14409 matches found
[SECURITY] [DLA 1655-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.38-0+deb8u1 CVE ID : CVE-2019-2529 CVE-2019-2537 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.38. Please see the MariaDB 10.0 Release Notes for...
[SECURITY] [DLA 1653-1] postgis security update
Package : postgis Version : 2.1.4+dfsg-3+deb8u1 CVE ID : CVE-2017-18359 It was found that the function STAsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or...
[SECURITY] [DLA 1652-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u5 CVE ID : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed i...
[SECURITY] [DLA 1651-1] libgd2 security update
Package : libgd2 Version : 2.1.0-5+deb8u12 CVE ID : CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978 Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImagePtr has been reported by Solmaz Salimi...
[SECURITY] [DLA 1650-1] rssh security update
Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp...
[SECURITY] [DLA 1649-1] spice security update
Package : spice Version : 0.12.5-1+deb8u7 CVE ID : CVE-2019-3813 Debian Bug : 920762 Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service spice server crash, or possibly, execution of...
[SECURITY] [DLA 1648-1] firefox-esr security update
Package : firefox-esr Version : 60.5.0esr-1deb8u1 CVE ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For Debian 8 "Jessie",...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4378-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4377-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4376-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1647-1] apache2 security update
Package : apache2 Version : 2.4.10-10+deb8u13 CVE ID : CVE-2018-17199 Diego Angulo from ImExHS discovered an issue in the webserver apache2. The module modsession ignored the expiry time of sessions handled by modsessioncookie, because the expiry time is available only after decoding the session...
[SECURITY] [DLA 1646-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u9 CVE ID : CVE-2018-17958 CVE-2018-19364 CVE-2018-19489 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-17958 The rtl8139 emulator is affected by an integer overflow and subsequent buffer overflow. This vulnerability migh...
[SECURITY] [DSA 4375-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4375-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4375-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4375-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1645-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u17 CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol - PMUL, a reliable multicast...
[SECURITY] [DLA 1644-1] policykit-1 security update
Package : policykit-1 Version : 0.105-15deb8u4 CVE ID : CVE-2018-19788 CVE-2019-6133 Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges: CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result...
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4374-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4374-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4373-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4373-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4372-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4372-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1643-1] krb5 security update
Package : krb5 Version : 1.12.1+dfsg-19+deb8u5 CVE ID : CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 krb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an...
[SECURITY] [DLA 1642-1] postgresql-9.4 new minor release
Package : postgresql-9.4 Version : 9.4.20-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Further information about Debian LTS...
[SECURITY] [DLA 1641-1] mxml security update
Package : mxml Version : 2.6-2+deb8u1 CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004 Debian Bug : 825855 918007 Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to...
[SECURITY] [DLA 1640-1] tmpreaper security update
Package : tmpreaper Version : 1.6.13+nmu1+deb8u1 CVE ID : CVE-2019-3461 Debian Bug : 918956 It was discovered that tmpreaper, a program that cleans up files in directories based on their age, is vulnerable to a race condition. This vulnerability might be exploited by local attackers to perform...
[SECURITY] [DLA 1639-1] systemd security update
Package : systemd Version : 215-17+deb8u9 CVE ID : CVE-2018-16864 CVE-2018-16865 Debian Bug : 918841 918848 Multiple vulnerabilities were found in the journald component of systemd which can lead to a crash or code execution. CVE-2018-16864 An allocation of memory without limits, that could resul...
[SECURITY] [DLA 1638-1] libjpeg-turbo security update
Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u1 CVE ID : CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 Debian Bug : 819969 902950 902176 Several vulnerabilities have been resolved in libjpeg-turbo, Debians default JPEG implemenation. CVE-2016-3616 The cjpeg utility ...
[SECURITY] [DLA 1637-1] apt security update (amended)
Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : amended to refer to jessie in the sources.list entry below, instead of stable Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt...
[SECURITY] [DLA 1637-1] apt security update
Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt properly sanitize fields transmitted over the wire. This vulnerability could be...
[SECURITY] [DSA 4371-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4371-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 22, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1636-1] aria2 security update
Package : aria2 Version : 1.18.8-1+deb8u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 It was discovered that aria2 the lightweight command-line download utility can store passed user credentials in a log file when using the --log option. This might allow local users to obtain sensitive information...
[SECURITY] [DSA 4370-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4370-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1635-1] sssd security update
Package : sssd Version : 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return / the root directory instead of the empty string / no home directory. This could impact services that...
[SECURITY] [DLA 1634-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u16 CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747 CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409 CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325...
[SECURITY] [DSA 4367-2] systemd regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4367-2] systemd regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4369-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4369-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4368-1] zeromq3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4368-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4367-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4367-1] systemd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4366-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4366-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1633-1] sqlite3 security update
Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195 Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer...
[SECURITY] [DSA 4365-1] tmpreaper security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1632-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb8u3 CVE ID : CVE-2018-19758 Debian Bug : 917416 A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of...
[SECURITY] [DLA 1631-1] libcaca security update
Package : libcaca Version : 0.99.beta19-2+deb8u1 CVE ID : CVE-2018-20544 CVE-2018-20546 CVE-2018-20547 CVE-2018-20549 Debian Bug : 917807 Several vulnerabilities were discovered in libcaca, a graphics library that outputs text: integer overflows, floating point exceptions or invalid memory reads...
[SECURITY] [DSA 4364-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4364-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4363-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4363-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1630-1] libav security update
Package : libav Version : 6:11.12-1deb8u4 CVE ID : CVE-2017-9993 CVE-2017-9994 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14170 CVE-2017-14171 CVE-2017-14767 CVE-2017-15672 CVE-2017-17130 CVE-2018-6621 CVE-2018-7557 CVE-2018-14394 CVE-2018-1999010 Several security vulnerabilities were...
[SECURITY] [DLA 1629-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u4 CVE ID : CVE-2019-3498 Debian Bug : 918230 It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see:...