14409 matches found
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4335-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4335-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1572-1] nginx security update
Package : nginx Version : 1.6.2-5+deb8u6 CVE ID : CVE-2018-16845 Debian Bug : 913090 It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when...
[SECURITY] [DLA 1569-2] libdatetime-timezone-perl regression update
From: Emilio Pozuelo Monfort [email protected] To: [email protected] Subject: SECURITY DLA 1569-2 libdatetime-timezone-perl regression update Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g.1 The previous update of libdatetime-timezone-perl to tzdata version 2018g w...
[SECURITY] [DLA 1571-1] firefox-esr security update
Package : firefox-esr Version : 60.3.0esr-1deb8u1 CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code,...
[SECURITY] [DLA 1570-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.37-0+deb8u1 CVE ID : CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.37. Please s...
[SECURITY] [DLA 1569-1] libdatetime-timezone-perl new upstream release
Package : libdatetime-timezone-perl Version : 1:1.75-2+2018g This update includes the changes in tzdata 2018g for the Perl bindings. For the list of changes, see DLA-1363-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2018g. We recommend that you upgrade your...
[SECURITY] [DLA 1568-1] curl security update
Package : curl Version : 7.38.0-4+deb8u13 CVE ID : CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839 CVE-2018-16842 Debian Bug : 848958 837945 836918 Several vulnerabilities were discovered in cURL, an URL transfer library. CVE-2016-7141 When built with NSS and the libnsspem.so library is...
[SECURITY] [DLA 1566-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.62-0+deb8u1 CVE ID : CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MyS...
[SECURITY] [DLA 1565-1] glusterfs security update
Package : glusterfs Version : 3.5.2-2+deb8u5 CVE ID : CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14659 CVE-2018-14661 Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure,...
[SECURITY] [DLA 1567-1] gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u1 CVE ID : CVE-2018-18718 Debian Bug : 912290 CVE-2018-18718 - CWE-415: Double Free The product calls free twice on the same memory address, potentially leading to modification of unexpected memory locations. There is a suspected double-free bug with...
[SECURITY] [DSA 4334-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4334-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4333-1] icecast2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4331-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4331-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4330-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4330-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1564-1] mono security update
Package : mono Version : 3.2.8+dfsg-10+deb8u1 CVE ID : CVE-2009-0689 It was found that Mono’s string-to-double parser may crash, on specially crafted input. This could lead to arbitrary code execution. CVE-2018-1002208: Mono embeds the sharplibzip library which is vulnerable to directory traversa...
[SECURITY] [DLA 1563-1] tzdata new upstream version
Package : tzdata Version : 2018g-0+deb8u1 tzdata upstream released version 2018g. Notables changes since 2018e previous version available in jessie include: - Morocco switched to permanent +01 on 2018-10-27. - Volgograd moved from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not...
[SECURITY] [DLA 1562-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u5 CVE ID : CVE-2017-18267 CVE-2018-10768 CVE-2018-13988 CVE-2018-16646 Debian Bug : 898357 909802 Various security issues were discovered in the poppler PDF rendering shared library. CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc i...
[SECURITY] [DLA 1561-1] phpldapadmin security update
Package : phpldapadmin Version : 1.2.2-5.2+deb8u1 CVE ID : CVE-2017-11107 Debian Bug : 867719 It was discovered that there was a cross-site scripting XSS vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 1560-1] gnutls28 security update
Package : gnutls28 Version : 3.3.30-0+deb8u1 CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS...
[SECURITY] [DLA 1559-1] xen security update
Package : xen Version : 4.4.4lts3-0+deb8u1 CVE ID : CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-17044 CVE-2017-17045 CVE-2018-10472 CVE-2018-10981 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations...
[SECURITY] [DLA 1558-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u6 CVE ID : CVE-2018-16395 CVE-2018-16396 CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 "Jessie", these problems have been fixed in...
[SECURITY] [DSA 4329-1] teeworlds security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4329-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4321-2] graphicsmagick update
------------------------------------------------------------------------- Debian Security Advisory DSA-4321-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1557-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u7 CVE ID : CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-17100 An int32 overflow can cause a denial of service application crash or possibly have unspecified other impact via a crafted image file CVE-2018-17101 Out-of-bounds writes can cause a deni...
[SECURITY] [DLA 1556-1] paramiko security update
Package : paramiko Version : 1.15.1-1+deb8u1 CVE ID : CVE-2018-7750 CVE-2018-1000805 CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processi...
[SECURITY] [DLA 1555-1] libmspack security update
Package : libmspack Version : 0.5-1+deb8u3 CVE ID : CVE-2018-18584 CVE-2018-18585 CVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write. CVE-2018-18585 Blank filenames having length zero or their 1st or 2nd...
[SECURITY] [DSA 4328-1] xorg-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4328-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4327-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4327-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4326-1] openjdk-8
------------------------------------------------------------------------- Debian Security Advisory DSA-4326-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1554-2] 389-ds-base regression update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u5 A regression was found in the recent security update for 389-ds-base the 389 Directory Server, announced as DLA-1554-2, caused by an incomplete fix for CVE-2018-14648. The regression caused the server to crash when processing requests with empty...
[SECURITY] [DLA 1554-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u4 CVE ID : CVE-2018-14648 It was discovered that 389-ds-base the 389 Directory Server is vulnerable to search queries with malformed values in the dosearch function servers/slapd/search.c. Attackers could leverage this vulnerability by sending crafte...
[SECURITY] [DSA 4325-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4325-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4325-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4325-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4324-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4324-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1553-1] clamav security update
Package : clamav Version : 0.100.2+dfsg-0+deb8u1 CVE ID : CVE-2018-15378 Debian Bug : 910430 ClamAV is an anti-virus utility for Unix, whose upstream developers have released the version 0.100.2. Installing this new version is required to make use of all current virus signatures and to avoid...
[SECURITY] [DLA 1552-1] ghostscript security update
Package : ghostscript Version : 9.06dfsg-2+deb8u11 CVE ID : CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Debian Bug : 910678 910758 911175 This is a follow-up update for the recently discovered -dSAFER issues reported by Tavis Ormandy. Tavis Ormandy discovered multiple vulnerabilites in...
[SECURITY] [DLA 1551-1] exiv2 security update
Package : exiv2 Version : 0.24-4.1+deb8u2 CVE ID : CVE-2018-10958 CVE-2018-10999 CVE-2018-16336 A vulnerability has been discovered in exiv2 CVE-2018-16336, a C++ library and a command line utility to manage image metadata, resulting in remote denial of service heap-based buffer over-read/overflo...
[SECURITY] [DLA 1550-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u13 Debian Bugs : 911336 911337 It was discovered that there was a remote code execution and an external URL injection vulnerability in the Drupal content management framework. For more information, please see: https://www.drupal.org/sa-core-2018-006 For...
[SECURITY] [DSA 4323-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4323-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1548-1] libssh security update
Package : libssh Version : 0.6.3-4+deb8u3 CVE ID : CVE-2018-10933 Debian Bug : 911149 Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully...
[SECURITY] [DLA 1549-1] xen security update
Package : xen Version : 4.4.4lts2-0+deb8u1 CVE ID : CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15597 CVE-2017-17046 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2018-10471 CVE-2018-10982 Multiple vulnerabilities have been...
[SECURITY] [DSA 4322-1] libssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4322-1] libssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4321-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4321-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4320-1] asterisk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4320-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2018 https://www.debian.org/security/faq -...