[SECURITY] [DSA 4400-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4400-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4399-1] ikiwiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4399-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4398-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4398-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1698-1] file security update

Package : file Version : 1:5.22+15-2+deb8u5 CVE ID : CVE-2019-8905 CVE-2019-8907 Potential buffer over-reads in readelf.c have been found in file, a popular file type guesser. For Debian 8 "Jessie", these problems have been fixed in version 1:5.22+15-2+deb8u5. We recommend that you upgrade your...

[SECURITY] [DLA 1697-1] bind9 security updat

Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u17 CVE ID : CVE-2018-5745 CVE-2019-6465 Two issues have been found in bind9, the Internet Domain Name Server. CVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs. CVE-2018-5745 Avoid assertion and thus causing named to...

[SECURITY] [DSA 4397-1] ldb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4397-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4397-1] ldb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4397-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1695-1] sox security update

Package : sox Version : 14.4.1-5+deb8u2 CVE ID : CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 Debian Bug : 878808, 878810, 882144, 881121 Multiple vulnerabilities have been discovered in SoX Sound eXchange, a sound processing program: CVE-2017-15370 The ImaAdpcmReadBlock function...

[SECURITY] [DLA 1694-1] qemu security update

Package : qemu Version : 1:2.1+dfsg-12+deb8u10 CVE ID : CVE-2018-12617 CVE-2018-16872 CVE-2019-6778 Debian Bug : 916397, 902725, 921525 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-12617 The qmpguestfileread function qga/commands-posix.c is affected by an intege...

[SECURITY] [DLA 1693-1] gpac security update

Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u2 CVE ID : CVE-2018-7752 CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all...

[SECURITY] [DSA 4395-2] chromium regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4395-2 [email protected] https://www.debian.org/security/ Michael Gilbert February 26, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1692-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web servers user can access. This is related to the mysql.allowlocalinfile PHP configuration. Wh...

[SECURITY] [DLA 1691-1] exiv2 security update

From: Thorsten Alteholz [email protected] To: [email protected] Subject: SECURITY DLA 1691-1 exiv2 security update Package : exiv2 Version : 0.24-4.1+deb8u3 CVE ID : CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 Several issues have been found in...

[SECURITY] [DLA 1690-1] liblivemedia security update

Package : liblivemedia Version : 2014.01.13-1+deb8u2 CVE ID : CVE-2019-6256 CVE-2019-7314 Debian Bug : 919529 Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library: CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to ...

[SECURITY] [DLA 1689-1] elfutils security update

Package : elfutils Version : 0.159-4.2+deb8u1 CVE ID : CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 Several issues in elfutils, a collection of utilities to handle ELF...

[SECURITY] [DLA 1688-1] waagent update

Package : waagent Version : 2.2.18-3deb8u1 A newer version of waagent is needed for several features of the Azure platform. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u1. We recommend that you upgrade your waagent packages. Further information about Debian LTS...

[SECURITY] [DLA 1687-1] sox security update

Package : sox Version : 14.4.1-5+deb8u1 CVE ID : CVE-2014-8145 Debian Bug : 773720 Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package. For Debian 8 "Jessie", this problem has been fixed in version 14.4.1-5+deb8u1. We...

[SECURITY] [DLA 1686-1] freedink-dfarc security update

Package : freedink-dfarc Version : 3.12-1+deb8u1 CVE ID : CVE-2018-0496 Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the users system. For...

[SECURITY] [DSA 4377-3] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...

[SECURITY] [DLA 1685-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u15 CVE ID : CVE-2019-6338 Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-63...

[SECURITY] [DSA 4396-1] ansible security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1684-1] systemd security update

Package : systemd Version : 215-17+deb8u10 CVE ID : CVE-2019-6454 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus. For Debian 8 "Jessie",...

[SECURITY] [DLA 1683-1] rdesktop security update

Package : rdesktop Version : 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180...

[SECURITY] [DLA 1660-2] rssh regression update

Package : rssh Version : 2.3.4-4+deb8u3 Debian Bug : 921655 It was discovered that the fix for the security vulnerability released for rssh in 2.3.4-4+deb8u2 via DLA-1660-1 introduced a regression that blocked scp1 of multiple files from a server using rssh. Please see...

[SECURITY] [DSA 4395-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4395-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4394-1] rdesktop security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4394-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1682-1] uriparser security update

Package : uriparser Version : 0.8.0.1-2+deb8u2 CVE ID : CVE-2018-20721 Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1", were possible. For Debia...

[SECURITY] [DSA 4393-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4393-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4393-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4393-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1681-1] gsoap security update

Package : gsoap Version : 2.8.17-1+deb8u2 CVE ID : CVE-2019-7659 It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 "Jessie", this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend...

[SECURITY] [DLA 1680-1] tiff security update

Package : tiff Version : 4.0.3-12.3+deb8u8 CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663 Brief introduction CVE-2018-17000 A NULL pointer dereference in the function TIFFmemcmp at tifunix.c called from TIFFWriteDirectoryTagTransferfunction allows an attacker to cause a denial-of-service...

[SECURITY] [DSA 4388-2] mosquitto regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4388-2] mosquitto regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1679-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u1 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include GD graphics, multi-byte string handling, phar file format handling, and xmlrpc. CVEs have not yet been...

[SECURITY] [DLA 1678-1] thunderbird security update

Package : thunderbird Version : 1:60.5.1-1deb8u1 CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505. CVE-2018-18509 CVE-2019-5785 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or...

[SECURITY] [DSA 4392-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4392-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1677-1] firefox-esr security update

Package : firefox-esr Version : 60.5.1esr-1deb8u1 CVE ID : CVE-2018-18356 CVE-2019-5785 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DSA 4391-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4391-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1676-1] unbound security update

Package : unbound Version : 1.4.22-3+deb8u4 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...

[SECURITY] [DLA 1675-1] python-gnupg security update

Package : python-gnupg Version : 0.3.6-1+deb8u1 CVE ID : CVE-2019-6690 Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt...

[SECURITY] [DSA 4390-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4390-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1674-1] php5 security update

Package : php5 Version : 5.6.39+dfsg-0+deb8u2 CVE ID : CVE-2018-1000888 php-pear in php5 contains CWE-502 Deserialization of Untrusted Data and CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in its ArchiveTar class. When extract is called...

[SECURITY] [DLA 1673-1] wordpress security update

Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...

[SECURITY] [DSA 4377-2] rssh regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4377-2] rssh regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1672-1] curl security update

Package : curl Version : 7.38.0-4+deb8u14 CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 It was discovered that there were three vulnerabilities in the curl command-line HTTP etc. client: CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages...

[SECURITY] [DSA 4389-1] libu2f-host security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4389-1] libu2f-host security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1671-1] coturn security update

Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...