14340 matches found
[SECURITY] [DSA 4311-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1531-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.110-3+deb9u5deb8u1 CVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276...
[SECURITY] [DSA 4310-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4310-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4310-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4310-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1530-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u14 CVE ID : CVE-2018-16412 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to caus...
[SECURITY] [DLA 1528-1] strongswan security update
Package : strongswan Version : 5.2.1-6+deb8u8 CVE ID : CVE-2018-17540 It was discovered that there was a denial-of-service vulnerability in strongswan, a virtual private network VPN client and server. Verification of an RSA signature with a very short public key caused an integer underflow in a...
[SECURITY] [DSA 4309-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4309-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4308-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4308-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1527-2] ghostscript regression update
Package : ghostscript Version : 9.06dfsg-2+deb8u10 Debian Bug : 909999 Berkeley Roshan Churchill reported a regression for the recent security update for ghostscript, announced as DLA-1527-1, caused by an incomplete fix for CVE-2018-16543. The pdf2ps tool failed to produce any output and aborted...
[SECURITY] [DLA 1527-1] ghostscript security update
Package : ghostscript Version : 9.06dfsg-2+deb8u9 CVE ID : CVE-2018-16543 CVE-2018-17183 Debian Bug : 908303 Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the executio...
[SECURITY] [DLA 1526-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u3 CVE ID : CVE-2018-14624 It was discovered that the emergency logging system in 389-ds-base the 389 Directory Server is affected by a race condition caused by the invalidation of the concurrently used log file file descriptor without proper locking...
[SECURITY] [DLA 1525-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u3 CVE ID : CVE-2017-7653 CVE-2017-7654 CVE-2017-9868 CVE-2017-7653 As invalid UTF-8 strings are not correctly checked, an attacker could cause a denial of service to other clients by disconnecting them from the broker with special crafted topics...
[SECURITY] [DSA 4307-1] python3.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4307-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4306-1] python2.7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4306-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1524-1] libxml2 security update
Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u7 CVE ID : CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567 CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling...
[SECURITY] [DLA 1523-1] asterisk security update
Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...
[SECURITY] [DLA 1521-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u6 CVE ID : CVE-2018-16586 CVE-2018-16587 Fabien Arnoux discovered several security issues in email validation of otrs system. CVE-2018-16586 Load external image or CSS resources in browser when user opens a malicious email. CVE-2018-16587 Remote deletions o...
[SECURITY] [DLA 1522-1] strongswan security update
Package : strongswan Version : 5.2.1-6+deb8u7 CVE ID : CVE-2018-16151 CVE-2018-16152 Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite. CVE-2018-16151 The OID parser in the ASN.1 code in g...
[SECURITY] [DLA 1520-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u1 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...
[SECURITY] [DLA 1519-1] python2.7 security update
Package : python2.7 Version : 2.7.9-2+deb8u2 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...
[SECURITY] [DLA 1518-1] polarssl security update
Package : polarssl Version : 1.3.9-2.1+deb8u4 CVE ID : CVE-2013-0169 CVE-2018-0497 CVE-2018-0498 CVE-2018-9988 CVE-2018-9989 Debian Bug : Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library nowadays continued under the name mbedtls which could result in plain...
[SECURITY] [DLA 1517-1] dom4j security update
Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u1 CVE ID : CVE-2018-1000632 Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document...
[SECURITY] [DSA 4305-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4305-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1516-1] okular security update
Package : okular Version : 4:4.14.2-2+deb8u1 CVE ID : CVE-2018-1000801 Joran Herve discovered that the Okular document viewer was susceptible to directory traversal via malformed .okular files annotated document archives, which could result in the creation of arbitrary files. For Debian 8 "Jessie...
[SECURITY] [DSA 4304-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4304-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4303-1] okular security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4303-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4302-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4302-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1515-1] hylafax security update
Package : hylafax Version : 3:6.0.6-6+deb8u1 CVE ID : CVE-2018-17141 Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message. For Debian 8 "Jessie",...
[SECURITY] [DSA 4301-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4300-1] libarchive-zip-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4300-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4300-1] libarchive-zip-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4300-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1514-1] texlive-bin security update
Package : texlive-bin Version : 2014.20140926.35254-6+deb8u1 CVE ID : not yet available Nick Roessler from the University of Pennsylvania has found a buffer overflow in texlive-bin, the executables for TexLive, the popular distribution of TeX document production system. This buffer overflow can b...
[SECURITY] [DLA 1513-1] openafs security update
Package : openafs Version : 1.6.9-2+deb8u8 CVE ID : CVE-2018-16947 CVE-2018-16948 CVE-2018-16949 Debian Bug : 908616 Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2018-16947 The backup tape controller process accepts incoming RPCs but does not require...
[SECURITY] [DSA 4299-1] texlive-bin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4299-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 21, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1512-1] sympa security update
Package : sympa Version : 6.1.23dfsg-2+deb8u3 CVE ID : CVE-2018-1000671 Debian Bug : 908165 An Open Redirect vulnerability has been discovered in sympa. The "referer" parameter of the wwsympa.fcgi login action can result in Open redirection and potential Cross Site Scripting via data URIs. This...
[SECURITY] [DSA 4298-1] hylafax security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4298-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1511-1] reportbug update
Package : reportbug Version : 6.6.3+deb8u2 Debian Bug : 878088 Reportbug, a tool designed to make the reporting of bugs in Debian easier, was further enhanced to automatically detect bug reports for potential regressions caused by a security update. After user confirmation an additional email wit...
[SECURITY] [DLA 1510-1] glusterfs security update
Package : glusterfs Version : 3.5.2-2+deb8u4 CVE ID : CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 Debian Bug : 909215 Multiple security vulnerabilities were discovered in...
[SECURITY] [DLA 1509-1] php5 security update
Package : php5 Version : 5.6.38+dfsg-0+deb8u1 CVE ID : CVE-2018-17082 A vulnerability has been discovered in php5, a server-side, HTML-embedded scripting language. The Apache2 component allows XSS via the body of a "Transfer-Encoding: chunked" request because of a defect in request handling. For...
[SECURITY] [DLA 1508-1] suricata security update
Package : suricata Version : 2.0.7-2+deb8u1 CVE ID : CVE-2016-10728 CVE-2016-10728 If an ICMPv4 error packet is received as the first packet on a flow in the toclient direction, it can lead to missed TCP/UDP detection in packets arriving afterwards. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DSA 4297-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4297-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 19, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update
Package : libapache2-mod-perl2 Version : 2.0.91624218-2+deb8u3 CVE ID : CVE-2011-2767 Debian Bug : 644169 Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there ...
[SECURITY] [DLA 1506-1] intel-microcode security update
Package : intel-microcode Version : 3.20180807a.1deb8u1 CVE ID : CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 CVE-2018-3639, CVE-2018-3640, CVE-2017-5715 Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from...
[SECURITY] [DSA 4296-1] mbedtls security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4296-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4295-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4295-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4294-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4294-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4273-2] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4273-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1505-1] zutils security update
Package : zutils Version : 1.3-4+deb8u1 CVE ID : CVE-2018-1000637 Debian Bug : 902936 zutils version prior to version 1.8-pre2 contains a buffer overflow vulnerability in zcat which happened with some input files when the -v, --show-nonprinting option was used or indirectly enabled. This can resu...