14409 matches found
[SECURITY] [DSA 4504-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4504-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1892-1] flask security update
Package : flask Version : 0.10.1-2+deb8u1 CVE ID : CVE-2018-1000656 Flask, a micro web framework for Python contains a CWE-20: Improper Input Validation vulnerability that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via...
[SECURITY] [DLA 1891-1] openldap security update
Package : openldap Version : 2.4.40+dfsg-1+deb8u5 CVE ID : CVE-2019-13057 CVE-2019-13565 Debian Bug : 932997 932998 Several security vulnerabilities were discovered in openldap, a server and tools to provide a standalone directory service. CVE-2019-13057 When the server administrator delegates...
[SECURITY] [DLA 1890-1] kde4libs security update
Package : kde4libs Version : 4:4.14.2-5+deb8u3 CVE ID : CVE-2019-14744 Debian Bug : 934268 Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could the...
[SECURITY] [DSA 4503-1] golang-1.11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4503-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1889-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u6 CVE ID : CVE-2018-20852 A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domain...
[SECURITY] [DSA 4502-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4502-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1888-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u17 CVE ID : CVE-2019-12974 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974 NULL pointer dereference in...
[SECURITY] [DLA 1886-1] openjdk-7 security update
Package : openjdk-7 Version : 7u231-2.6.19-1deb8u1 CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the...
[SECURITY] [DLA 1887-1] freetype security update
Package : freetype Version : 2.5.2-3+deb8u3 CVE ID : CVE-2015-9290 A buffer over-read in the t1-parser of freetype, a font engine, has been found and fixed by checking limits more sensible. For Debian 8 "Jessie", this problem has been fixed in version 2.5.2-3+deb8u3. We recommend that you upgrade...
[SECURITY] [DSA 4501-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4501-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1877-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u11 CVE ID : CVE-2018-11563 CVE-2019-12746 CVE-2019-13458 Several security issues have been fixed in otrs2, a well known trouble ticket system. CVE-2018-11563 An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose...
[SECURITY] [DLA 1885-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u5deb8u1 CVE ID : CVE-2017-18509 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856 CVE-2019-1125 CVE-2019-3882 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have...
[SECURITY] [DLA 1884-1] linux security update
Package : linux Version : 3.16.72-1 CVE ID : CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...
[SECURITY] [DLA 1883-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u15 CVE ID : CVE-2016-5388 CVE-2018-8014 CVE-2019-0221 Debian Bug : 929895 898935 Several minor issues have been fixed in tomcat8, a Java Servlet and JSP engine. CVE-2016-5388 Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18...
[SECURITY] [DLA 1882-1] atril security update
Package : atril Version : 1.8.1+dfsg1-4+deb8u2 CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 A few issues were found in Atril, the MATE document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could le...
[SECURITY] [DLA 1881-1] evince security update
Package : evince Version : 3.14.1-2+deb8u3 CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 A few issues were found in the Evince document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a...
[SECURITY] [DLA 1880-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638 Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions ...
[SECURITY] [DSA 4500-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4500-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4500-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4500-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4497-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4497-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4497-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4497-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1879-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u8 CVE ID : CVE-2019-14379 CVE-2019-14439 Debian Bug : 933393 Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was...
[SECURITY] [DLA 1878-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u5 CVE ID : CVE-2019-11041 CVE-2019-11042 Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DSA 4499-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4499-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4498-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4498-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4498-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4498-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4496-1] pango1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4496-1] pango1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1876-1] gosa security update
Package : gosa Version : 2.7.4+reloaded2-1+deb8u4 CVE ID : CVE-2019-11187 In GOsa², an LDAP web-frontend written in PHP, a vulnerability was found that could theoretically have lead to unauthorized access to the LDAP database managed with FusionDirectory. LDAP queries result status "Success" chec...
[SECURITY] [DLA 1875-1] fusiondirectory security update
Package : fusiondirectory Version : 1.0.8.2-5+deb8u2 CVE ID : CVE-2019-11187 In FusionDirectory, an LDAP web-frontend written in PHP originally derived GOsa² 2.6.x, a vulnerability was found that could theoretically lead to unauthorized access to the LDAP database managed with FusionDirectory. LD...
[SECURITY] [DSA 4495-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4495-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4494-1] kconfig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4494-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA-1874-1] postgresql-9.4 security update
Package : postgresql-9.4 Version : 9.4.24-0+deb8u1 CVE ID : CVE-2019-10208 CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of th...
[SECURITY] [DSA 4493-1] postgresql-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4493-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4492-1] postgresql-9.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4492-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1873-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u3 CVE ID : CVE-2019-12815 Debian Bug : 932453 Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. For Debian 8 "Jessie", this problem has...
[SECURITY] [DLA 1872-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u7 CVE IDs : CVE-2019-14232 CVE-2019-14233 Debian Bug : 934026 It was discovered that there were two vulnerabilities in the Django web development framework: CVE-2019-14232: Prevent a possible denial-of-service in django.utils.text.Truncator. If...
[SECURITY] [DLA 1866-2] glib2.0 regression update
Package : glib2.0 Version : 2.42.1-1+deb8u3 CVE ID : CVE-2019-13012 Debian Bug : 933877 Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie. For Debian 8 "Jessie", this problem has been fixed in version 2.42.1-1+deb8u3. We...
[SECURITY] [DSA 4491-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4491-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1871-1] vim security update
Package : vim Version : 2:7.4.488-7+deb8u4 CVE ID : CVE-2017-11109 CVE-2017-17087 CVE-2019-12735 Debian Bug : 867720 930020 Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service invalid free or possibly hav...
[SECURITY] [DLA 1870-1] thunderbird security update
Package : thunderbird Version : 1:60.8.0-1deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary cod...
[SECURITY] [DLA 1869-1] firefox-esr security update
Package : firefox-esr Version : 60.8.0esr-1deb8u1 CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the...
[SECURITY] [DLA 1868-1] squirrelmail security update
Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb8u4 CVE ID : CVE-2019-12970 A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails c...
[SECURITY] [DLA 1867-1] wpa security update
Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...
[SECURITY] [DSA 4490-1] subversion security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4490-1] subversion security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1866-1] glib2.0 security update
Package : glib2.0 Version : 2.42.1-1+deb8u2 CVE ID : CVE-2018-16428 CVE-2018-16429 CVE-2019-13012 Debian Bug : 931234 Various minor issues have been addressed in the GLib library. GLib is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME. CVE-2018-16428 In GNOME...