14409 matches found
[SECURITY] [DLA 1917-1] curl security update
Package : curl Version : 7.38.0-4+deb8u16 CVE ID : CVE-2019-5482 Debian Bug : 940010 It was discovered that there was a heap buffer overflow vulnerability in curl, the library and command-line tool for transferring data over the internet. For Debian 8 "Jessie", this issue has been fixed in curl...
[SECURITY] [DLA 1920-1] golang-go.crypto security update
Package : golang-go.crypto Version : 0.0hg190-1+deb8u2 CVE ID : CVE-2019-11841 This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidatin...
[SECURITY] [DLA 1918-1] libonig security update
Package : libonig Version : 5.9.5-3.2+deb8u3 CVE ID : CVE-2019-16163 Debian Bug : 939988 The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DLA 1916-1] opensc security update
Package : opensc Version : 0.16.0-3+deb8u1 CVE ID : CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16424 CVE-2018-16425 CVE-2018-16426 CVE-2018-16427 CVE-2019-15945 CVE-2019-15946 Debian Bug : 909444...
[SECURITY] [DSA 4521-1] docker.io security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4521-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4520-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4520-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1914-1] icedtea-web security update
Package : icedtea-web Version : 1.5.3-1+deb8u1 CVE ID : CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Debian Bug : 934319 Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web...
[SECURITY] [DLA 1915-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u5 CVE ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file...
[SECURITY] [DSA 4519-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4519-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4518-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4518-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4518-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4518-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1913-1] memcached security update
Package : memcached Version : 1.4.21-1.1+deb8u3 CVE ID : CVE-2019-15026 Debian Bug : 939337 It was discovered that there was a stack-based buffer over-read in memcached, the in-memory object caching system. For Debian 8 "Jessie", this issue has been fixed in memcached version 1.4.21-1.1+deb8u3. W...
[SECURITY] [DLA 1912-1] expat security update
Package : expat Version : 2.1.0-6+deb8u6 CVE IDs : CVE-2019-15903 Debian Bug : 939394 It was discovered that there was a heap-based buffer overread vulnerability in expat, an XML parsing library. A specially-crafted XML input could fool the parser into changing from DTD parsing to document parsin...
[SECURITY] [DLA 1911-1] exim4 security update
Package : exim4 Version : 4.84.2-2+deb8u6 CVE ID : CVE-2019-15846 "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges. For Debian 8 "Jessie", this proble...
[SECURITY] [DSA 4517-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4517-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1910-1] firefox-esr security update
Package : firefox-esr Version : 60.9.0esr-1deb8u1 CVE ID : CVE-2019-9812 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of...
[SECURITY] [DSA 4516-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4516-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4515-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4515-1 [email protected] https://www.debian.org/security/ Alberto Garcia September 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1909-1] freetype security update
Package : freetype Version : 2.5.2-3+deb8u4 CVE ID : CVE-2015-9381 CVE-2015-9382 CVE-2015-9383 Several newly-referenced issues have been fixed in the FreeType 2 font engine. CVE-2015-9381 heap-based buffer over-read in T1GetPrivateDict in type1/t1parse.c CVE-2015-9382 buffer over-read in...
[SECURITY] [DSA 4514-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4514-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4513-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4513-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4513-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4513-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4512-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4512-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1908-1] pump security update
Package : pump Version : 0.8.24-7+deb8u1 Debian Bug : 933674 It was discovered that there was an arbitrary code execution vulnerability in the pump BOOTP and DHCP client. When copying the body of the server response, the ethernet packet length could be forged leading to being able to overwrite up...
[SECURITY] [DLA 1907-1] libav security update
Package : libav Version : 6:11.12-1deb8u8 CVE ID : CVE-2017-9987 CVE-2018-5766 CVE-2018-11102 CVE-2019-14372 CVE-2019-14442 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2017-9987 In Libav, there was a heap-based buffer overflow...
[SECURITY] [DSA 4511-1] nghttp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4511-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1906-1] python2.7 security update
Package : python2.7 Version : 2.7.9-2+deb8u4 CVE ID : CVE-2018-20852 A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domain...
[SECURITY] [DLA 1905-1] gosa security update
Package : gosa Version : 2.7.4+reloaded2-1+deb8u5 CVE ID : CVE-2019-14466 GOsa² used unserialize to restore filter settings from a cookie. Since this cookie was supplied by the client, authenticated users could have passed arbitrary content to unserialized, which opened GOsa² up to a potential PH...
[SECURITY] [DLA 1904-1] libextractor security update
Package : libextractor Version : 1:1.3-2+deb8u5 CVE ID : CVE-2019-15531 jianglin found an issue in libextractor, a library that extracts meta-data from files of arbitrary type. A crafted file could result in a heap-buffer-overflow vulnerability in function EXTRACTORdviextractmethod in...
[SECURITY] [DLA 1903-1] subversion security update
Package : subversion Version : 1.8.10-6+deb8u7 CVE ID : CVE-2018-11782 CVE-2019-0203 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-11782 Ace Olszowka reported that the...
[SECURITY] [DLA 1902-1] djvulibre security update
Package : djvulibre Version : 3.5.25.4-4+deb8u1 CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format. The issues are a heap-buffer-overflow, a stack-overflow, an infinite...
[SECURITY] [DLA 1901-1] dovecot security update
Package : dovecot Version : 1:2.2.13-12deb8u7 CVE ID : CVE-2019-11500 Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input both pre- and post-login. A remote attacker can take advantage of this flaw to...
[SECURITY] [DLA 1900-1] apache2 security update
Package : apache2 Version : 2.4.10-10+deb8u15 CVE ID : CVE-2019-10092 CVE-2019-10098 Two security vulnerabilities were found in the Apache HTTP server. CVE-2019-10092 Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the modproxy error page. CVE-2019-10098 Yukitsugu...
[SECURITY] [DLA 1899-1] faad2 security update
Package : faad2 Version : 2.7-8+deb8u3 CVE ID : CVE-2018-19502 CVE-2018-20196 CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2019-15296 Debian Bug : 914641 Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder: CVE-2018-19502 Heap buffer overflow in the functi...
[SECURITY] [DSA 4510-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4510-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4510-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4510-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4509-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4509-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1898-1] xymon security update
Package : xymon Version : 4.3.17-6+deb8u2 CVE ID : CVE-2019-13273 CVE-2019-13274 CVE-2019-13451 CVE-2019-13452 CVE-2019-13455 CVE-2019-13484 CVE-2019-13485 CVE-2019-13486 Multiple vulnerabilities have been found in xymon, the network monitoring application. Remote attackers might leverage these...
[SECURITY] [DLA 1897-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u9 CVE ID : CVE-2019-14973 Even Rouault found an issue in tiff, a library providing support for the Tag Image File Format. Wrong handling off integer overflow checks, that are based on undefined compiler behavior, might result in an application crash. For...
[SECURITY] [DLA 1896-1] commons-beanutils security update
Package : commons-beanutils Version : 1.9.2-1+deb8u1 CVE ID : CVE-2019-10086 It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code. For Debian 8 "Jessie", this issue has been fixed in commons-beanutils versi...
[SECURITY] [DSA 4508-1] h2o security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4508-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4506-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4506-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1895-1] libmspack security update
Package : libmspack Version : 0.5-1+deb8u4 CVE ID : CVE-2019-1010305 JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information. For Debian 8 "Jessie", this problem has...
[SECURITY] [DLA 1894-1] libapache2-mod-auth-openidc security
Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u1 CVE ID : CVE-2019-1010247 Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll...
[SECURITY] [DLA 1886-2] openjdk-7 regression update
Package : openjdk-7 Version : 7u231-2.6.19-1deb8u2 Debian Bug : 935082 750400 The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream develope...
[SECURITY] [DLA 1893-1] cups security update
Package : cups Version : 1.7.5-11+deb8u5 CVE ID : CVE-2019-8675 CVE-2019-8696 Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other...
[SECURITY] [DSA 4505-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4505-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 22, 2019 https://www.debian.org/security/faq -...