[SECURITY] [DSA 4373-1] coturn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4373-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4372-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4372-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1643-1] krb5 security update

Package : krb5 Version : 1.12.1+dfsg-19+deb8u5 CVE ID : CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 krb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an...

[SECURITY] [DLA 1642-1] postgresql-9.4 new minor release

Package : postgresql-9.4 Version : 9.4.20-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Further information about Debian LTS...

[SECURITY] [DLA 1641-1] mxml security update

Package : mxml Version : 2.6-2+deb8u1 CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004 Debian Bug : 825855 918007 Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to...

[SECURITY] [DLA 1640-1] tmpreaper security update

Package : tmpreaper Version : 1.6.13+nmu1+deb8u1 CVE ID : CVE-2019-3461 Debian Bug : 918956 It was discovered that tmpreaper, a program that cleans up files in directories based on their age, is vulnerable to a race condition. This vulnerability might be exploited by local attackers to perform...

[SECURITY] [DLA 1639-1] systemd security update

Package : systemd Version : 215-17+deb8u9 CVE ID : CVE-2018-16864 CVE-2018-16865 Debian Bug : 918841 918848 Multiple vulnerabilities were found in the journald component of systemd which can lead to a crash or code execution. CVE-2018-16864 An allocation of memory without limits, that could resul...

[SECURITY] [DLA 1638-1] libjpeg-turbo security update

Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u1 CVE ID : CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 Debian Bug : 819969 902950 902176 Several vulnerabilities have been resolved in libjpeg-turbo, Debians default JPEG implemenation. CVE-2016-3616 The cjpeg utility ...

[SECURITY] [DLA 1637-1] apt security update (amended)

Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : amended to refer to jessie in the sources.list entry below, instead of stable Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt...

[SECURITY] [DLA 1637-1] apt security update

Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt properly sanitize fields transmitted over the wire. This vulnerability could be...

[SECURITY] [DSA 4371-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4371-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 22, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1636-1] aria2 security update

Package : aria2 Version : 1.18.8-1+deb8u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 It was discovered that aria2 the lightweight command-line download utility can store passed user credentials in a log file when using the --log option. This might allow local users to obtain sensitive information...

[SECURITY] [DSA 4370-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4370-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1635-1] sssd security update

Package : sssd Version : 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return / the root directory instead of the empty string / no home directory. This could impact services that...

[SECURITY] [DLA 1634-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u16 CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747 CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409 CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325...

[SECURITY] [DSA 4367-2] systemd regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4367-2] systemd regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4369-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4369-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4368-1] zeromq3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4368-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4367-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4367-1] systemd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4366-1] vlc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4366-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1633-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195 Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer...

[SECURITY] [DSA 4365-1] tmpreaper security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1632-1] libsndfile security update

Package : libsndfile Version : 1.0.25-9.1+deb8u3 CVE ID : CVE-2018-19758 Debian Bug : 917416 A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of...

[SECURITY] [DLA 1631-1] libcaca security update

Package : libcaca Version : 0.99.beta19-2+deb8u1 CVE ID : CVE-2018-20544 CVE-2018-20546 CVE-2018-20547 CVE-2018-20549 Debian Bug : 917807 Several vulnerabilities were discovered in libcaca, a graphics library that outputs text: integer overflows, floating point exceptions or invalid memory reads...

[SECURITY] [DSA 4364-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4364-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4363-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4363-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1630-1] libav security update

Package : libav Version : 6:11.12-1deb8u4 CVE ID : CVE-2017-9993 CVE-2017-9994 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14170 CVE-2017-14171 CVE-2017-14767 CVE-2017-15672 CVE-2017-17130 CVE-2018-6621 CVE-2018-7557 CVE-2018-14394 CVE-2018-1999010 Several security vulnerabilities were...

[SECURITY] [DLA 1629-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u4 CVE ID : CVE-2019-3498 Debian Bug : 918230 It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see:...

[SECURITY] [DLA 1627-1] qtbase-opensource-src security update

Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u3 CVE ID : CVE-2018-15518 CVE-2018-19870 CVE-2018-19873 Multiple issues were fixed in Qt. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19870 A malformed GIF image might...

[SECURITY] [DLA 1628-1] jasper security update

Package : jasper Version : 1.900.1-debian1-2.4+deb8u5 CVE ID : CVE-2018-18873 CVE-2018-19139 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-20570 CVE-2018-20584 CVE-2018-20622 Multiple issues were found in the JasPer JPEG-2000 library that could lead to a denial-of-service...

[SECURITY] [DLA 1626-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.75-2+2018i This update includes the changes in tzdata 2018i for the Perl bindings. For the list of changes, see DLA-1625-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018i. We recommend that you upgrade your...

[SECURITY] [DLA 1625-1] tzdata new upstream version

Package : tzdata Version : 2018i-0+deb8u1 This update includes the changes in tzdata 2018i. Notable changes are: - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new zone Asia/Qostanay has been added, because Qostanay, Kazakhstan didnt move. - Metlakatla, Alaska observes PST this...

[SECURITY] [DLA 1624-1] thunderbird security update

Package : thunderbird Version : 1:60.4.0-1deb8u1 CVE ID : not yet available Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", this problem has been fixed in version 1:60.4.0-1deb8u1. We recommend...

[SECURITY] [DSA 4362-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4362-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1623-1] tar security update

Package : tar Version : 1.27.1-2+deb8u2 CVE ID : CVE-2018-20482 Debian Bug : 917377 It was discovered that there was a potential denial of service vulnerability in tar, the GNU version of the tar UNIX archiving utility. The --sparse argument looped endlessly if the file shrank whilst it was being...

[SECURITY] [DLA 1622-1] debian-security-support security update

Package : debian-security-support Version : 2018.11.25deb8u2 debian-security-support, the Debian security support coverage checker, has been updated in jessie. The jessie relevant changes are: Mark jasperreports as end-of-life in Jessie. Mark webkit2gtk as unsupported in all releases. Closes:...

[SECURITY] [DSA 4361-1] libextractor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 28, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1621-1] c3p0 security update

Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External Entity XXE vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. For Debian 8 "Jessie", th...

[SECURITY] [DLA 1591-2] libphp-phpmailer regression update

Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u5 CVE ID : CVE-2018-19296 A possible regression was found in the recent security update for libphp-phpmailer, announced as DLA 1591-1. During backporting a new variable have accidentally introduced to a conditional statement from a much later...

[SECURITY] [DSA 4360-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4360-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4359-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4359-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1620-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u13 CVE ID : CVE-2018-19134 CVE-2018-19478 Some vulnerabilities were discovered in ghostscript, an interpreter for the PostScript language and for PDF. CVE-2018-19134 The setpattern operator did not properly validate certain types. A specially crafte...

[SECURITY] [DLA 1619-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u5 CVE ID : CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 Debian Bug : 916752 916719 916721 Multiple vulnerabilities have been found in GraphicsMagick, the image processing system. CVE-2018-20184 The WriteTGAImage function tga.c is affected by a...

[SECURITY] [DSA 4358-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4358-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1617-1] libvncserver security update

Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u4 CVE ID : CVE-2018-6307 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 Debian Bug : 916941 Kaspersky Lab discovered several vulnerabilities in libvncserver, a C library to implement VN...

[SECURITY] [DLA 1618-1] libsndfile security update

Package : libsndfile Version : 1.0.25-9.1+deb8u2 CVE ID : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 Multiple vulnerabilities have been found in...