14409 matches found
[SECURITY] [DLA 1762-1] systemd security update
Package : systemd Version : 215-17+deb8u12 CVE ID : CVE-2017-18078 CVE-2019-3842 Two vulnerabilities have been addressed in the systemd components systemd-tmpfiles and pamsystemd.so. CVE-2017-18078 systemd-tmpfiles in systemd attempted to support ownership/permission changes on hardlinked files...
[SECURITY] [DLA 1761-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u2 CVE ID : CVE-2019-3835 CVE-2019-3838 Debian Bug : 925256 925257 Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. For...
[SECURITY] [DLA 1760-1] wget security update
Package : wget Version : 1.16-1+deb8u6 CVE ID : CVE-2019-5953 Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers IRI in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code o...
[SECURITY] [DLA 1759-1] clamav security update
Package : clamav Version : 0.100.3+dfsg-0+deb8u1 CVE ID : CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Debian Bug : Out-of-bounds read and write conditions have been fixed in clamav. CVE-2019-1787 An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to...
[SECURITY] [DLA 1758-1] debian-security-support update
Package : debian-security-support Version : 2019.02.02deb8u1 debian-security-support, the Debian security support coverage checker, has been updated in jessie. The jessie relevant changes are: Mark spice-xpi as end-of-life for Jessie. Add edk2 to security-support-ended.deb8 Add robocode to...
[SECURITY] [DSA 4434-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4434-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4434-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4434-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4433-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4433-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4432-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4432-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4432-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4432-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1757-1] cacti security update
Package : cacti Version : 0.8.8b+dfsg-8+deb8u7 CVE ID : CVE-2019-11025 Debian Bug : 926700 It was discovered that there were a number of cross-site scripting vulnerabilities XSS in cacti, a web-based front-end for the RRDTool monitoring tool. For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DLA 1756-1] libxslt security update
Package : libxslt Version : 1.1.28-2+deb8u4 CVE ID : CVE-2019-11068 Debian Bug : 926895 It was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format. The xsltCheckRead and xsltCheckWrite routines...
[SECURITY] [DLA 1755-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u6 CVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Debian Bug : 927029 Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer...
[SECURITY] [DLA 1628-2] jasper regression update
Package : jasper Version : 1.900.1-debian1-2.4+deb8u6 The update of jasper issued as DLA-1628-1 caused a regression due to the fix for CVE-2018-19542, a NULL pointer dereference in the function jp2decode, which could lead to a denial-of-service. In some cases not only invalid jp2 files but also...
[SECURITY] [DSA 4431-1] libssh2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4431-1] libssh2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4430-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4430-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez April 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4429-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4429-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4429-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4429-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1754-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u12 CVE ID : CVE-2017-9461 CVE-2018-1050 CVE-2018-1057 CVE-2019-3880 Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability fdopenatomi...
[SECURITY] [DLA 1753-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e-0+deb8u1 CVE ID : not-available Debian Bug : 923926 Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when modfacl or modsftp is used which could lead to memory exhaustion and a denial-of-service. For Debian 8...
[SECURITY] [DLA 1752-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u9 CVE ID : CVE-2019-9631 Debian Bug : A security issue was discovered in the poppler PDF rendering shared library. The Poppler shared library had a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. For Debian 8 "Jessie...
[SECURITY] [DSA 4428-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4428-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4428-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4428-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1751-1] suricata security update
Package : suricata Version : 2.0.7-2+deb8u4 CVE ID : CVE-2018-10242 CVE-2018-10243 Multiple vulnerabilities have been found in suricata, the network threat detection engine: CVE-2018-10242 Missing length check causing out-of-bounds read in SSHParseBanner app-layer-ssh.c. Remote attackers might...
[SECURITY] [DSA 4427-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4427-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4427-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4427-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1750-1] roundup security update
Package : roundup Version : 1.4.20-1.1+deb8u2 CVE ID : CVE-2019-10904 Hanno Böck was discovered that there was a cross-site scripting XSS vulnerability in the web front-end of the roundup issue- tracking system. For Debian 8 "Jessie", this issue has been fixed in roundup version 1.4.20-1.1+deb8u2...
[SECURITY] [DSA 4426-1] tryton-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4426-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4425-1] wget security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4425-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4425-1] wget security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4425-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4424-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4424-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4424-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4424-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4423-1] putty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4423-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1749-1] golang security update
Package : golang Version : 2:1.3.3-1+deb8u2 CVE ID : CVE-2019-9741 Debian Bug : 924630 It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For...
[SECURITY] [DLA 1748-1] apache2 security update
Package : apache2 Version : 2.4.10-10+deb8u14 CVE ID : CVE-2019-0217 CVE-2019-0220 Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using...
[SECURITY] [DSA 4422-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4422-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1730-2] libssh2 regression update
Package : libssh2 Version : 1.4.3-4.1+deb8u3 CVE ID : CVE-2019-3859 This regression update follows up on an upstream regression update 1 regarding CVE-2019-3859. With the previous libssh2 package revision, it was observed that user authentication with private/public key pairs would fail under...
[SECURITY] [DLA 1747-1] firmware-nonfree security update
Package : firmware-nonfree Version : 20161130-5deb8u1 CVE ID : CVE-2018-5383 Eli Biham and Lior Neumann discovered a cryptographic weakness in the Bluetooth LE SC pairing protocol, called the Fixed Coordinate Invalid Curve Attack CVE-2018-5383. Depending on the devices used, this could be exploit...
[SECURITY] [DLA 1731-2] linux regression update
Package : linux Version : 3.16.64-2 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...
[SECURITY] [DLA 1746-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u16 CVE ID : CVE-2019-6341 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1745-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl Version : 1:1.75-2+2019a This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019a. We recommend that you upgrade your...
[SECURITY] [DLA 1744-1] tzdata new upstream version
Package : tzdata Version : 2019a-0+deb8u1 This update includes the changes in tzdata 2019a. Notable changes are: - Palestine started DST on 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 a...
[SECURITY] [DLA 1743-1] thunderbird security update
Package : thunderbird Version : 1:60.6.1-1deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code o...
[SECURITY] [DSA 4421-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4421-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 31, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1742-1] wordpress security update
Package : wordpress Version : 4.1.26+dfsg-1+deb8u1 CVE ID : CVE-2019-8942 CVE-2019-9787 Debian Bug : 924546 Simon Scannell of Ripstech Technologies discovered multiple vulnerabilities in wordpress, a web blogging manager. CVE-2019-8942 remote code execution in wordpress because an wpattachedfile...
[SECURITY] [DLA 1741-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u2 CVE ID : CVE-2019-9022 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 Several vulnerabilities have been found in php5, a server-side, HTML-embedded scripting language. CVE-2019-9637 rename across the device may allow unwanted...
[SECURITY] [DLA 1739-1] rails security update
Package : rails Version : 2:4.1.8-1+deb8u5 CVE ID : CVE-2019-5418 CVE-2019-5419 Debian Bug : 924520 John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to render fil...
[SECURITY] [DLA 1740-1] libav security update
Package : libav Version : 6:11.12-1deb8u6 CVE ID : CVE-2015-1872 CVE-2017-14058 CVE-2017-1000460 CVE-2018-6392 CVE-2018-1999012 Debian Bug : Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2015-1872 The ffmjpegdecodesof function i...