14409 matches found
[SECURITY] [DLA 1730-4] libssh2 regression update
Package : libssh2 Version : 1.4.3-4.1+deb8u5 CVE ID : CVE-2019-3860 Several more boundary checks have been backported to libssh2s src/sftp.c. Furthermore, all boundary checks in src/sftp.c now result in an LIBSSH2ERRORBUFFERTOOSMALL error code, rather than a LIBSSH2ERROR OUTOFBOUNDARY error code...
[SECURITY] [DLA 1846-2] unzip regression update
Package : unzip Version : 6.0-16+deb8u5 CVE ID : CVE-2019-13232 Debian Bug : 932404 The unzip security update issued as DLA 1846-1 caused a regression when building the Firefox web browser from source. There is a zip-like file in the Firefox distribution, omni.ja, which is a zip container with th...
[SECURITY] [DLA 1865-1] sdl-image1.2 security update
Package : sdl-image1.2 Version : 1.2.12-5+deb9u2 CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 The following issues have been found in sdl-image1.2, the 1.x version of the...
[SECURITY] [DSA 4489-1] patch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4489-1] patch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1864-1] patch security update
Package : patch Version : 2.7.5-1+deb8u3 CVE ID : CVE-2019-13638 An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 "Jessie", this...
[SECURITY] [DLA 1730-3] libssh2 regression update
Package : libssh2 Version : 1.4.3-4.1+deb8u4 CVE ID : CVE-2019-3859 CVE-2019-13115 Various security problems have been additionally fixed in libssh2, an SSH client implementation written in C++. CVE-2019-3859 While investigating the impact of CVE-2019-13115 in Debian jessies version of libssh2, i...
[SECURITY] [DSA 4488-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4488-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4487-1] neovim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4487-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1863-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u4deb8u1 CVE ID : CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges und...
[SECURITY] [DLA 1862-1] linux security update
Package : linux Version : 3.16.70-1 CVE ID : CVE-2019-2101 CVE-2019-10639 CVE-2019-13272 Debian Bug : 930904 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered...
[SECURITY] [DLA 1861-1] libsdl2-image security update
Package : libsdl2-image Version : 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 Debian Bug : 932754, 932755 The following issues have been found in libsdl2-image, the...
[SECURITY] [DLA 1860-1] libxslt security update
Package : libxslt Version : 1.1.28-2+deb8u5 CVE ID : CVE-2016-4609 CVE-2016-4610 CVE-2019-13117 CVE-2019-13118 Debian Bug : 932321 932320 Several vulnerabilities were found in libxslt the XSLT 1.0 processing library. CVE-2016-4610 Invalid memory access leading to DoS at exsltDynMapFunction. libxs...
[SECURITY] [DLA 1859-1] bind9 security update
Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u18 CVE ID : CVE-2018-5743 A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could lead to exhaustion of file descriptors. In the worst case this could affect the file...
[SECURITY] [DSA 4486-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4486-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4485-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4485-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1858-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u8 CVE ID : CVE-2019-12525 CVE-2019-12529 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing. CVE-2019-12525 Due to incorrect buffer...
[SECURITY] [DLA 1857-1] nss security update
Package : nss Version : 2:3.26-1+debu8u5 CVE ID : CVE-2019-11719 CVE-2019-11729 Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2019-11719: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS8forma...
[SECURITY] [DSA 4484-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4484-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4484-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4484-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1856-1] patch security update
Package : patch Version : 2.7.5-1+deb8u2 CVE ID : CVE-2019-13636 Handling of symlinks in patch, a tool to apply a diff file to an original, was wrong in certain cases. For Debian 8 "Jessie", this problem has been fixed in version 2.7.5-1+deb8u2. We recommend that you upgrade your patch packages...
[SECURITY] [DLA 1855-1] exiv2 security update
Package : exiv2 Version : 0.24-4.1+deb8u4 CVE ID : CVE-2019-13504 It was discovered that there was an integer overflow vulnerability in exiv2, a tool to manipulate images containing eg. EXIF metadata. This could have resulted in a denial of service via a specially- crafted file. For Debian 8...
[SECURITY] [DLA 1833-2] bzip2 regression update
Package : bzip2 Version : 1.0.6-4+deb7u2 CVE ID : CVE-2019-12900 The original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting certain lbzip2 files which were created with a buggy libzip2. Please see https://bugs.debian.org/9312...
[SECURITY] [DLA 1854-1] libonig security update
Package : libonig Version : 5.9.5-3.2+deb8u2 CVE ID : CVE-2019-13224 Debian Bug : 931878 A use-after-free in onignewdeluxe in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacke...
[SECURITY] [DSA 4483-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4483-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4482-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4482-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1853-1] libspring-java security update
Package : libspring-java Version : 3.0.6.RELEASE-17+deb8u1 CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 Debian Bug : 760733 769698 796137 849167 Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. CVE-2014-3578 A...
[SECURITY] [DSA 4481-1] ruby-mini-magick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4481-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4481-1] ruby-mini-magick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4481-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4480-1] redis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4480-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4479-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4479-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1852-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u5 CVE ID : CVE-2019-9948 The urllib library in Python ships support for a second, not well known URL scheme for accessing local files "localfile://". This scheme can be used to circumvent protections that try to block local file access and only block the...
[SECURITY] [DSA 4478-1] dosbox security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4478-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1851-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u7 CVE ID : CVE-2016-9112 CVE-2018-20847 Debian Bug : 931294 844551 Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library. CVE-2016-9112 A floating point exception or divide by zero in the function opjpinextcprl may lead to ...
[SECURITY] [DLA 1850-1] redis security update
Package : redis Version : 2:2.8.17-1+deb8u7 CVE ID : CVE-2019-10192 Debian Bug : 931625 It was discovered that there were two heap buffer overflows in the Hyperloglog functionality provided by the Redis in-memory key-value database. For Debian 8 "Jessie", these issues have been fixed in redis...
[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update
Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272 Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null...
[SECURITY] [DLA 1849-1] zeromq3 security update
Package : zeromq3 Version : 4.0.5+dfsg-2+deb8u2 CVE ID : CVE-2019-13132 Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket...
[SECURITY] [DSA 4477-1] zeromq3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4477-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4477-1] zeromq3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4477-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1847-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u7 CVE ID : CVE-2019-13345 Debian Bug : 931478 It was discovered that there were multiple cross-site scripting vulnerabilities in the squid3 caching proxy server. For Debian 8 "Jessie", these issues have been fixed in squid3 version 3.4.8-6+deb8u7. We...
[SECURITY] [DLA 1846-1] unzip security update
Package : unzip Version : 6.0-16+deb8u4 CVE ID : CVE-2019-13232 Debian Bug : 931433 David Fifield discovered a way to construct non-recursive "zip bombs" that achieve a high compression ratio by overlapping files inside the zip container. However the output size increases quadratically in the inp...
[SECURITY] [DLA 1845-1] dosbox security update
Package : dosbox Version : 0.74-4+deb8u1 CVE ID : CVE-2019-7165 CVE-2019-12594 Debian Bug : 931222 Several security vulnerabilities were discovered in DOSBox, an emulator for running old DOS programs. CVE-2019-7165 A very long line inside a bat file would overflow the parsing buffer which could b...
[SECURITY] [DSA 4476-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4476-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1844-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.3.3-1+deb8u2 CVE ID : CVE-2019-13031 Debian Bug : 931117 It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side...
[SECURITY] [DLA 1843-1] pdns security update
Package : pdns Version : 3.4.1-4+deb8u10 CVE ID : CVE-2019-10162 CVE-2019-10163 Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. CVE-2019-10162 An...
[SECURITY] [DSA 4475-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4475-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4474-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4474-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1842-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u6 CVE ID : CVE-2019-12308 Debian Bug : 931316 It was discovered that the Django Python web development framework did not correct identify HTTP connections when a reverse proxy connected via HTTPS. When deployed behind a reverse-proxy connecting to...
[SECURITY] [DLA 1837-2] rdesktop regression update
Package : rdesktop Version : 1.8.6-0+deb8u2 Debian Bug : 930511 The update for rdesktop released as 1.8.6-0+deb8u1 introduced a regression which broke RDP protocol negotiation. Updated rdesktop packages are now available to correct this issue. For Debian 8 "Jessie", this problem has been fixed in...