14340 matches found
[SECURITY] [DSA 4344-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4344-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1593-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u2 CVE ID : CVE-2018-19274 Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar...
[SECURITY] [DLA 1592-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u7 CVE ID : CVE-2018-19141 CVE-2018-19143 Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may...
[SECURITY] [DSA 4343-1] liblivemedia security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4343-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1591-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...
[SECURITY] [DLA 1590-1] openjdk-7 security update
Package : openjdk-7 Version : 7u181-2.6.14-2deb8u1 CVE ID : CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service,...
[SECURITY] [DLA 1587-1] pixman security update
Package : pixman Version : 0.32.6-3+deb8u1 CVE ID : CVE-2015-5297 CVE-2015-5297 Numerical overflow in pointer arithmetic. For Debian 8 "Jessie", this problem has been fixed in version 0.32.6-3+deb8u1. We recommend that you upgrade your pixman packages. Further information about Debian LTS securit...
[SECURITY] [DSA 4339-2] ceph regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4339-2] ceph regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1586-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u10 CVE ID : CVE-2018-0735 CVE-2018-5407 CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA signature generation, which might leak information to recover the private key. CVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley,...
[SECURITY] [DLA 1583-1] jasper security update
Package : jasper Version : 1.900.1-debian1-2.4+deb8u4 CVE ID : CVE-2015-5203 CVE-2015-5221 CVE-2016-8690 CVE-2017-13748 CVE-2017-14132 Several security vulnerabilities were discovered in the JasPer JPEG-2000 library. CVE-2015-5203 Gustavo Grieco discovered an integer overflow vulnerability that...
[SECURITY] [DLA 1585-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...
[SECURITY] [DLA 1584-1] ruby-i18n security update
Package : ruby-i18n Version : 0.6.9-2+deb8u1 CVE ID : CVE-2014-10077 Debian Bug : 913093 It was discovered that there was a remote denial-of-service vulnerability in ruby-i18n, a I18n and localization solution for Ruby. An application crash could be engineering a situation where :somekey is prese...
[SECURITY] [DLA 1582-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u1 CVE ID : CVE-2018-4013 A stack based buffer overflow vulnerability was found in liblivemedia, the LIVE555 RTSP server library. This issue might be leveraged by remote attackers to cause code execution, by sending a crafted packet. For Debian 8...
[SECURITY] [DLA 1581-1] uriparser security update
Package : uriparser Version : 0.8.0.1-2+deb8u1 CVE ID : CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 Multiple vulnerabilities have been discovered in uriparser, an Uniform Resource Identifiers URIs parsing library. CVE-2018-19198 UriQuery.c allows an out-of-bounds write via a uriComposeQuery or...
[SECURITY] [DLA 1579-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u5 CVE ID : CVE-2017-17480 CVE-2018-18088 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2017-17480 Write stack buffer overflow due to missing buffer length formatter in fscanf call jp3d and jpwl codecs...
[SECURITY] [DLA 1580-1] systemd security update
Package : systemd Version : 215-17+deb8u8 CVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688 Debian Bug : 912005 912008 systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition...
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4341-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4341-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4340-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4340-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4340-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4340-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4339-1] ceph security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1578-1] spamassassin security update
Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...
[SECURITY] [DLA 1573-1] firmware-nonfree security update
Package : firmware-nonfree Version : 20161130-4deb8u1 CVE ID : CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 Debian Bug : 620066 724970 769633 774914 790061 793544 793874 795303 800090 800440 800820 801514 802970 803920 808792...
[SECURITY] [DLA 1574-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u15 CVE ID : CVE-2018-18025 CVE-2018-18025 Fix for heap-based buffer over-read which can result in a denial of service via a crafted file. For Debian 8 "Jessie", this problem has been fixed in version 8:6.8.9.9-5+deb8u15. We recommend that you upgra...
[SECURITY] [DLA 1577-1] xen security update
Package : xen Version : 4.4.4lts4-0+deb8u1 CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege...
[SECURITY] [DLA 1576-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u1 CVE ID : CVE-2018-16837 Debian Bug : 912297 It was discovered that there was a potential SSH passphrase disclosure vulnerability in the ansible configuration management system, The "User" module leaked data that was passed as a parameter to the...
[SECURITY] [DLA 1575-1] thunderbird security update
Package : thunderbird Version : 1:60.3.0-1deb8u1 CVE ID : CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393...
[SECURITY] [DSA 4338-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4338-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4337-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4337-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4335-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4335-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1572-1] nginx security update
Package : nginx Version : 1.6.2-5+deb8u6 CVE ID : CVE-2018-16845 Debian Bug : 913090 It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when...
[SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update
From: Emilio Pozuelo Monfort [email protected] To: [email protected] Subject: SECURITY DLA 1569-2 libdatetime-timezone-perl regression update Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g.1 The previous update of libdatetime-timezone-perl to tzdata version 2018g w...
[SECURITY] [DLA 1571-1] firefox-esr security update
Package : firefox-esr Version : 60.3.0esr-1deb8u1 CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code,...
[SECURITY] [DLA 1570-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.37-0+deb8u1 CVE ID : CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.37. Please s...
[SECURITY] [DLA 1569-1] libdatetime-timezone-perl new upstream release
Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g This update includes the changes in tzdata 2018g for the Perl bindings. For the list of changes, see DLA-1363-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018g. We recommend that you upgrade your...
[SECURITY] [DLA 1568-1] curl security update
Package : curl Version : 7.38.0-4+deb8u13 CVE ID : CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839 CVE-2018-16842 Debian Bug : 848958 837945 836918 Several vulnerabilities were discovered in cURL, an URL transfer library. CVE-2016-7141 When built with NSS and the libnsspem.so library is...
[SECURITY] [DLA 1566-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.62-0+deb8u1 CVE ID : CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MyS...
[SECURITY] [DLA 1565-1] glusterfs security update
Package : glusterfs Version : 3.5.2-2+deb8u5 CVE ID : CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14659 CVE-2018-14661 Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure,...
[SECURITY] [DLA 1567-1] gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u1 CVE ID : CVE-2018-18718 Debian Bug : 912290 CVE-2018-18718 - CWE-415: Double Free The product calls free twice on the same memory address, potentially leading to modification of unexpected memory locations. There is a suspected double-free bug with...
[SECURITY] [DSA 4334-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4334-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4333-1] icecast2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4331-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4331-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4330-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4330-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...