14409 matches found
[SECURITY] [DSA 4393-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4393-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1681-1] gsoap security update
Package : gsoap Version : 2.8.17-1+deb8u2 CVE ID : CVE-2019-7659 It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 "Jessie", this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend...
[SECURITY] [DLA 1680-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u8 CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663 Brief introduction CVE-2018-17000 A NULL pointer dereference in the function TIFFmemcmp at tifunix.c called from TIFFWriteDirectoryTagTransferfunction allows an attacker to cause a denial-of-service...
[SECURITY] [DSA 4388-2] mosquitto regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4388-2] mosquitto regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4388-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1679-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u1 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include GD graphics, multi-byte string handling, phar file format handling, and xmlrpc. CVEs have not yet been...
[SECURITY] [DLA 1678-1] thunderbird security update
Package : thunderbird Version : 1:60.5.1-1deb8u1 CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505. CVE-2018-18509 CVE-2019-5785 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or...
[SECURITY] [DSA 4392-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4392-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1677-1] firefox-esr security update
Package : firefox-esr Version : 60.5.1esr-1deb8u1 CVE ID : CVE-2018-18356 CVE-2019-5785 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DSA 4391-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4391-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1676-1] unbound security update
Package : unbound Version : 1.4.22-3+deb8u4 CVE ID : CVE-2017-15105 Debian Bug : 887733 Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...
[SECURITY] [DLA 1675-1] python-gnupg security update
Package : python-gnupg Version : 0.3.6-1+deb8u1 CVE ID : CVE-2019-6690 Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt...
[SECURITY] [DSA 4390-1] flatpak security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4390-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1674-1] php5 security update
Package : php5 Version : 5.6.39+dfsg-0+deb8u2 CVE ID : CVE-2018-1000888 php-pear in php5 contains CWE-502 Deserialization of Untrusted Data and CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in its ArchiveTar class. When extract is called...
[SECURITY] [DLA 1673-1] wordpress security update
Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...
[SECURITY] [DSA 4377-2] rssh regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4377-2] rssh regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1672-1] curl security update
Package : curl Version : 7.38.0-4+deb8u14 CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 It was discovered that there were three vulnerabilities in the curl command-line HTTP etc. client: CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages...
[SECURITY] [DSA 4389-1] libu2f-host security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4389-1] libu2f-host security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1671-1] coturn security update
Package : coturn Version : 4.2.1.2-1+deb8u1 CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the...
[SECURITY] [DLA 1670-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u1 CVE ID : CVE-2019-6116 Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the...
[SECURITY] [DSA 4388-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1666-1] freerdp security update
Package : freerdp Version : 1.1.0git20140921.1.440916e+dfsg1-13deb8u3 CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Debian Bug : For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of t...
[SECURITY] [DSA 4387-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4387-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1669-1] libreoffice security update
Package : libreoffice Version : 1:4.3.3-2+deb8u12 CVE ID : CVE-2018-16858 Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 1668-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u7 CVE ID : CVE-2019-1000019 CVE-2019-1000020 Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that...
[SECURITY] [DLA 1667-1] dovecot security update
Package : dovecot Version : 1:2.2.13-12deb8u5 CVE ID : CVE-2019-3814 It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server. A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both authsslrequireclient,usernamefromcer...
[SECURITY] [DLA 1663-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u2 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2018-20406 CVE-2019-5010 This DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues: CVE-2016-0772 The smtplib library in CPython does not return ...
[SECURITY] [DSA 4386-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4386-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini February 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1665-1] netmask security update
Package : netmask Version : 2.3.12+deb8u1 Debian Bug : 921565 A buffer overflow was found in netmask which would crash when called with arbitrarily long inputs. For Debian 8 "Jessie", this problem has been fixed in version 2.3.12+deb8u1. We recommend that you upgrade your netmask packages. Furthe...
[SECURITY] [DLA 1664-1] golang security update
Package : golang Version : 2:1.3.3-1+deb8u1 CVE ID : CVE-2019-6486 Debian Bug : 920548 It was discovered that there was a denial of service vulnerability or possibly even the ability to conduct private key recovery attacks within in the elliptic curve cryptography handling in the Go programming...
[SECURITY] [DLA 1662-1] libthrift-java security update
Package : libthrift-java Version : 0.9.1-2+deb8u1 CVE ID : CVE-2018-1320 Debian Bug : 918736 It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if th...
[SECURITY] [DLA 1661-1] mumble security update
Package : mumble Version : 1.2.8-2+deb8u1 CVE ID : CVE-2018-20743 Debian Bug : 919249 It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message...
[SECURITY] [DLA 1654-1] libav security update
Package : libav Version : 6:11.12-1deb8u5 CVE ID : CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 CVE-2017-14169 CVE-2017-14223 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2014-8542 libavcodec/utils.c omitted a certai...
[SECURITY] [DLA 1660-1] rssh security update
Package : rssh Version : 2.3.4-4+deb8u2 CVE ID : CVE-2019-3463 CVE-2019-3464 More vulnerabilities were found by Nick Cleaton in the rssh code that could lead to arbitrary code execution under certain circumstances. CVE-2019-3463 reject rsync --daemon and --config command-line options; arbitrary...
[SECURITY] [DSA 4385-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4385-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4385-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4384-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4384-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4383-1] libvncserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4383-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4383-1] libvncserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4383-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4382-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4381-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4381-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1659-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u14 CVE ID : CVE-2019-6339 A remote code execution vulnerability exists in PHPs built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on...
[SECURITY] [DLA 1658-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u4 CVE ID : CVE-2018-19968 CVE-2018-19970 A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an...
[SECURITY] [DLA-1657-1] debian-security-support enigmail end of life
Package : debian-security-support Version : 2019.02.01deb8u1 debian-security-support, the Debian security support coverage checker, has been updated in jessie. This marks the end of life of the Enigmail package in jessie. After many months of work to try backporting the various changes and fixes...
[SECURITY] [DSA 4380-1] golang-1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4380-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4379-1] golang-1.7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4379-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1656-1] agg security update
Package : agg Version : 2.5+dfsg1-9+deb8u1 CVE ID : CVE-2019-6245 Debian Bug : 919322 A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Since AGG only provides a static library, the...