[SECURITY] [DLA 1564-1] mono security update

Package : mono Version : 3.2.8+dfsg-10+deb8u1 CVE ID : CVE-2009-0689 It was found that Mono’s string-to-double parser may crash, on specially crafted input. This could lead to arbitrary code execution. CVE-2018-1002208: Mono embeds the sharplibzip library which is vulnerable to directory traversa...

[SECURITY] [DLA 1563-1] tzdata new upstream version

Package : tzdata Version : 2018g-0+deb8u1 tzdata upstream released version 2018g. Notables changes since 2018e previous version available in jessie include: - Morocco switched to permanent +01 on 2018-10-27. - Volgograd moved from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not...

[SECURITY] [DLA 1562-1] poppler security update

Package : poppler Version : 0.26.5-2+deb8u5 CVE ID : CVE-2017-18267 CVE-2018-10768 CVE-2018-13988 CVE-2018-16646 Debian Bug : 898357 909802 Various security issues were discovered in the poppler PDF rendering shared library. CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc i...

[SECURITY] [DLA 1561-1] phpldapadmin security update

Package : phpldapadmin Version : 1.2.2-5.2+deb8u1 CVE ID : CVE-2017-11107 Debian Bug : 867719 It was discovered that there was a cross-site scripting XSS vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 8 "Jessie", this problem has been fixed in...

[SECURITY] [DLA 1560-1] gnutls28 security update

Package : gnutls28 Version : 3.3.30-0+deb8u1 CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS...

[SECURITY] [DLA 1559-1] xen security update

Package : xen Version : 4.4.4lts3-0+deb8u1 CVE ID : CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-17044 CVE-2017-17045 CVE-2018-10472 CVE-2018-10981 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations...

[SECURITY] [DLA 1558-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u6 CVE ID : CVE-2018-16395 CVE-2018-16396 CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 "Jessie", these problems have been fixed in...

[SECURITY] [DSA 4329-1] teeworlds security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4329-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4321-2] graphicsmagick update

------------------------------------------------------------------------- Debian Security Advisory DSA-4321-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1557-1] tiff security update

Package : tiff Version : 4.0.3-12.3+deb8u7 CVE ID : CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-17100 An int32 overflow can cause a denial of service application crash or possibly have unspecified other impact via a crafted image file CVE-2018-17101 Out-of-bounds writes can cause a deni...

[SECURITY] [DLA 1556-1] paramiko security update

Package : paramiko Version : 1.15.1-1+deb8u1 CVE ID : CVE-2018-7750 CVE-2018-1000805 CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processi...

[SECURITY] [DLA 1555-1] libmspack security update

Package : libmspack Version : 0.5-1+deb8u3 CVE ID : CVE-2018-18584 CVE-2018-18585 CVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write. CVE-2018-18585 Blank filenames having length zero or their 1st or 2nd...

[SECURITY] [DSA 4328-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4328-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4327-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4327-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4326-1] openjdk-8

------------------------------------------------------------------------- Debian Security Advisory DSA-4326-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1554-2] 389-ds-base regression update

Package : 389-ds-base Version : 1.3.3.5-4+deb8u5 A regression was found in the recent security update for 389-ds-base the 389 Directory Server, announced as DLA-1554-2, caused by an incomplete fix for CVE-2018-14648. The regression caused the server to crash when processing requests with empty...

[SECURITY] [DLA 1554-1] 389-ds-base security update

Package : 389-ds-base Version : 1.3.3.5-4+deb8u4 CVE ID : CVE-2018-14648 It was discovered that 389-ds-base the 389 Directory Server is vulnerable to search queries with malformed values in the dosearch function servers/slapd/search.c. Attackers could leverage this vulnerability by sending crafte...

[SECURITY] [DSA 4325-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4325-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4325-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4325-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 25, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4324-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4324-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1553-1] clamav security update

Package : clamav Version : 0.100.2+dfsg-0+deb8u1 CVE ID : CVE-2018-15378 Debian Bug : 910430 ClamAV is an anti-virus utility for Unix, whose upstream developers have released the version 0.100.2. Installing this new version is required to make use of all current virus signatures and to avoid...

[SECURITY] [DLA 1552-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u11 CVE ID : CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Debian Bug : 910678 910758 911175 This is a follow-up update for the recently discovered -dSAFER issues reported by Tavis Ormandy. Tavis Ormandy discovered multiple vulnerabilites in...

[SECURITY] [DLA 1551-1] exiv2 security update

Package : exiv2 Version : 0.24-4.1+deb8u2 CVE ID : CVE-2018-10958 CVE-2018-10999 CVE-2018-16336 A vulnerability has been discovered in exiv2 CVE-2018-16336, a C++ library and a command line utility to manage image metadata, resulting in remote denial of service heap-based buffer over-read/overflo...

[SECURITY] [DLA 1550-1] drupal7 security update

Package : drupal7 Version : 7.32-1+deb8u13 Debian Bugs : 911336 911337 It was discovered that there was a remote code execution and an external URL injection vulnerability in the Drupal content management framework. For more information, please see: https://www.drupal.org/sa-core-2018-006 For...

[SECURITY] [DSA 4323-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4323-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1548-1] libssh security update

Package : libssh Version : 0.6.3-4+deb8u3 CVE ID : CVE-2018-10933 Debian Bug : 911149 Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully...

[SECURITY] [DLA 1549-1] xen security update

Package : xen Version : 4.4.4lts2-0+deb8u1 CVE ID : CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15597 CVE-2017-17046 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2018-10471 CVE-2018-10982 Multiple vulnerabilities have been...

[SECURITY] [DSA 4322-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4322-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4321-1] graphicsmagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4321-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4320-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4320-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1547-1] libpdfbox-java security update

Package : libpdfbox-java Version : 1:1.8.7+dfsg-1+deb8u2 CVE ID : CVE-2018-11797 Debian Bug : 910390 It was discovered that there was a denial-of-service vulnerability in libpdfbox-java, a PDF library for Java. A malicious PDF file could have triggered an extremely long running computation when...

[SECURITY] [DLA 1546-1] moin security update

Package : moin Version : 1.9.8-1+deb8u2 CVE ID : CVE-2017-5934 Debian Bug : 910776 Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editors link dialogue. This only affects...

[SECURITY] [DSA 4319-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4319-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1545-1] tomcat8 security update

Package : tomcat8 Version : 8.0.14-1+deb8u14 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory e.g. redirecting to /foo/ when the user requested /foo a specially crafted URL could be used to cause the redirect to be generated to any...

[SECURITY] [DSA 4318-1] moin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4318-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4318-1] moin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4318-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1544-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.91-1 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory e.g. redirecting to /foo/ when the user requested /foo a specially crafted URL could be used to cause the redirect to be generated ...

[SECURITY] [DSA 4317-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4317-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 14, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4316-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4316-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4315-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4315-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 12, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4314-1] net-snmp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4314-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4314-1] net-snmp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4314-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1542-1] dnsruby update

Package : dnsruby Version : 1.54-2+deb8u1 Debian Bug : 908887 dnsruby is a feature-complete DNSSEC client for Ruby. It ships the DNS Root Key Signing Key KSK, used as trust anchor to validate the authenticity of DNS records. This update includes the latest KSK KSK-2017, that will be used by ICANN...

[SECURITY] [DSA 4313-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4313-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4312-1] tinc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4312-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4312-1] tinc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4312-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4311-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...