14409 matches found
[SECURITY] [DSA 4420-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4420-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1738-1] gpsd security update
Package : gpsd Version : 3.11-3+deb8u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON...
[SECURITY] [DSA 4419-1] twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4419-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4419-1] twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4419-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1737-1] pdns security update
Package : pdns Version : 3.4.1-4+deb8u9 CVE ID : CVE-2019-3871 Debian Bug : 924966 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector ...
[SECURITY] [DLA 1736-1] dovecot security update
Package : dovecot Version : 1:2.2.13-12deb8u6 CVE ID : CVE-2019-7524 A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take...
[SECURITY] [DLA 1735-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u7 CVE ID : CVE-2019-8320 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Several vulnerabilities have been discovered in rubygems embedded in ruby2.1, the interpreted scripting language. CVE-2019-8320 A Directory Traversal issue was discovered in...
[SECURITY] [DLA 1734-1] libraw security update
Package : libraw Version : 0.16.0-9+deb8u4 CVE ID : CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5808 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Secunia Research has discovered multiple vulnerabilities in libraw, a raw image decoder library, which can be exploited to cause a Denial of Servic...
[SECURITY] [DSA 4418-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4418-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1733-1] wpa security update
Package : wpa Version : 2.3-1+deb8u7 CVE ID : CVE-2016-10743 It was found that the fallback mechanism for generating a WPS pin in hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, used a low quality pseudorandom number generator. This was resolved by using only the high quali...
[SECURITY] [DLA 1731-1] linux security update
Package : linux Version : 3.16.64-1 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...
[SECURITY] [DLA 1732-1] openjdk-7 security update
Package : openjdk-7 Version : 7u211-2.6.17-1deb8u1 CVE ID : CVE-2019-2422 A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 1730-1] libssh2 security update
Package : libssh2 Version : 1.4.3-4.1+deb8u2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965 Several vulnerabilities have recently been discovered in libssh2, a client-side C library...
[SECURITY] [DLA 1729-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u18 CVE ID : CVE-2017-9344 CVE-2017-9349 CVE-2019-9209 Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-9209: Preventing the crash of the ASN.1 BER and related dissectors by avoiding a buffer overflow...
[SECURITY] [DLA 1728-1] openssh security update
Package : openssh Version : 1:6.7p1-5+deb8u8 CVE ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Debian Bug : 793412 919101 923486 Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer...
[SECURITY] [DLA 1727-1] firefox-esr security update
Package : firefox-esr Version : 60.6.1esr-1deb8u1 CVE ID : CVE-2019-9810 CVE-2019-9813 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DLA 1726-1] bash security update
Package : bash Version : 4.3-11+deb8u2 CVE ID : CVE-2016-9401 CVE-2019-9924 Two issues have been fixed in bash, the GNU Bourne-Again Shell: CVE-2016-9401 The popd builtin segfaulted when called with negative out of range offsets. CVE-2019-9924 Sylvain Beucler discovered that it was possible to ca...
[SECURITY] [DLA 1725-1] rsync security update
Package : rsync Version : 3.1.1-3+deb8u2 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2018-5764 Trail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote and local...
[SECURITY] [DSA 4417-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4417-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4416-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4416-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4416-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4415-1] passenger security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4415-1] passenger security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4415-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1724-1] ntfs-3g security update
Package : ntfs-3g Version : 1:2014.2.15AR.2-1+deb8u4 CVE ID : CVE-2019-9755 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DSA 4413-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4413-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1723-1] cron security update
Package : cron Version : 3.0pl1-127+deb8u2 CVE ID : CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Debian Bug : 809167 Various security problems have been discovered in Debians CRON scheduler. CVE-2017-9525 Fix group crontab to root escalation via the Debian packages postinst script as...
[SECURITY] [DLA 1722-1] firefox-esr security update
Package : firefox-esr Version : 60.6.0esr-1deb8u1 CVE ID : CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution ...
[SECURITY] [DSA 4412-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4412-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4411-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4411-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4410-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1721-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u8 CVE ID : CVE-2019-9752 It has been discovered that OTRS Open source Ticket Request System is susceptible to code injection vulnerability. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order t...
[SECURITY] [DSA 4409-1] neutron security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4409-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1720-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u3 CVE ID : CVE-2019-9215 Debian Bug : 924655 It was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this...
[SECURITY] [DLA 1719-1] libjpeg-turbo security update
Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u2 CVE ID : CVE-2018-14498 Debian Bug : 924678 It was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially-crafted bitmap...
[SECURITY] [DLA 1718-1] sqlalchemy security update
Package : sqlalchemy Version : 0.9.8+dfsg-0.1+deb8u1 CVE ID : CVE-2019-7164 CVE-2019-7548 Debian Bug : 922669 Two vulnerabilities were discovered in SQLALchemy, a Python SQL Toolkit and Object Relational Mapper. CVE-2019-7164 SQLAlchemy allows SQL Injection via the orderby parameter. CVE-2019-754...
[SECURITY] [DLA 1717-1] rdflib security update
Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 1716-1] ikiwiki security update
Package : ikiwiki Version : 3.20141016.4+deb8u1 CVE ID : CVE-2019-9187 The ikiwiki maintainers discovered that the aggregate plugin did not use LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized wiki editors could tell ikiwiki to fetch potentially undesired URIs even ...
[SECURITY] [DSA 4408-1] liblivemedia security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4408-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1715-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...
[SECURITY] [DLA 1714-1] libsdl2 security update
Package : libsdl2 Version : 2.0.2+dfsg1-6+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl2, a library that...
[SECURITY] [DLA 1713-1] libsdl1.2 security update
Package : libsdl1.2 Version : 1.2.15-10+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl1.2, a library that...
[SECURITY] [DLA 1712-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A heap-buffer-overflow vulnerability was discovered in libsndfile, the library f...
[SECURITY] [DLA 1711-1] systemd security update
Package : systemd Version : 215-17+deb8u11 CVE ID : CVE-2019-3815 Debian Bug : 924060 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in systemd-journald. Function dispatchmessagereal in journald-server.c does not free allocated memory to store the CMDLINE= entry. A local...
[SECURITY] [DLA 1710-1] xmltooling security update
Package : xmltooling Version : 1.5.3-2+deb8u4 CVE ID : CVE-2019-9628 Debian Bug : 924346 Ross Geerlings discovered that the XMLTooling library didnt correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling. For...
[SECURITY] [DLA 1709-1] waagent security update
Package : waagent Version : 2.2.18-3deb8u2 CVE ID : CVE-2019-0804 Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u2. ...
[SECURITY] [DSA 4407-1] xmltooling security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4407-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...