14338 matches found
[SECURITY] [DSA 4416-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4415-1] passenger security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4415-1] passenger security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1724-1] ntfs-3g security update
Package : ntfs-3g Version : 1:2014.2.15AR.2-1+deb8u4 CVE ID : CVE-2019-9755 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DSA 4413-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4413-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1723-1] cron security update
Package : cron Version : 3.0pl1-127+deb8u2 CVE ID : CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Debian Bug : 809167 Various security problems have been discovered in Debians CRON scheduler. CVE-2017-9525 Fix group crontab to root escalation via the Debian packages postinst script as...
[SECURITY] [DLA 1722-1] firefox-esr security update
Package : firefox-esr Version : 60.6.0esr-1deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution ...
[SECURITY] [DSA 4412-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4412-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4411-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4411-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4410-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1721-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u8 CVE ID : CVE-2019-9752 It has been discovered that OTRS Open source Ticket Request System is susceptible to code injection vulnerability. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order t...
[SECURITY] [DSA 4409-1] neutron security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4409-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1720-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u3 CVE ID : CVE-2019-9215 Debian Bug : 924655 It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this...
[SECURITY] [DLA 1719-1] libjpeg-turbo security update
Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u2 CVE ID : CVE-2018-14498 Debian Bug : 924678 It was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially-crafted bitmap...
[SECURITY] [DLA 1718-1] sqlalchemy security update
Package : sqlalchemy Version : 0.9.8+dfsg-0.1+deb8u1 CVE ID : CVE-2019-7164 CVE-2019-7548 Debian Bug : 922669 Two vulnerabilities were discovered in SQLALchemy, a Python SQL Toolkit and Object Relational Mapper. CVE-2019-7164 SQLAlchemy allows SQL Injection via the orderby parameter. CVE-2019-754...
[SECURITY] [DLA 1717-1] rdflib security update
Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 1716-1] ikiwiki security update
Package : ikiwiki Version : 3.20141016.4+deb8u1 CVE ID : CVE-2019-9187 The ikiwiki maintainers discovered that the aggregate plugin did not use LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized wiki editors could tell ikiwiki to fetch potentially undesired URIs even ...
[SECURITY] [DSA 4408-1] liblivemedia security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4408-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1715-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...
[SECURITY] [DLA 1714-1] libsdl2 security update
Package : libsdl2 Version : 2.0.2+dfsg1-6+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl2, a library that...
[SECURITY] [DLA 1713-1] libsdl1.2 security update
Package : libsdl1.2 Version : 1.2.15-10+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl1.2, a library that...
[SECURITY] [DLA 1712-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A heap-buffer-overflow vulnerability was discovered in libsndfile, the library f...
[SECURITY] [DLA 1711-1] systemd security update
Package : systemd Version : 215-17+deb8u11 CVE ID : CVE-2019-3815 Debian Bug : 924060 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in systemd-journald. Function dispatchmessagereal in journald-server.c does not free allocated memory to store the CMDLINE= entry. A local...
[SECURITY] [DLA 1710-1] xmltooling security update
Package : xmltooling Version : 1.5.3-2+deb8u4 CVE ID : CVE-2019-9628 Debian Bug : 924346 Ross Geerlings discovered that the XMLTooling library didnt correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling. For...
[SECURITY] [DLA 1709-1] waagent security update
Package : waagent Version : 2.2.18-3deb8u2 CVE ID : CVE-2019-0804 Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u2. ...
[SECURITY] [DSA 4407-1] xmltooling security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4407-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4406-1] waagent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4406-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1708-1] zabbix security update
Package : zabbix Version : 1:2.2.23+dfsg-0+deb8u1 CVE ID : CVE-2016-10742 CVE-2017-2826 Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution. CVE-2016-10742 Zabbix allowed remote attackers to redirect to external links by misusing the request...
[SECURITY] [DSA 4405-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4405-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4405-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4405-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4404-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4404-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4404-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4404-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1707-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u4 CVE ID : CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408 CVE-2018-14773 CVE-2018-19789 CVE-2018-19790 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are...
[SECURITY] [DSA 4403-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1706-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u8 CVE ID : CVE-2018-19058 CVE-2018-20481 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200 Debian Bug : 913177 917325 918158 921215 923414 Several security vulnerabilities were discovered in the poppler PDF rendering shared library. CVE-2018-19058 A reachable...
[SECURITY] [DSA 4402-1] mumble security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4402-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1705-1] sox security update
Package : sox Version : 14.4.1-5+deb8u3 CVE ID : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371 Debian Bug : 878809 870328 Multiple vulnerabilities have been discovered in SoX Sound eXchange, a sound processing program: CVE-2017-11332 The startread function wav.c is affected by a...
[SECURITY] [DLA 1704-1] nss security update
Package : nss Version : 2:3.26-1+debu8u4 CVE ID : CVE-2018-12404 CVE-2018-18508 Debian Bug : 921614 Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack CVE-2018-18508 NULL pointer...
[SECURITY] [DLA 1703-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u5 CVE ID : CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 Several deserialization flaws were discovered in jackson-databind, a fast and powerful...
[SECURITY] [DLA 1702-1] advancecomp security update
Package : advancecomp Version : 1.19-1+deb8u1 CVE ID : CVE-2018-1056 CVE-2019-9210 Debian Bug : 889270 923416 Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities. CVE-2018-1056 Joonun Jang discovered that the advzip tool was prone to a heap-based buffer...
[SECURITY] [DSA 4387-2] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-2 [email protected] https://www.debian.org/security/ Yves-Alexis Perez March 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1701-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u11 CVE ID : CVE-2019-1559 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive...
[SECURITY] [DLA 1696-1] ceph security update
Package : ceph Version : 0.80.7-2+deb8u3 CVE ID : CVE-2018-14662 CVE-2018-16846 Debian Bug : 921948 921947 Several vulnerabilities were discovered in Ceph, a distributed storage and file system. CVE-2018-14662 It was found that authenticated ceph users with read only permissions could steal...
[SECURITY] [DLA 1700-1] uw-imap security update
Package : uw-imap Version : 8:2007fdfsg-4+deb8u1 CVE ID : CVE-2018-19518 Debian Bug : 914632 A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input e.g.,...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1699-1] ldb security update
Package : ldb Version : 2:1.1.20-0+deb8u2 CVE ID : CVE-2019-3824 Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 "Jessie", this problem has been fixed in version 2:1.1.20-0+deb8u2. We...