[SECURITY] [DLA 1752-1] poppler security update

Package : poppler Version : 0.26.5-2+deb8u9 CVE ID : CVE-2019-9631 Debian Bug : A security issue was discovered in the poppler PDF rendering shared library. The Poppler shared library had a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. For Debian 8 "Jessie...

[SECURITY] [DSA 4428-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4428-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4428-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4428-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1751-1] suricata security update

Package : suricata Version : 2.0.7-2+deb8u4 CVE ID : CVE-2018-10242 CVE-2018-10243 Multiple vulnerabilities have been found in suricata, the network threat detection engine: CVE-2018-10242 Missing length check causing out-of-bounds read in SSHParseBanner app-layer-ssh.c. Remote attackers might...

[SECURITY] [DSA 4427-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4427-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4427-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4427-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1750-1] roundup security update

Package : roundup Version : 1.4.20-1.1+deb8u2 CVE ID : CVE-2019-10904 Hanno Böck was discovered that there was a cross-site scripting XSS vulnerability in the web front-end of the roundup issue- tracking system. For Debian 8 "Jessie", this issue has been fixed in roundup version 1.4.20-1.1+deb8u2...

[SECURITY] [DSA 4426-1] tryton-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4426-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4425-1] wget security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4425-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4425-1] wget security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4425-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4424-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4424-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 04, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4424-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4424-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 04, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4423-1] putty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4423-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1749-1] golang security update

Package : golang Version : 2:1.3.3-1+deb8u2 CVE ID : CVE-2019-9741 Debian Bug : 924630 It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For...

[SECURITY] [DLA 1748-1] apache2 security update

Package : apache2 Version : 2.4.10-10+deb8u14 CVE ID : CVE-2019-0217 CVE-2019-0220 Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using...

[SECURITY] [DSA 4422-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4422-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1730-2] libssh2 regression update

Package : libssh2 Version : 1.4.3-4.1+deb8u3 CVE ID : CVE-2019-3859 This regression update follows up on an upstream regression update 1 regarding CVE-2019-3859. With the previous libssh2 package revision, it was observed that user authentication with private/public key pairs would fail under...

[SECURITY] [DLA 1747-1] firmware-nonfree security update

Package : firmware-nonfree Version : 20161130-5deb8u1 CVE ID : CVE-2018-5383 Eli Biham and Lior Neumann discovered a cryptographic weakness in the Bluetooth LE SC pairing protocol, called the Fixed Coordinate Invalid Curve Attack CVE-2018-5383. Depending on the devices used, this could be exploit...

[SECURITY] [DLA 1731-2] linux regression update

Package : linux Version : 3.16.64-2 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...

[SECURITY] [DLA 1746-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DLA 1745-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.75-2+2019a This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019a. We recommend that you upgrade your...

[SECURITY] [DLA 1744-1] tzdata new upstream version

Package : tzdata Version : 2019a-0+deb8u1 This update includes the changes in tzdata 2019a. Notable changes are: - Palestine started DST on 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 a...

[SECURITY] [DLA 1743-1] thunderbird security update

Package : thunderbird Version : 1:60.6.1-1deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code o...

[SECURITY] [DSA 4421-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4421-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 31, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1742-1] wordpress security update

Package : wordpress Version : 4.1.26+dfsg-1+deb8u1 CVE ID : CVE-2019-8942 CVE-2019-9787 Debian Bug : 924546 Simon Scannell of Ripstech Technologies discovered multiple vulnerabilities in wordpress, a web blogging manager. CVE-2019-8942 remote code execution in wordpress because an wpattachedfile...

[SECURITY] [DLA 1741-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u2 CVE ID : CVE-2019-9022 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 Several vulnerabilities have been found in php5, a server-side, HTML-embedded scripting language. CVE-2019-9637 rename across the device may allow unwanted...

[SECURITY] [DLA 1739-1] rails security update

Package : rails Version : 2:4.1.8-1+deb8u5 CVE ID : CVE-2019-5418 CVE-2019-5419 Debian Bug : 924520 John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to render fil...

[SECURITY] [DLA 1740-1] libav security update

Package : libav Version : 6:11.12-1deb8u6 CVE ID : CVE-2015-1872 CVE-2017-14058 CVE-2017-1000460 CVE-2018-6392 CVE-2018-1999012 Debian Bug : Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2015-1872 The ffmjpegdecodesof function i...

[SECURITY] [DSA 4420-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4420-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 30, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1738-1] gpsd security update

Package : gpsd Version : 3.11-3+deb8u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON...

[SECURITY] [DSA 4419-1] twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4419-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4419-1] twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4419-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1737-1] pdns security update

Package : pdns Version : 3.4.1-4+deb8u9 CVE ID : CVE-2019-3871 Debian Bug : 924966 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector ...

[SECURITY] [DLA 1736-1] dovecot security update

Package : dovecot Version : 1:2.2.13-12deb8u6 CVE ID : CVE-2019-7524 A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take...

[SECURITY] [DLA 1735-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u7 CVE ID : CVE-2019-8320 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Several vulnerabilities have been discovered in rubygems embedded in ruby2.1, the interpreted scripting language. CVE-2019-8320 A Directory Traversal issue was discovered in...

[SECURITY] [DLA 1734-1] libraw security update

Package : libraw Version : 0.16.0-9+deb8u4 CVE ID : CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5808 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Secunia Research has discovered multiple vulnerabilities in libraw, a raw image decoder library, which can be exploited to cause a Denial of Servic...

[SECURITY] [DSA 4418-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4418-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1733-1] wpa security update

Package : wpa Version : 2.3-1+deb8u7 CVE ID : CVE-2016-10743 It was found that the fallback mechanism for generating a WPS pin in hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, used a low quality pseudorandom number generator. This was resolved by using only the high quali...

[SECURITY] [DLA 1731-1] linux security update

Package : linux Version : 3.16.64-1 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...

[SECURITY] [DLA 1732-1] openjdk-7 security update

Package : openjdk-7 Version : 7u211-2.6.17-1deb8u1 CVE ID : CVE-2019-2422 A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions. For Debian 8 "Jessie", this problem has been...

[SECURITY] [DLA 1730-1] libssh2 security update

Package : libssh2 Version : 1.4.3-4.1+deb8u2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965 Several vulnerabilities have recently been discovered in libssh2, a client-side C library...

[SECURITY] [DLA 1729-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u18 CVE ID : CVE-2017-9344 CVE-2017-9349 CVE-2019-9209 Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-9209: Preventing the crash of the ASN.1 BER and related dissectors by avoiding a buffer overflow...

[SECURITY] [DLA 1728-1] openssh security update

Package : openssh Version : 1:6.7p1-5+deb8u8 CVE ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Debian Bug : 793412 919101 923486 Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer...

[SECURITY] [DLA 1727-1] firefox-esr security update

Package : firefox-esr Version : 60.6.1esr-1deb8u1 CVE ID : CVE-2019-9810 CVE-2019-9813 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DLA 1726-1] bash security update

Package : bash Version : 4.3-11+deb8u2 CVE ID : CVE-2016-9401 CVE-2019-9924 Two issues have been fixed in bash, the GNU Bourne-Again Shell: CVE-2016-9401 The popd builtin segfaulted when called with negative out of range offsets. CVE-2019-9924 Sylvain Beucler discovered that it was possible to ca...

[SECURITY] [DLA 1725-1] rsync security update

Package : rsync Version : 3.1.1-3+deb8u2 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2018-5764 Trail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote and local...

[SECURITY] [DSA 4417-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4417-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4416-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...