14340 matches found
[SECURITY] [DSA 4389-1] libu2f-host security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1671-1] coturn security update
Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...
[SECURITY] [DLA 1670-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u1 CVE ID : CVE-2019-6116 Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the...
[SECURITY] [DSA 4388-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1666-1] freerdp security update
Package : freerdp Version : 1.1.0git20140921.1.440916e+dfsg1-13deb8u3 CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Debian Bug : For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of t...
[SECURITY] [DSA 4387-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1669-1] libreoffice security update
Package : libreoffice Version : 1:4.3.3-2+deb8u12 CVE ID : CVE-2018-16858 Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1668-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u7 CVE ID : CVE-2019-1000019 CVE-2019-1000020 Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that...
[SECURITY] [DLA 1667-1] dovecot security update
Package : dovecot Version : 1:2.2.13-12deb8u5 CVE ID : CVE-2019-3814 It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server. A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both authsslrequireclient,usernamefromcer...
[SECURITY] [DLA 1663-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u2 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2018-20406 CVE-2019-5010 This DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues: CVE-2016-0772 The smtplib library in CPython does not return ...
[SECURITY] [DSA 4386-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4386-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini February 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1665-1] netmask security update
Package : netmask Version : 2.3.12+deb8u1 Debian Bug : 921565 A buffer overflow was found in netmask which would crash when called with arbitrarily long inputs. For Debian 8 "Jessie", this problem has been fixed in version 2.3.12+deb8u1. We recommend that you upgrade your netmask packages. Furthe...
[SECURITY] [DLA 1664-1] golang security update
Package : golang Version : 2:1.3.3-1+deb8u1 CVE ID : CVE-2019-6486 Debian Bug : 920548 It was discovered that there was a denial of service vulnerability or possibly even the ability to conduct private key recovery attacks within in the elliptic curve cryptography handling in the Go programming...
[SECURITY] [DLA 1662-1] libthrift-java security update
Package : libthrift-java Version : 0.9.1-2+deb8u1 CVE ID : CVE-2018-1320 Debian Bug : 918736 It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if th...
[SECURITY] [DLA 1661-1] mumble security update
Package : mumble Version : 1.2.8-2+deb8u1 CVE ID : CVE-2018-20743 Debian Bug : 919249 It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message...
[SECURITY] [DLA 1654-1] libav security update
Package : libav Version : 6:11.12-1deb8u5 CVE ID : CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 CVE-2017-14169 CVE-2017-14223 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2014-8542 libavcodec/utils.c omitted a certai...
[SECURITY] [DLA 1660-1] rssh security update
Package : rssh Version : 2.3.4-4+deb8u2 CVE ID : CVE-2019-3463 CVE-2019-3464 More vulnerabilities were found by Nick Cleaton in the rssh code that could lead to arbitrary code execution under certain circumstances. CVE-2019-3463 reject rsync --daemon and --config command-line options; arbitrary...
[SECURITY] [DSA 4385-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4385-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4384-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4384-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4383-1] libvncserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4383-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4383-1] libvncserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4383-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4382-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4381-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4381-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1659-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u14 CVE ID : CVE-2019-6339 A remote code execution vulnerability exists in PHPs built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on...
[SECURITY] [DLA 1658-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u4 CVE ID : CVE-2018-19968 CVE-2018-19970 A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an...
[SECURITY] [DLA-1657-1] debian-security-support enigmail end of life
Package : debian-security-support Version : 2019.02.01deb8u1 debian-security-support, the Debian security support coverage checker, has been updated in jessie. This marks the end of life of the Enigmail package in jessie. After many months of work to try backporting the various changes and fixes...
[SECURITY] [DSA 4380-1] golang-1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4380-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4379-1] golang-1.7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4379-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1656-1] agg security update
Package : agg Version : 2.5+dfsg1-9+deb8u1 CVE ID : CVE-2019-6245 Debian Bug : 919322 A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Since AGG only provides a static library, the...
[SECURITY] [DLA 1655-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.38-0+deb8u1 CVE ID : CVE-2019-2529 CVE-2019-2537 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.38. Please see the MariaDB 10.0 Release Notes for...
[SECURITY] [DLA 1653-1] postgis security update
Package : postgis Version : 2.1.4+dfsg-3+deb8u1 CVE ID : CVE-2017-18359 It was found that the function STAsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or...
[SECURITY] [DLA 1652-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u5 CVE ID : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed i...
[SECURITY] [DLA 1651-1] libgd2 security update
Package : libgd2 Version : 2.1.0-5+deb8u12 CVE ID : CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978 Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImagePtr has been reported by Solmaz Salimi...
[SECURITY] [DLA 1650-1] rssh security update
Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp...
[SECURITY] [DLA 1649-1] spice security update
Package : spice Version : 0.12.5-1+deb8u7 CVE ID : CVE-2019-3813 Debian Bug : 920762 Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service spice server crash, or possibly, execution of...
[SECURITY] [DLA 1648-1] firefox-esr security update
Package : firefox-esr Version : 60.5.0esr-1deb8u1 CVE ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For Debian 8 "Jessie",...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4377-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4376-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1647-1] apache2 security update
Package : apache2 Version : 2.4.10-10+deb8u13 CVE ID : CVE-2018-17199 Diego Angulo from ImExHS discovered an issue in the webserver apache2. The module modsession ignored the expiry time of sessions handled by modsessioncookie, because the expiry time is available only after decoding the session...
[SECURITY] [DLA 1646-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u9 CVE ID : CVE-2018-17958 CVE-2018-19364 CVE-2018-19489 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-17958 The rtl8139 emulator is affected by an integer overflow and subsequent buffer overflow. This vulnerability migh...
[SECURITY] [DSA 4375-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4375-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4375-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4375-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1645-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u17 CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol - PMUL, a reliable multicast...
[SECURITY] [DLA 1644-1] policykit-1 security update
Package : policykit-1 Version : 0.105-15deb8u4 CVE ID : CVE-2018-19788 CVE-2019-6133 Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges: CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result...
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4374-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4374-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 28, 2019 https://www.debian.org/security/faq -...