14338 matches found
[SECURITY] [DSA 4468-1] php-horde-form security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4468-1] php-horde-form security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1789-2] intel-microcode security update
Package : intel-microcode Version : 3.20190618deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929073 DLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. This...
[SECURITY] [DLA 1830-1] znc security update
Package : znc Version : 1.4-2+deb8u2 CVE ID : CVE-2019-12816 A vulnerability was discovered in the ZNC IRC bouncer which could result in remote code execution. For Debian 8 "Jessie", this problem has been fixed in version 1.4-2+deb8u2. We recommend that you upgrade your znc packages. Further...
[SECURITY] [DLA 1828-1] python-urllib3 security update
Package : python-urllib3 Version : 1.9.1-3+deb8u1 CVE ID : CVE-2019-11236 Debian Bug : 927172 A vulnerability was discovered in python-urllib3, an HTTP library with thread-safe connection pooling, whereby an attacker can inject CRLF characters in the request parameter. For Debian 8 "Jessie", this...
[SECURITY] [DLA 1829-1] firefox-esr security update
Package : firefox-esr Version : 60.7.1esr-1deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 "Jessie", this...
[SECURITY] [DSA 4447-2] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4447-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff Jun 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1827-1] gvfs security update
Package : gvfs Version : 1.22.2-1+deb8u1 CVE ID : CVE-2019-12795 Debian Bug : 930376 Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File System. The gvfsd daemon opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this...
[SECURITY] [DSA 4467-1] vim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4467-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4466-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4466-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1826-1] glib2.0 security update
Package : glib2.0 Version : 2.42.1-1+deb8u1 CVE ID : CVE-2019-12450 Debian Bug : 929753 It was discovered that GLib does not properly restrict some file permissions while a copy operation is in progress; instead, default permissions are used. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1825-1] kdepim security update
Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart...
[SECURITY] [DLA 1824-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u3deb8u1 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 Debian Bug : 928989 Several vulnerabilities...
[SECURITY] [DLA 1823-1] linux security update
Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...
[SECURITY] [DLA 1821-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u6 CVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616...
[SECURITY] [DSA 4465-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4465-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4465-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4465-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1820-1] thunderbird security update
Package : thunderbird Version : 1:60.7.1-1deb8u1 CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these proble...
[SECURITY] [DLA 1822-1] php-horde-form security update
Package : php-horde-form Version : 2.0.8-2+deb8u1 CVE ID : CVE-2019-9858 Debian Bug : 930321 The Horde Application Framework contained a remote code execution vulnerability. A remote attacker could use this flaw to use image uploads in forms to install and execute a file in an arbitrary writable...
[SECURITY] [DLA 1819-1] pyxdg security update
Package : pyxdg Version : 0.25-4+deb8u1 CVE ID : CVE-2019-12761 Debian Bug : 930099 It was discovered that there was a code injection issue in PyXDG, a library used to locate "FreeDesktop.org" configuration/cache/etc. directories. A lack of sanitisation allowed arbitrary Python code embedded in t...
[SECURITY] [DSA 4464-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4464-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4463-1] znc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4463-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4463-1] znc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4463-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1818-1] dbus security update
Package : dbus Version : 1.8.22-0+deb8u2 CVE ID : CVE-2019-12749 Debian Bug : 930375 Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUSCOOKIESHA1 authentication mechanism was susceptible to a...
[SECURITY] [DSA 4462-1] dbus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4462-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4462-1] dbus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4462-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4461-1] zookeeper security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4461-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4460-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4460-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4459-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4459-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1816-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u10 CVE ID : CVE-2019-12248 CVE-2019-12497 Two security vulnerabilities were discovered in the Open Ticket Request System that could lead to information disclosure or privilege escalation. New configuration options were added to resolve those problems...
[SECURITY] [DLA 1817-1] libgd2 security update
Package : libgd2 Version : 2.1.0-5+deb8u13 CVE ID : CVE-2019-11038 Debian Bug : 929821 An unitialized read was discovered in the XBM support of libgd2, a library for programmatic graphics creation and manipulation. The unitialized read might lead to information disclosure. For Debian 8 "Jessie",...
[SECURITY] [DSA 4458-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4458-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4458-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4458-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4457-1] evolution security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4457-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4457-1] evolution security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4457-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4454-2] qemu regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4454-2] qemu regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1815-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u10 CVE ID : CVE-2019-10872 CVE-2019-12293 CVE-2019-12360 Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or possibly other unspecified impact when processing malformed or maliciously...
[SECURITY] [DSA 4456-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4456-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1814-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u5 CVE ID : CVE-2019-12308 Debian Bug : 929927 It was discovered that there was a cross-site scripting XSS vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u...
[SECURITY] [DSA 4455-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4455-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1813-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read...
[SECURITY] [DLA 1812-1] doxygen security update
Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...
[SECURITY] [DSA 4454-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1811-1] miniupnpd security update
Package : miniupnpd Version : 1.8.20140523-4+deb8u1 CVE ID : CVE-2017-1000494 CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device a...
[SECURITY] [DLA 1810-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.94-1 CVE ID : CVE-2019-0221 Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended for...
[SECURITY] [DSA 4453-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4453-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1809-1] libav security update
Package : libav Version : 6:11.12-1deb8u7 CVE ID : CVE-2018-15822 CVE-2019-11338 Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty...