14409 matches found
[SECURITY] [DLA 1789-1] intel-microcode security update
Package : intel-microcode Version : 3.20190514.1deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929007 This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support to implement mitigations for the MSBDS, MFBDS, MLPDS...
[SECURITY] [DLA 1787-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1+deb9u2deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into...
[SECURITY] [DLA 1788-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u13 CVE ID : CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Sambas Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. For Debian 8...
[SECURITY] [DSA 4447-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4447-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4446-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4446-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4444-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4444-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4445-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4445-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1785-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u16 CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11537 CVE-2017-12140 CVE-2017-12430 CVE-2017-12432 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-126...
[SECURITY] [DSA 4443-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4443-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4443-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4443-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1786-1] qt4-x11 security update
Package : qt4-x11 Version : 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 CVE ID : CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19873 Debian Bug : 923003 Multiple issues have been addressed in Qt4. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted...
[SECURITY] [DSA 4442-2] cups-filters regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4442-2] cups-filters regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1784-1] postgresql-9.4 new minor release
Package : postgresql-9.4 Version : 9.4.22-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.22-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Note that the end of life of the 9.4...
[SECURITY] [DLA 1783-1] atftp security update
Package : atftp Version : 0.7.git20120829-1+deb8u1 CVE ID : CVE-2019-11365 CVE-2019-11366 Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. For Debian 8 "Jessie", these problems have been fixed ...
[SECURITY] [DSA 4442-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4442-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1782-1] openjdk-7 security update
Package : openjdk-7 Version : 7u221-2.6.18-1deb8u1 CVE ID : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of...
[SECURITY] [DSA 4441-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4441-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4440-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4440-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4439-1] postgresql-9.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4439-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1781-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u11 CVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824 Debian Bug : 901017 912535 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-11806 It was found that the SLiRP networking implementation could use a wro...
[SECURITY] [DSA 4438-1] atftp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4438-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4438-1] atftp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4438-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1780-1] firefox-esr new upstream version
Package : firefox-esr Version : 60.6.2esr-1deb8u1 Debian Bug : 928415 928449 928509 Firefox 60.6.2 ESR repairs a certificate chain issue that caused extensions to be disabled in the past few days. More information, and details of known remaining issues, can be found at...
[SECURITY] [DLA 1779-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u6 CVE ID : CVE-2019-3883 Debian Bug : 927939 In 389-ds-base up to version 1.4.1.2, requests were handled by worker threads. Each socket had been waited for by the worker for at most ioblocktimeout seconds. However, this timeout applied only to...
[SECURITY] [DLA 1778-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u5 CVE ID : CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection...
[SECURITY] [DLA 1777-1] jquery security update
Package : jquery Version : 1.7.2+dfsg-3.2+deb8u6 CVE ID : CVE-2019-11358 jQuery mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. For additional informatio...
[SECURITY] [DLA 1776-1] librecad security update
Package : librecad Version : 2.0.4-1+deb8u1 CVE ID : CVE-2018-19105 Debian Bug : 928477 A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause other unspecified impact when opening a specially crafted file. For Debian 8...
[SECURITY] [DLA 1775-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u3 CVE ID : CVE-2019-9826 Colin Snover discovered a denial-of-service vulnerability in phpBB3, a full-featured web forum. Previous versions allowed users to run searches that might result in long execution times and load on larger boards when using the...
[SECURITY] [DLA 1774-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u9 CVE ID : CVE-2019-9892 A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading o...
[SECURITY] [DLA 1771-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.168-1deb8u1 CVE ID : CVE-2018-14625 CVE-2018-16884 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-1000026 CVE-2019-3459 CVE-2019-3460 CVE-2019-3701 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-8980 CVE-2019-9213 Debian Bug : 904385 9181...
[SECURITY] [DLA 1773-1] signing-party security update
Package : signing-party Version : 1.1.10-3+deb8u1 CVE ID : CVE-2019-11627 Debian Bug : 928256 An unsafe shell call enabling shell injection via a user ID was corrected in gpg-key2ps, a tool to generate a PostScript file with OpenPGP key fingerprint slips. For Debian 8 "Jessie", this problem has...
[SECURITY] [DLA 1753-2] proftpd-dfsg regression update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u1 CVE ID : not available Debian Bug : 923926 926719 The update of proftpd-dfsg issued as DLA-1753-1 caused a regression when using the sftp module. Login to the sftp server was impossible when the SFTPPAMEngine option was turned on 926719. Thi...
[SECURITY] [DLA 1772-1] libvirt security update
Package : libvirt Version : 1.2.9-9+deb8u6 CVE ID : CVE-2016-10746 libvirt-domain.c in libvirt supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required. This could lead to could lead to potentially disclosing unintended...
[SECURITY] [DSA 4437-1] gst-plugins-base1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4437-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1770-1] gst-plugins-base1.0 security update
Package : gst-plugins-base1.0 Version : 1.4.4-2+deb8u2 CVE ID : CVE-2019-9928 The RTSP connection parser in the base GStreamer packages version 1.0, which is a streaming media framework, was vulnerable against an heap-based buffer overflow by sending a longer than allowed session id in a response...
[SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
rom: Thorsten Alteholz [email protected] To: [email protected] Subject: SECURITY DLA 1769-1 gst-plugins-base0.10 security update Package : gst-plugins-base0.10 Version : 0.10.36-2+deb8u1 CVE ID : CVE-2019-9928 Debian Bug : The RTSP connection parser in the base GStreamer...
[SECURITY] [DSA 4436-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4436-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1768-1] checkstyle security update
Package : checkstyle Version : 5.9-1+deb8u1 CVE ID : CVE-2019-9658 checkstyle was loading external DTDs by default, which is now disabled by default. If needed it can be re-enabled by setting the system property checkstyle.enableExternalDtdLoad to true. For Debian 8 "Jessie", this problem has bee...
[SECURITY] [DSA 4435-1] libpng1.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4435-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4435-1] libpng1.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4435-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1767-1] monit security update
Package : monit Version : 1:5.9-1+deb8u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file...
[SECURITY] [DLA 1766-1] evolution security update
Package : evolution Version : 3.12.9git20141130.241663-1+deb8u1 CVE ID : CVE-2018-15587 Debian Bug : 924616 Hanno Böck discovered that GNOME Evolution is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the...
[SECURITY] [DLA 1762-2] systemd regression update
Package : systemd Version : 215-17+deb8u13 In the recently uploaded systemd security update 215-17+deb8u12 via DLA-1762-1, a regression was discovered in the fix for CVE-2017-18078. The observation of Debian jessie LTS users was, that after upgrading to +deb8u12 temporary files would not have the...
[SECURITY] [DLA 1765-1] gpac security update
Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u3 CVE ID : CVE-2019-11221 CVE-2019-11222 Several issues have been found for gpac, an Open Source multimedia framework. Using crafted files one can trigger buffer overflow issues that could be used to crash the application. For Debian 8 "Jessie",...
[SECURITY] [DLA 1764-1] mercurial security update
Package : mercurial Version : 3.1.2-2+deb8u7 CVE ID : CVE-2019-3902 Debian Bug : 927674 It was discovered that there was a path traversal vulnerability in the "mercurial" distributed revision version control system. Symbolic links and subrepositories could be used defeat Mercurials path-checking...
[SECURITY] [DLA 1763-1] putty security update
Package : putty Version : 0.63-10+deb8u2 CVE ID : CVE-2019-9894 CVE-2019-9897 CVE-2019-9898 Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could...