14409 matches found
[SECURITY] [DLA 1627-1] qtbase-opensource-src security update
Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u3 CVE ID : CVE-2018-15518 CVE-2018-19870 CVE-2018-19873 Multiple issues were fixed in Qt. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19870 A malformed GIF image might...
[SECURITY] [DLA 1628-1] jasper security update
Package : jasper Version : 1.900.1-debian1-2.4+deb8u5 CVE ID : CVE-2018-18873 CVE-2018-19139 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-20570 CVE-2018-20584 CVE-2018-20622 Multiple issues were found in the JasPer JPEG-2000 library that could lead to a denial-of-service...
[SECURITY] [DLA 1626-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl Version : 1:1.75-2+2018i This update includes the changes in tzdata 2018i for the Perl bindings. For the list of changes, see DLA-1625-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018i. We recommend that you upgrade your...
[SECURITY] [DLA 1625-1] tzdata new upstream version
Package : tzdata Version : 2018i-0+deb8u1 This update includes the changes in tzdata 2018i. Notable changes are: - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new zone Asia/Qostanay has been added, because Qostanay, Kazakhstan didnt move. - Metlakatla, Alaska observes PST this...
[SECURITY] [DLA 1624-1] thunderbird security update
Package : thunderbird Version : 1:60.4.0-1deb8u1 CVE ID : not yet available Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", this problem has been fixed in version 1:60.4.0-1deb8u1. We recommend...
[SECURITY] [DSA 4362-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4362-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1623-1] tar security update
Package : tar Version : 1.27.1-2+deb8u2 CVE ID : CVE-2018-20482 Debian Bug : 917377 It was discovered that there was a potential denial of service vulnerability in tar, the GNU version of the tar UNIX archiving utility. The --sparse argument looped endlessly if the file shrank whilst it was being...
[SECURITY] [DLA 1622-1] debian-security-support security update
Package : debian-security-support Version : 2018.11.25deb8u2 debian-security-support, the Debian security support coverage checker, has been updated in jessie. The jessie relevant changes are: Mark jasperreports as end-of-life in Jessie. Mark webkit2gtk as unsupported in all releases. Closes:...
[SECURITY] [DSA 4361-1] libextractor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1621-1] c3p0 security update
Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External Entity XXE vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. For Debian 8 "Jessie", th...
[SECURITY] [DLA 1591-2] libphp-phpmailer regression update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u5 CVE ID : CVE-2018-19296 A possible regression was found in the recent security update for libphp-phpmailer, announced as DLA 1591-1. During backporting a new variable have accidentally introduced to a conditional statement from a much later...
[SECURITY] [DSA 4360-1] libarchive security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4360-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4359-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4359-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1620-1] ghostscript security update
Package : ghostscript Version : 9.06dfsg-2+deb8u13 CVE ID : CVE-2018-19134 CVE-2018-19478 Some vulnerabilities were discovered in ghostscript, an interpreter for the PostScript language and for PDF. CVE-2018-19134 The setpattern operator did not properly validate certain types. A specially crafte...
[SECURITY] [DLA 1619-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u5 CVE ID : CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 Debian Bug : 916752 916719 916721 Multiple vulnerabilities have been found in GraphicsMagick, the image processing system. CVE-2018-20184 The WriteTGAImage function tga.c is affected by a...
[SECURITY] [DSA 4358-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4358-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1617-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u4 CVE ID : CVE-2018-6307 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 Debian Bug : 916941 Kaspersky Lab discovered several vulnerabilities in libvncserver, a C library to implement VN...
[SECURITY] [DLA 1618-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb8u2 CVE ID : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 Multiple vulnerabilities have been found in...
[SECURITY] [DLA 1616-1] libextractor security update
Package : libextractor Version : 1:1.3-2+deb8u4 CVE ID : CVE-2018-20430 CVE-2018-20431 Debian Bug : 917214 917213 Two security issues were discovered in libextractor, a library for extracting meta data from files of arbitrary type. An out-of-bounds read in common/convert.c and a NULL Pointer...
[SECURITY] [DLA 1615-1] nagios3 security update
Package : nagios3 Version : 3.5.1.dfsg-2+deb8u1 CVE ID : CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 CVE-2018-18245 Debian Bug : 771466 823721 917138 Several issues were corrected in nagios3, a monitoring and management system for hosts, services and networks. CVE-2018-18245 Maximilia...
[SECURITY] [DSA 4346-2] ghostscript regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4346-2] ghostscript regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1614-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u6 CVE ID : CVE-2018-6616 CVE-2018-14423 Debian Bug : 904873, 889683 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2018-6616 Excessive iteration in the opjt1encodecblks function openjp2/t1.c. Remote...
[SECURITY] [DLA 1613-1] sqlite3 security update
Package : sqlite3 Version : 3.8.7.1-1+deb8u3 CVE ID : CVE-2018-20346 Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software nicknamed "Magellan". The "Magellan" remote code execution vulnerability has now been fixed by adding extra...
[SECURITY] [DLA 1612-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u6 CVE ID : CVE-2018-1000877 CVE-2018-1000878 Debian Bug : 916964 916963 Daniel Axtens discovered a double-free and use-after-free vulnerability in libarchives RAR decoder that can result in a denial-of-service application crash or may have other...
[SECURITY] [DLA 1611-2] libav security update
Package : libav Version : 6:11.12-1deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1. CVE-2015-6823 The allocatebuffers function in libavcodec/alac.c did not...
[SECURITY] [DSA 4357-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4357-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1611-1] libav security update
Package : libav Version : 6:11.12-1deb8u2 CVE ID : CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 Severa...
[SECURITY] [DSA 4356-1] netatalk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4356-1] netatalk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4355-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1610-1] sleuthkit security update
Package : sleuthkit Version : 4.1.3-4+deb8u1 CVE ID : CVE-2018-19497 Debian Bug : 914796 It was discovered that the Sleuth Kit TSK through version 4.6.4 is affected by a buffer over-read vulnerability. The tskgetu16 call in hfsdiropenmetacb tsk/fs/hfsdent.c does not properly check boundaries. Thi...
[SECURITY] [DLA 1609-1] libapache-mod-jk security update
Package : libapache-mod-jk Version : 1.2.46-0+deb8u1 CVE ID : CVE-2018-11759 A vulnerability has been discovered in libapache-mod-jk, the Apache 2 connector for the Tomcat Java servlet engine. The libapache-mod-jk connector is susceptible to information disclosure and privilege escalation because...
[SECURITY] [DLA 1608-1] php5 security update
Package : php5 Version : 5.6.39+dfsg-0+deb8u1 CVE ID : CVE-2018-19518 CVE-2018-19935 Vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. Note that this update includes a change to the default behavior for IMAP connections. See below for details...
[SECURITY] [DLA 1607-1] samba security update
Package : samba Version : 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Flori...
[SECURITY] [DLA 1562-3] poppler regression update
Package : poppler Version : 0.26.5-2+deb8u7 CVE ID : CVE-2018-16646 Debian Bug : A second regression issue has been resolved in the poppler PDF rendering shared library this time introduced with version 0.26.5-2+deb8u6 see DLA 1562-2. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function ...
[SECURITY] [DLA 1606-1] gcc-4.9 bugfix update
Package : gcc-4.9 Version : 4.9.2-10+deb8u2 Debian Bug : 727621 This update fixes libstdc++ std::future support on armel, which is necessary to get firefox-esr and thunderbird updates built on that architecture. For Debian 8 "Jessie", this problem has been fixed in version 4.9.2-10+deb8u2. Furthe...
[SECURITY] [DLA 1605-1] firefox-esr security update
Package : firefox-esr Version : 60.4.0esr-1deb8u1 CVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or...
[SECURITY] [DSA 4354-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4354-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 12, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4353-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1604-1] lxml security update
Package : lxml Version : 3.4.0-1+deb8u1 CVE ID : CVE-2018-19787 It was discovered that there was a XSS injection vulnerability in the LXML HTML/XSS manipulation library for Python. LXML did not remove "javascript:" URLs that used escaping such as "j a v a s c r i p t". This is a similar issue to...
[SECURITY] [DSA 4352-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4352-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4351-1] libphp-phpmailer security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4351-1] libphp-phpmailer security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4350-1] policykit-1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4350-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1603-1] suricata security update
Package : suricata Version : 2.0.7-2+deb8u3 CVE ID : CVE-2017-7177 CVE-2017-15377 CVE-2018-6794 Debian Bug : 856648 889842 856649 Several issues were found in suricata, an intrusion detection and prevention tool. CVE-2017-7177 Suricata has an IPv4 defragmentation evasion issue caused by lack of a...
[SECURITY] [DSA 4349-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4349-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...