14409 matches found
[SECURITY] [DLA 1602-1] nsis security update
Package : nsis Version : 2.46-10+deb8u1 CVE ID : CVE-2015-9267 CVE-2015-9268 Among others, Andre Heinicke from gpg4win.org found several issues of nsis, a tool for creating quick and user friendly installers for Microsoft Windows operating systems. The issues are fixed by ... ... using...
[SECURITY] [DSA 4348-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1601-1] perl security update
Package : perl Version : 5.20.2-3+deb8u12 CVE ID : CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perlmysetenv leading to a heap-based buffer overflow with attacker-controlled input. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1599-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u8 CVE ID : CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-5105 CVE-2016-5106...
[SECURITY] [DLA 1600-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u4 CVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-5601 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Debian Bug : 853278 875960 875974 875966 874539 840934 840935 8616...
[SECURITY] [DSA 4347-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4347-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1562-2] poppler security update
Package : poppler Version : 0.26.5-2+deb8u6 CVE ID : CVE-2018-16646 A regression issue has been resolved in the poppler PDF rendering shared library introduced with version 0.26.5-2+deb8u5. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via...
[SECURITY] [DLA 1598-1] ghostscript security update
Package : ghostscript Version : 9.06dfsg-2+deb8u12 CVE ID : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or th...
[SECURITY] [DSA 4346-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4346-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4346-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4345-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4345-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1597-1] gnuplot security update
Package : gnuplot Version : 4.6.6-2+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow cases whic...
[SECURITY] [DLA-1589-1] keepalived security update
Package : icecast2 Version : 1:1.2.13-1+deb8u1 CVE ID : CVE-2018-19115 Debian Bug : 914393 keepalived has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code...
[SECURITY] [DLA-1588-1] icecast2 security update
Package : icecast2 Version : 2.4.0-1.1+deb8u2 CVE ID : CVE-2018-18820 Debian Bug : 912611 A buffer overflow was discovered in the URL-authentication backend of the icecast2, the popular open source streaming media server. If the backend is enabled, then any malicious HTTP client can send a reques...
[SECURITY] [DLA 1596-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u6 CVE ID : CVE-2018-19132 Debian Bug : 912294 It was discovered that there can be a denial of service DoS vulnerability in squid3 due to a memory leak in SNMP query rejection code when SNMP is enabled. In environments where per-process memory restrictions a...
[SECURITY] [DLA 1595-1] gnuplot5 security update
Package : gnuplot5 Version : 5.0.0rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow...
[SECURITY] [DLA 1594-1] xml-security-c security update
Package : xml-security-c Version : 1.7.2-3+deb8u2 A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification...
[SECURITY] [DSA 4344-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4344-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1593-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u2 CVE ID : CVE-2018-19274 Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar...
[SECURITY] [DLA 1592-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u7 CVE ID : CVE-2018-19141 CVE-2018-19143 Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may...
[SECURITY] [DSA 4343-1] liblivemedia security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4343-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1591-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...
[SECURITY] [DLA 1590-1] openjdk-7 security update
Package : openjdk-7 Version : 7u181-2.6.14-2deb8u1 CVE ID : CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service,...
[SECURITY] [DLA 1587-1] pixman security update
Package : pixman Version : 0.32.6-3+deb8u1 CVE ID : CVE-2015-5297 CVE-2015-5297 Numerical overflow in pointer arithmetic. For Debian 8 "Jessie", this problem has been fixed in version 0.32.6-3+deb8u1. We recommend that you upgrade your pixman packages. Further information about Debian LTS securit...
[SECURITY] [DSA 4339-2] ceph regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4339-2] ceph regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1586-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u10 CVE ID : CVE-2018-0735 CVE-2018-5407 CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA signature generation, which might leak information to recover the private key. CVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley,...
[SECURITY] [DLA 1583-1] jasper security update
Package : jasper Version : 1.900.1-debian1-2.4+deb8u4 CVE ID : CVE-2015-5203 CVE-2015-5221 CVE-2016-8690 CVE-2017-13748 CVE-2017-14132 Several security vulnerabilities were discovered in the JasPer JPEG-2000 library. CVE-2015-5203 Gustavo Grieco discovered an integer overflow vulnerability that...
[SECURITY] [DLA 1585-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...
[SECURITY] [DLA 1584-1] ruby-i18n security update
Package : ruby-i18n Version : 0.6.9-2+deb8u1 CVE ID : CVE-2014-10077 Debian Bug : 913093 It was discovered that there was a remote denial-of-service vulnerability in ruby-i18n, a I18n and localization solution for Ruby. An application crash could be engineering a situation where :somekey is prese...
[SECURITY] [DLA 1582-1] liblivemedia security update
Package : liblivemedia Version : 2014.01.13-1+deb8u1 CVE ID : CVE-2018-4013 A stack based buffer overflow vulnerability was found in liblivemedia, the LIVE555 RTSP server library. This issue might be leveraged by remote attackers to cause code execution, by sending a crafted packet. For Debian 8...
[SECURITY] [DLA 1581-1] uriparser security update
Package : uriparser Version : 0.8.0.1-2+deb8u1 CVE ID : CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 Multiple vulnerabilities have been discovered in uriparser, an Uniform Resource Identifiers URIs parsing library. CVE-2018-19198 UriQuery.c allows an out-of-bounds write via a uriComposeQuery or...
[SECURITY] [DLA 1579-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u5 CVE ID : CVE-2017-17480 CVE-2018-18088 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2017-17480 Write stack buffer overflow due to missing buffer length formatter in fscanf call jp3d and jpwl codecs...
[SECURITY] [DLA 1580-1] systemd security update
Package : systemd Version : 215-17+deb8u8 CVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688 Debian Bug : 912005 912008 systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition...
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4341-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4341-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4340-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4340-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4340-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4340-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4339-1] ceph security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1578-1] spamassassin security update
Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...
[SECURITY] [DLA 1573-1] firmware-nonfree security update
Package : firmware-nonfree Version : 20161130-4deb8u1 CVE ID : CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 Debian Bug : 620066 724970 769633 774914 790061 793544 793874 795303 800090 800440 800820 801514 802970 803920 808792...
[SECURITY] [DLA 1574-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u15 CVE ID : CVE-2018-18025 CVE-2018-18025 Fix for heap-based buffer over-read which can result in a denial of service via a crafted file. For Debian 8 "Jessie", this problem has been fixed in version 8:6.8.9.9-5+deb8u15. We recommend that you upgra...
[SECURITY] [DLA 1577-1] xen security update
Package : xen Version : 4.4.4lts4-0+deb8u1 CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege...
[SECURITY] [DLA 1576-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u1 CVE ID : CVE-2018-16837 Debian Bug : 912297 It was discovered that there was a potential SSH passphrase disclosure vulnerability in the ansible configuration management system, The "User" module leaked data that was passed as a parameter to the...
[SECURITY] [DLA 1575-1] thunderbird security update
Package : thunderbird Version : 1:60.3.0-1deb8u1 CVE ID : CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393...
[SECURITY] [DSA 4338-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4338-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4337-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4337-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2018 https://www.debian.org/security/faq -...