[SECURITY] [DLA 1616-1] libextractor security update

Package : libextractor Version : 1:1.3-2+deb8u4 CVE ID : CVE-2018-20430 CVE-2018-20431 Debian Bug : 917214 917213 Two security issues were discovered in libextractor, a library for extracting meta data from files of arbitrary type. An out-of-bounds read in common/convert.c and a NULL Pointer...

[SECURITY] [DLA 1615-1] nagios3 security update

Package : nagios3 Version : 3.5.1.dfsg-2+deb8u1 CVE ID : CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 CVE-2018-18245 Debian Bug : 771466 823721 917138 Several issues were corrected in nagios3, a monitoring and management system for hosts, services and networks. CVE-2018-18245 Maximilia...

[SECURITY] [DSA 4346-2] ghostscript regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4346-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4346-2] ghostscript regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4346-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1614-1] openjpeg2 security update

Package : openjpeg2 Version : 2.1.0-2+deb8u6 CVE ID : CVE-2018-6616 CVE-2018-14423 Debian Bug : 904873, 889683 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2018-6616 Excessive iteration in the opjt1encodecblks function openjp2/t1.c. Remote...

[SECURITY] [DLA 1613-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u3 CVE ID : CVE-2018-20346 Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software nicknamed "Magellan". The "Magellan" remote code execution vulnerability has now been fixed by adding extra...

[SECURITY] [DLA 1612-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u6 CVE ID : CVE-2018-1000877 CVE-2018-1000878 Debian Bug : 916964 916963 Daniel Axtens discovered a double-free and use-after-free vulnerability in libarchives RAR decoder that can result in a denial-of-service application crash or may have other...

[SECURITY] [DLA 1611-2] libav security update

Package : libav Version : 6:11.12-1deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1. CVE-2015-6823 The allocatebuffers function in libavcodec/alac.c did not...

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1611-1] libav security update

Package : libav Version : 6:11.12-1deb8u2 CVE ID : CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 Severa...

[SECURITY] [DSA 4356-1] netatalk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4356-1] netatalk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4355-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1610-1] sleuthkit security update

Package : sleuthkit Version : 4.1.3-4+deb8u1 CVE ID : CVE-2018-19497 Debian Bug : 914796 It was discovered that the Sleuth Kit TSK through version 4.6.4 is affected by a buffer over-read vulnerability. The tskgetu16 call in hfsdiropenmetacb tsk/fs/hfsdent.c does not properly check boundaries. Thi...

[SECURITY] [DLA 1609-1] libapache-mod-jk security update

Package : libapache-mod-jk Version : 1.2.46-0+deb8u1 CVE ID : CVE-2018-11759 A vulnerability has been discovered in libapache-mod-jk, the Apache 2 connector for the Tomcat Java servlet engine. The libapache-mod-jk connector is susceptible to information disclosure and privilege escalation because...

[SECURITY] [DLA 1608-1] php5 security update

Package : php5 Version : 5.6.39+dfsg-0+deb8u1 CVE ID : CVE-2018-19518 CVE-2018-19935 Vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. Note that this update includes a change to the default behavior for IMAP connections. See below for details...

[SECURITY] [DLA 1607-1] samba security update

Package : samba Version : 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Flori...

[SECURITY] [DLA 1562-3] poppler regression update

Package : poppler Version : 0.26.5-2+deb8u7 CVE ID : CVE-2018-16646 Debian Bug : A second regression issue has been resolved in the poppler PDF rendering shared library this time introduced with version 0.26.5-2+deb8u6 see DLA 1562-2. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function ...

[SECURITY] [DLA 1606-1] gcc-4.9 bugfix update

Package : gcc-4.9 Version : 4.9.2-10+deb8u2 Debian Bug : 727621 This update fixes libstdc++ std::future support on armel, which is necessary to get firefox-esr and thunderbird updates built on that architecture. For Debian 8 "Jessie", this problem has been fixed in version 4.9.2-10+deb8u2. Furthe...

[SECURITY] [DLA 1605-1] firefox-esr security update

Package : firefox-esr Version : 60.4.0esr-1deb8u1 CVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or...

[SECURITY] [DSA 4354-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4354-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4353-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 10, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1604-1] lxml security update

Package : lxml Version : 3.4.0-1+deb8u1 CVE ID : CVE-2018-19787 It was discovered that there was a XSS injection vulnerability in the LXML HTML/XSS manipulation library for Python. LXML did not remove "javascript:" URLs that used escaping such as "j a v a s c r i p t". This is a similar issue to...

[SECURITY] [DSA 4352-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4352-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4350-1] policykit-1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4350-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1603-1] suricata security update

Package : suricata Version : 2.0.7-2+deb8u3 CVE ID : CVE-2017-7177 CVE-2017-15377 CVE-2018-6794 Debian Bug : 856648 889842 856649 Several issues were found in suricata, an intrusion detection and prevention tool. CVE-2017-7177 Suricata has an IPv4 defragmentation evasion issue caused by lack of a...

[SECURITY] [DSA 4349-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4349-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1602-1] nsis security update

Package : nsis Version : 2.46-10+deb8u1 CVE ID : CVE-2015-9267 CVE-2015-9268 Among others, Andre Heinicke from gpg4win.org found several issues of nsis, a tool for creating quick and user friendly installers for Microsoft Windows operating systems. The issues are fixed by ... ... using...

[SECURITY] [DSA 4348-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1601-1] perl security update

Package : perl Version : 5.20.2-3+deb8u12 CVE ID : CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perlmysetenv leading to a heap-based buffer overflow with attacker-controlled input. For Debian 8 "Jessie", this problem has been fixed in...

[SECURITY] [DLA 1599-1] qemu security update

Package : qemu Version : 1:2.1+dfsg-12+deb8u8 CVE ID : CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-5105 CVE-2016-5106...

[SECURITY] [DLA 1600-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u4 CVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-5601 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Debian Bug : 853278 875960 875974 875966 874539 840934 840935 8616...

[SECURITY] [DSA 4347-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4347-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1562-2] poppler security update

Package : poppler Version : 0.26.5-2+deb8u6 CVE ID : CVE-2018-16646 A regression issue has been resolved in the poppler PDF rendering shared library introduced with version 0.26.5-2+deb8u5. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via...

[SECURITY] [DLA 1598-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u12 CVE ID : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or th...

[SECURITY] [DSA 4346-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4346-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4345-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4345-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1597-1] gnuplot security update

Package : gnuplot Version : 4.6.6-2+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow cases whic...

[SECURITY] [DLA-1589-1] keepalived security update

Package : icecast2 Version : 1:1.2.13-1+deb8u1 CVE ID : CVE-2018-19115 Debian Bug : 914393 keepalived has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code...

[SECURITY] [DLA-1588-1] icecast2 security update

Package : icecast2 Version : 2.4.0-1.1+deb8u2 CVE ID : CVE-2018-18820 Debian Bug : 912611 A buffer overflow was discovered in the URL-authentication backend of the icecast2, the popular open source streaming media server. If the backend is enabled, then any malicious HTTP client can send a reques...

[SECURITY] [DLA 1596-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u6 CVE ID : CVE-2018-19132 Debian Bug : 912294 It was discovered that there can be a denial of service DoS vulnerability in squid3 due to a memory leak in SNMP query rejection code when SNMP is enabled. In environments where per-process memory restrictions a...

[SECURITY] [DLA 1595-1] gnuplot5 security update

Package : gnuplot5 Version : 5.0.0rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow...

[SECURITY] [DLA 1594-1] xml-security-c security update

Package : xml-security-c Version : 1.7.2-3+deb8u2 A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification...