14338 matches found
[SECURITY] [DLA 1799-2] linux security update
Package : linux Version : 3.16.68-1 CVE ID : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091 CVE-2019-11190 CVE-2019-11486 CVE-2019-11599 Debian Bug : 927781 Several...
[SECURITY] [DLA 1799-1] linux security update
Package : linux Version : 3.16.68-1 CVE ID : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091 CVE-2019-11190 CVE-2019-11486 CVE-2019-11599 Debian Bug : 927781 Several...
[SECURITY] [DLA 1808-1] sox security update
Package : sox Version : 14.4.1-5+deb8u4 CVE ID : CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Debian Bug : 927906 Several issues were found in SoX, the Swiss army knife of sound processing programs, that could lead to denial of service via application crash or potentially to arbitrary...
[SECURITY] [DLA 1807-1] vcftools security update
Package : vcftools Version : 0.1.12+dfsg-1+deb8u1 CVE ID : CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 Webin security lab - dbapp security Ltd found three issues in vcftools, a collection of tools to work with VCF files. Different functions in header.cpp are vulnerable to denial of services due ...
[SECURITY] [DLA 1806-1] thunderbird security update
Package : thunderbird Version : 1:60.7.0-1deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in...
[SECURITY] [DLA 1805-1] minissdpd security update
Package : minissdpd Version : 1.2.20130907-3+deb8u2 CVE ID : CVE-2019-12106 Debian Bug : 929297 It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process. For Debian 8 "Jessie", this iss...
[SECURITY] [DLA 1804-1] curl security update
Package : curl Version : 7.38.0-4+deb8u15 CVE ID : CVE-2019-5436 Debian Bug : 929351 cURL, an URL transfer library, contains a heap buffer overflow in the function tftpreceivepacket that receives data from a TFTP server. It calls recvfrom with the default size for the buffer rather than with the...
[SECURITY] [DLA 1803-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u3 CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 A read past allocated buffer vulnerability and two heap-buffer overflow vulnerabilites were discovered in the PHP5 programming language within the Exif image module. For Debian 8 "Jessie", these...
[SECURITY] [DLA 1802-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u19 CVE ID : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Debian Bug : 926718 Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894 Assertion failure in dissectgssapiwork...
[SECURITY] [DSA 4452-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4452-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4451-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4451-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4450-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4450-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1801-1] zookeeper security update
Package : zookeeper Version : 3.4.9-3+deb8u2 CVE ID : CVE-2019-0201 Debian Bug : 929283 It was discovered that there was an information disclosure vulnerability in zookeeper, a distributed co-ordination server. Users who were not authorised to read data were able to view the access control list...
[SECURITY] [DLA 1800-1] firefox-esr security update
Package : firefox-esr Version : 60.7.0esr-1deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in the...
[SECURITY] [DSA 4449-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4449-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4448-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4448-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1753-3] proftpd-dfsg regression update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u2 Debian Bug : 929020 The update of proftpd-dfsg issued as DLA-1753-1 caused a regression when the creation of a directory failed during sftp transfer. The sftp session would be terminated instead of failing gracefully due to a non-existing...
[SECURITY] [DLA 1798-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...
[SECURITY] [DLA 1797-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u17 CVE ID : CVE-2019-11358 CVE-2019-11831 Debian Bug : 927330 928688 Several security vulnerabilities have been discovered in drupal7, a PHP web site platform. The vulnerabilities affect the embedded versions of the jQuery JavaScript library and the Typo3...
[SECURITY] [DLA 1796-1] jruby security update
Package : jruby Version : 1.5.6-9+deb8u1 CVE ID : CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Debian Bug : 895778 925987 Multiple vulnerabilities have been discovered in jruby, Java...
[SECURITY] [DLA 1795-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u7 CVE ID : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit: CVE-2019-11473 The WriteMATLABImage function coders/mat.c is affected by a...
[SECURITY] [DLA 1794-1] libspring-security-2.0-java security update
Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance, resultin...
[SECURITY] [DLA 1792-2] cups-filters regression update
Package : cups-filters Version : 1.0.61-5+deb8u4 Debian Bug : 926576 928936 928952 The update for ghostscript released as DLA-1792-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal "pdfdict" now hidden in the ghostscript update. Updated cups-filters packag...
[SECURITY] [DLA 1793-1] dhcpcd5 security update
Package : dhcpcd5 Version : 6.0.5-2+deb8u1 CVE ID : CVE-2019-11579 Debian Bug : 928104 It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version 6.0.5-2+deb8u1. Thanks to Ro...
[SECURITY] [DLA 1792-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u3 CVE ID : CVE-2019-3839 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER...
[SECURITY] [DLA 1791-1] faad2 security update
Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to...
[SECURITY] [DLA 1790-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session...
[SECURITY] [DLA 1791-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...
[SECURITY] [DLA 1777-2] jquery regression update
Package : jquery Version : 1.7.2+dfsg-3.2+deb8u7 Debian Bug : 928827 The minified jquery library was broken in version 1.7.2+dfsg-3.2+deb8u6 due to an error during the build. This problem has now been fixed in version 1.7.2+dfsg-3.2+deb8u7 For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1789-1] intel-microcode security update
Package : intel-microcode Version : 3.20190514.1deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929007 This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support to implement mitigations for the MSBDS, MFBDS, MLPDS...
[SECURITY] [DLA 1787-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u2deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into...
[SECURITY] [DLA 1788-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Sambas Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. For Debian 8...
[SECURITY] [DSA 4447-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4447-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4446-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4446-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4444-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4444-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4445-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4445-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1785-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u16 CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11537 CVE-2017-12140 CVE-2017-12430 CVE-2017-12432 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-126...
[SECURITY] [DSA 4443-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4443-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4443-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4443-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1786-1] qt4-x11 security update
Package : qt4-x11 Version : 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 CVE ID : CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19873 Debian Bug : 923003 Multiple issues have been addressed in Qt4. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted...
[SECURITY] [DSA 4442-2] cups-filters regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4442-2] cups-filters regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1784-1] postgresql-9.4 new minor release
Package : postgresql-9.4 Version : 9.4.22-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.22-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Note that the end of life of the 9.4...
[SECURITY] [DLA 1783-1] atftp security update
Package : atftp Version : 0.7.git20120829-1+deb8u1 CVE ID : CVE-2019-11365 CVE-2019-11366 Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. For Debian 8 "Jessie", these problems have been fixed ...
[SECURITY] [DSA 4442-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4442-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1782-1] openjdk-7 security update
Package : openjdk-7 Version : 7u221-2.6.18-1deb8u1 CVE ID : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of...
[SECURITY] [DSA 4441-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4441-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...