 Debian Bug : 931234 Various minor issues have been addressed in the GLib library. GLib is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME. CVE-2018-16428 In GNOME...

[SECURITY] [DLA 1730-4] libssh2 regression update

Package : libssh2 Version : 1.4.3-4.1+deb8u5 CVE ID : CVE-2019-3860 Several more boundary checks have been backported to libssh2s src/sftp.c. Furthermore, all boundary checks in src/sftp.c now result in an LIBSSH2ERRORBUFFERTOOSMALL error code, rather than a LIBSSH2ERROR OUTOFBOUNDARY error code...

[SECURITY] [DLA 1846-2] unzip regression update

Package : unzip Version : 6.0-16+deb8u5 CVE ID : CVE-2019-13232 Debian Bug : 932404 The unzip security update issued as DLA 1846-1 caused a regression when building the Firefox web browser from source. There is a zip-like file in the Firefox distribution, omni.ja, which is a zip container with th...

[SECURITY] [DLA 1865-1] sdl-image1.2 security update

Package : sdl-image1.2 Version : 1.2.12-5+deb9u2 CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 The following issues have been found in sdl-image1.2, the 1.x version of the...

[SECURITY] [DSA 4489-1] patch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4489-1] patch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1864-1] patch security update

Package : patch Version : 2.7.5-1+deb8u3 CVE ID : CVE-2019-13638 An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 "Jessie", this...

[SECURITY] [DLA 1730-3] libssh2 regression update

Package : libssh2 Version : 1.4.3-4.1+deb8u4 CVE ID : CVE-2019-3859 CVE-2019-13115 Various security problems have been additionally fixed in libssh2, an SSH client implementation written in C++. CVE-2019-3859 While investigating the impact of CVE-2019-13115 in Debian jessies version of libssh2, i...

[SECURITY] [DSA 4488-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4488-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4487-1] neovim security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4487-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1863-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u4deb8u1 CVE ID : CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges und...

[SECURITY] [DLA 1862-1] linux security update

Package : linux Version : 3.16.70-1 CVE ID : CVE-2019-2101 CVE-2019-10639 CVE-2019-13272 Debian Bug : 930904 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered...

[SECURITY] [DLA 1861-1] libsdl2-image security update

Package : libsdl2-image Version : 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 Debian Bug : 932754, 932755 The following issues have been found in libsdl2-image, the...

[SECURITY] [DLA 1860-1] libxslt security update

Package : libxslt Version : 1.1.28-2+deb8u5 CVE ID : CVE-2016-4609 CVE-2016-4610 CVE-2019-13117 CVE-2019-13118 Debian Bug : 932321 932320 Several vulnerabilities were found in libxslt the XSLT 1.0 processing library. CVE-2016-4610 Invalid memory access leading to DoS at exsltDynMapFunction. libxs...

[SECURITY] [DLA 1859-1] bind9 security update

Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u18 CVE ID : CVE-2018-5743 A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could lead to exhaustion of file descriptors. In the worst case this could affect the file...

[SECURITY] [DSA 4486-1] openjdk-11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4486-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4485-1] openjdk-8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4485-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1858-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u8 CVE ID : CVE-2019-12525 CVE-2019-12529 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing. CVE-2019-12525 Due to incorrect buffer...

[SECURITY] [DLA 1857-1] nss security update

Package : nss Version : 2:3.26-1+debu8u5 CVE ID : CVE-2019-11719 CVE-2019-11729 Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2019-11719: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS8forma...

[SECURITY] [DSA 4484-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4484-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4484-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4484-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1856-1] patch security update

Package : patch Version : 2.7.5-1+deb8u2 CVE ID : CVE-2019-13636 Handling of symlinks in patch, a tool to apply a diff file to an original, was wrong in certain cases. For Debian 8 "Jessie", this problem has been fixed in version 2.7.5-1+deb8u2. We recommend that you upgrade your patch packages...