14409 matches found
[SECURITY] [DSA 4406-1] waagent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4406-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1708-1] zabbix security update
Package : zabbix Version : 1:2.2.23+dfsg-0+deb8u1 CVE ID : CVE-2016-10742 CVE-2017-2826 Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution. CVE-2016-10742 Zabbix allowed remote attackers to redirect to external links by misusing the request...
[SECURITY] [DSA 4405-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4405-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4405-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4405-1 [email protected] https://www.debian.org/security/ Luciano Bello March 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4404-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4404-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4404-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4404-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1707-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u4 CVE ID : CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408 CVE-2018-14773 CVE-2018-19789 CVE-2018-19790 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are...
[SECURITY] [DSA 4403-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1706-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u8 CVE ID : CVE-2018-19058 CVE-2018-20481 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200 Debian Bug : 913177 917325 918158 921215 923414 Several security vulnerabilities were discovered in the poppler PDF rendering shared library. CVE-2018-19058 A reachable...
[SECURITY] [DSA 4402-1] mumble security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4402-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1705-1] sox security update
Package : sox Version : 14.4.1-5+deb8u3 CVE ID : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371 Debian Bug : 878809 870328 Multiple vulnerabilities have been discovered in SoX Sound eXchange, a sound processing program: CVE-2017-11332 The startread function wav.c is affected by a...
[SECURITY] [DLA 1704-1] nss security update
Package : nss Version : 2:3.26-1+debu8u4 CVE ID : CVE-2018-12404 CVE-2018-18508 Debian Bug : 921614 Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack CVE-2018-18508 NULL pointer...
[SECURITY] [DLA 1703-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u5 CVE ID : CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 Several deserialization flaws were discovered in jackson-databind, a fast and powerful...
[SECURITY] [DLA 1702-1] advancecomp security update
Package : advancecomp Version : 1.19-1+deb8u1 CVE ID : CVE-2018-1056 CVE-2019-9210 Debian Bug : 889270 923416 Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities. CVE-2018-1056 Joonun Jang discovered that the advzip tool was prone to a heap-based buffer...
[SECURITY] [DSA 4387-2] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-2 [email protected] https://www.debian.org/security/ Yves-Alexis Perez March 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1701-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u11 CVE ID : CVE-2019-1559 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive...
[SECURITY] [DLA 1696-1] ceph security update
Package : ceph Version : 0.80.7-2+deb8u3 CVE ID : CVE-2018-14662 CVE-2018-16846 Debian Bug : 921948 921947 Several vulnerabilities were discovered in Ceph, a distributed storage and file system. CVE-2018-14662 It was found that authenticated ceph users with read only permissions could steal...
[SECURITY] [DLA 1700-1] uw-imap security update
Package : uw-imap Version : 8:2007fdfsg-4+deb8u1 CVE ID : CVE-2018-19518 Debian Bug : 914632 A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input e.g.,...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1699-1] ldb security update
Package : ldb Version : 2:1.1.20-0+deb8u2 CVE ID : CVE-2019-3824 Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 "Jessie", this problem has been fixed in version 2:1.1.20-0+deb8u2. We...
[SECURITY] [DSA 4400-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4400-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4399-1] ikiwiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4399-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4398-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4398-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1698-1] file security update
Package : file Version : 1:5.22+15-2+deb8u5 CVE ID : CVE-2019-8905 CVE-2019-8907 Potential buffer over-reads in readelf.c have been found in file, a popular file type guesser. For Debian 8 "Jessie", these problems have been fixed in version 1:5.22+15-2+deb8u5. We recommend that you upgrade your...
[SECURITY] [DLA 1697-1] bind9 security updat
Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u17 CVE ID : CVE-2018-5745 CVE-2019-6465 Two issues have been found in bind9, the Internet Domain Name Server. CVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs. CVE-2018-5745 Avoid assertion and thus causing named to...
[SECURITY] [DSA 4397-1] ldb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4397-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4397-1] ldb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4397-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1695-1] sox security update
Package : sox Version : 14.4.1-5+deb8u2 CVE ID : CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 Debian Bug : 878808, 878810, 882144, 881121 Multiple vulnerabilities have been discovered in SoX Sound eXchange, a sound processing program: CVE-2017-15370 The ImaAdpcmReadBlock function...
[SECURITY] [DLA 1694-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u10 CVE ID : CVE-2018-12617 CVE-2018-16872 CVE-2019-6778 Debian Bug : 916397, 902725, 921525 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-12617 The qmpguestfileread function qga/commands-posix.c is affected by an intege...
[SECURITY] [DLA 1693-1] gpac security update
Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u2 CVE ID : CVE-2018-7752 CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all...
[SECURITY] [DSA 4395-2] chromium regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4395-2 [email protected] https://www.debian.org/security/ Michael Gilbert February 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1692-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web servers user can access. This is related to the mysql.allowlocalinfile PHP configuration. Wh...
[SECURITY] [DLA 1691-1] exiv2 security update
From: Thorsten Alteholz [email protected] To: [email protected] Subject: SECURITY DLA 1691-1 exiv2 security update Package : exiv2 Version : 0.24-4.1+deb8u3 CVE ID : CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 Several issues have been found in...
[SECURITY] [DLA 1690-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u2 CVE ID : CVE-2019-6256 CVE-2019-7314 Debian Bug : 919529 Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library: CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to ...
[SECURITY] [DLA 1689-1] elfutils security update
Package : elfutils Version : 0.159-4.2+deb8u1 CVE ID : CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 Several issues in elfutils, a collection of utilities to handle ELF...
[SECURITY] [DLA 1688-1] waagent update
Package : waagent Version : 2.2.18-3deb8u1 A newer version of waagent is needed for several features of the Azure platform. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u1. We recommend that you upgrade your waagent packages. Further information about Debian LTS...
[SECURITY] [DLA 1687-1] sox security update
Package : sox Version : 14.4.1-5+deb8u1 CVE ID : CVE-2014-8145 Debian Bug : 773720 Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package. For Debian 8 "Jessie", this problem has been fixed in version 14.4.1-5+deb8u1. We...
[SECURITY] [DLA 1686-1] freedink-dfarc security update
Package : freedink-dfarc Version : 3.12-1+deb8u1 CVE ID : CVE-2018-0496 Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the users system. For...
[SECURITY] [DSA 4377-3] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...
[SECURITY] [DLA 1685-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u15 CVE ID : CVE-2019-6338 Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-63...
[SECURITY] [DSA 4396-1] ansible security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1684-1] systemd security update
Package : systemd Version : 215-17+deb8u10 CVE ID : CVE-2019-6454 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus. For Debian 8 "Jessie",...
[SECURITY] [DLA 1683-1] rdesktop security update
Package : rdesktop Version : 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180...
[SECURITY] [DLA 1660-2] rssh regression update
Package : rssh Version : 2.3.4-4+deb8u3 Debian Bug : 921655 It was discovered that the fix for the security vulnerability released for rssh in 2.3.4-4+deb8u2 via DLA-1660-1 introduced a regression that blocked scp1 of multiple files from a server using rssh. Please see...
[SECURITY] [DSA 4395-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4395-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4394-1] rdesktop security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4394-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1682-1] uriparser security update
Package : uriparser Version : 0.8.0.1-2+deb8u2 CVE ID : CVE-2018-20721 Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1", were possible. For Debia...
[SECURITY] [DSA 4393-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4393-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2019 https://www.debian.org/security/faq -...