14409 matches found
[SECURITY] [DLA 1816-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u10 CVE ID : CVE-2019-12248 CVE-2019-12497 Two security vulnerabilities were discovered in the Open Ticket Request System that could lead to information disclosure or privilege escalation. New configuration options were added to resolve those problems...
[SECURITY] [DLA 1817-1] libgd2 security update
Package : libgd2 Version : 2.1.0-5+deb8u13 CVE ID : CVE-2019-11038 Debian Bug : 929821 An unitialized read was discovered in the XBM support of libgd2, a library for programmatic graphics creation and manipulation. The unitialized read might lead to information disclosure. For Debian 8 "Jessie",...
[SECURITY] [DSA 4458-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4458-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4458-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4458-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4457-1] evolution security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4457-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4457-1] evolution security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4457-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4454-2] qemu regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4454-2] qemu regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1815-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u10 CVE ID : CVE-2019-10872 CVE-2019-12293 CVE-2019-12360 Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or possibly other unspecified impact when processing malformed or maliciously...
[SECURITY] [DSA 4456-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4456-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1814-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u5 CVE ID : CVE-2019-12308 Debian Bug : 929927 It was discovered that there was a cross-site scripting XSS vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u...
[SECURITY] [DSA 4455-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4455-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1813-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read...
[SECURITY] [DLA 1812-1] doxygen security update
Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...
[SECURITY] [DSA 4454-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4454-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1811-1] miniupnpd security update
Package : miniupnpd Version : 1.8.20140523-4+deb8u1 CVE ID : CVE-2017-1000494 CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device a...
[SECURITY] [DLA 1810-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.94-1 CVE ID : CVE-2019-0221 Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended for...
[SECURITY] [DSA 4453-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4453-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1809-1] libav security update
Package : libav Version : 6:11.12-1deb8u7 CVE ID : CVE-2018-15822 CVE-2019-11338 Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty...
[SECURITY] [DLA 1799-2] linux security update
Package : linux Version : 3.16.68-1 CVE ID : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091 CVE-2019-11190 CVE-2019-11486 CVE-2019-11599 Debian Bug : 927781 Several...
[SECURITY] [DLA 1799-1] linux security update
Package : linux Version : 3.16.68-1 CVE ID : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091 CVE-2019-11190 CVE-2019-11486 CVE-2019-11599 Debian Bug : 927781 Several...
[SECURITY] [DLA 1808-1] sox security update
Package : sox Version : 14.4.1-5+deb8u4 CVE ID : CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Debian Bug : 927906 Several issues were found in SoX, the Swiss army knife of sound processing programs, that could lead to denial of service via application crash or potentially to arbitrary...
[SECURITY] [DLA 1807-1] vcftools security update
Package : vcftools Version : 0.1.12+dfsg-1+deb8u1 CVE ID : CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 Webin security lab - dbapp security Ltd found three issues in vcftools, a collection of tools to work with VCF files. Different functions in header.cpp are vulnerable to denial of services due ...
[SECURITY] [DLA 1806-1] thunderbird security update
Package : thunderbird Version : 1:60.7.0-1deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in...
[SECURITY] [DLA 1805-1] minissdpd security update
Package : minissdpd Version : 1.2.20130907-3+deb8u2 CVE ID : CVE-2019-12106 Debian Bug : 929297 It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process. For Debian 8 "Jessie", this iss...
[SECURITY] [DLA 1804-1] curl security update
Package : curl Version : 7.38.0-4+deb8u15 CVE ID : CVE-2019-5436 Debian Bug : 929351 cURL, an URL transfer library, contains a heap buffer overflow in the function tftpreceivepacket that receives data from a TFTP server. It calls recvfrom with the default size for the buffer rather than with the...
[SECURITY] [DLA 1803-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u3 CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 A read past allocated buffer vulnerability and two heap-buffer overflow vulnerabilites were discovered in the PHP5 programming language within the Exif image module. For Debian 8 "Jessie", these...
[SECURITY] [DLA 1802-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u19 CVE ID : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Debian Bug : 926718 Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894 Assertion failure in dissectgssapiwork...
[SECURITY] [DSA 4452-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4452-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4451-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4451-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4450-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4450-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez May 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1801-1] zookeeper security update
Package : zookeeper Version : 3.4.9-3+deb8u2 CVE ID : CVE-2019-0201 Debian Bug : 929283 It was discovered that there was an information disclosure vulnerability in zookeeper, a distributed co-ordination server. Users who were not authorised to read data were able to view the access control list...
[SECURITY] [DLA 1800-1] firefox-esr security update
Package : firefox-esr Version : 60.7.0esr-1deb8u1 CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 Multiple security issues have been found in the...
[SECURITY] [DSA 4449-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4449-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4448-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4448-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1753-3] proftpd-dfsg regression update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u2 Debian Bug : 929020 The update of proftpd-dfsg issued as DLA-1753-1 caused a regression when the creation of a directory failed during sftp transfer. The sftp session would be terminated instead of failing gracefully due to a non-existing...
[SECURITY] [DLA 1798-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...
[SECURITY] [DLA 1797-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u17 CVE ID : CVE-2019-11358 CVE-2019-11831 Debian Bug : 927330 928688 Several security vulnerabilities have been discovered in drupal7, a PHP web site platform. The vulnerabilities affect the embedded versions of the jQuery JavaScript library and the Typo3...
[SECURITY] [DLA 1796-1] jruby security update
Package : jruby Version : 1.5.6-9+deb8u1 CVE ID : CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Debian Bug : 895778 925987 Multiple vulnerabilities have been discovered in jruby, Java...
[SECURITY] [DLA 1795-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u7 CVE ID : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit: CVE-2019-11473 The WriteMATLABImage function coders/mat.c is affected by a...
[SECURITY] [DLA 1794-1] libspring-security-2.0-java security update
Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance, resultin...
[SECURITY] [DLA 1792-2] cups-filters regression update
Package : cups-filters Version : 1.0.61-5+deb8u4 Debian Bug : 926576 928936 928952 The update for ghostscript released as DLA-1792-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal "pdfdict" now hidden in the ghostscript update. Updated cups-filters packag...
[SECURITY] [DLA 1793-1] dhcpcd5 security update
Package : dhcpcd5 Version : 6.0.5-2+deb8u1 CVE ID : CVE-2019-11579 Debian Bug : 928104 It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version 6.0.5-2+deb8u1. Thanks to Ro...
[SECURITY] [DLA 1792-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u3 CVE ID : CVE-2019-3839 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER...
[SECURITY] [DLA 1791-1] faad2 security update
Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to...
[SECURITY] [DLA 1790-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session...
[SECURITY] [DLA 1791-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...
[SECURITY] [DLA 1777-2] jquery regression update
Package : jquery Version : 1.7.2+dfsg-3.2+deb8u7 Debian Bug : 928827 The minified jquery library was broken in version 1.7.2+dfsg-3.2+deb8u6 due to an error during the build. This problem has now been fixed in version 1.7.2+dfsg-3.2+deb8u7 For Debian 8 "Jessie", this problem has been fixed in...