14409 matches found
[SECURITY] [DLA 1547-1] libpdfbox-java security update
Package : libpdfbox-java Version : 1:1.8.7+dfsg-1+deb8u2 CVE ID : CVE-2018-11797 Debian Bug : 910390 It was discovered that there was a denial-of-service vulnerability in libpdfbox-java, a PDF library for Java. A malicious PDF file could have triggered an extremely long running computation when...
[SECURITY] [DLA 1546-1] moin security update
Package : moin Version : 1.9.8-1+deb8u2 CVE ID : CVE-2017-5934 Debian Bug : 910776 Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editors link dialogue. This only affects...
[SECURITY] [DSA 4319-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4319-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4319-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1545-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u14 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory e.g. redirecting to /foo/ when the user requested /foo a specially crafted URL could be used to cause the redirect to be generated to any...
[SECURITY] [DSA 4318-1] moin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4318-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4318-1] moin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4318-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1544-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.91-1 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory e.g. redirecting to /foo/ when the user requested /foo a specially crafted URL could be used to cause the redirect to be generated ...
[SECURITY] [DSA 4317-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4317-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 14, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4316-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4316-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 12, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4315-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4315-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 12, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4314-1] net-snmp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4314-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4314-1] net-snmp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4314-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1542-1] dnsruby update
Package : dnsruby Version : 1.54-2+deb8u1 Debian Bug : 908887 dnsruby is a feature-complete DNSSEC client for Ruby. It ships the DNS Root Key Signing Key KSK, used as trust anchor to validate the authenticity of DNS records. This update includes the latest KSK KSK-2017, that will be used by ICANN...
[SECURITY] [DSA 4313-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4313-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4312-1] tinc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4312-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4312-1] tinc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4312-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4311-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4311-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1531-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.110-3+deb9u5deb8u1 CVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276...
[SECURITY] [DSA 4310-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4310-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4310-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4310-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1530-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u14 CVE ID : CVE-2018-16412 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to caus...
[SECURITY] [DLA 1528-1] strongswan security update
Package : strongswan Version : 5.2.1-6+deb8u8 CVE ID : CVE-2018-17540 It was discovered that there was a denial-of-service vulnerability in strongswan, a virtual private network VPN client and server. Verification of an RSA signature with a very short public key caused an integer underflow in a...
[SECURITY] [DSA 4309-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4309-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4308-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4308-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1527-2] ghostscript regression update
Package : ghostscript Version : 9.06dfsg-2+deb8u10 Debian Bug : 909999 Berkeley Roshan Churchill reported a regression for the recent security update for ghostscript, announced as DLA-1527-1, caused by an incomplete fix for CVE-2018-16543. The pdf2ps tool failed to produce any output and aborted...
[SECURITY] [DLA 1527-1] ghostscript security update
Package : ghostscript Version : 9.06dfsg-2+deb8u9 CVE ID : CVE-2018-16543 CVE-2018-17183 Debian Bug : 908303 Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the executio...
[SECURITY] [DLA 1526-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u3 CVE ID : CVE-2018-14624 It was discovered that the emergency logging system in 389-ds-base the 389 Directory Server is affected by a race condition caused by the invalidation of the concurrently used log file file descriptor without proper locking...
[SECURITY] [DLA 1525-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u3 CVE ID : CVE-2017-7653 CVE-2017-7654 CVE-2017-9868 CVE-2017-7653 As invalid UTF-8 strings are not correctly checked, an attacker could cause a denial of service to other clients by disconnecting them from the broker with special crafted topics...
[SECURITY] [DSA 4307-1] python3.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4307-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4306-1] python2.7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4306-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1524-1] libxml2 security update
Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u7 CVE ID : CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567 CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling...
[SECURITY] [DLA 1523-1] asterisk security update
Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...
[SECURITY] [DLA 1521-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u6 CVE ID : CVE-2018-16586 CVE-2018-16587 Fabien Arnoux discovered several security issues in email validation of otrs system. CVE-2018-16586 Load external image or CSS resources in browser when user opens a malicious email. CVE-2018-16587 Remote deletions o...
[SECURITY] [DLA 1522-1] strongswan security update
Package : strongswan Version : 5.2.1-6+deb8u7 CVE ID : CVE-2018-16151 CVE-2018-16152 Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite. CVE-2018-16151 The OID parser in the ASN.1 code in g...
[SECURITY] [DLA 1520-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u1 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...
[SECURITY] [DLA 1519-1] python2.7 security update
Package : python2.7 Version : 2.7.9-2+deb8u2 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...
[SECURITY] [DLA 1518-1] polarssl security update
Package : polarssl Version : 1.3.9-2.1+deb8u4 CVE ID : CVE-2013-0169 CVE-2018-0497 CVE-2018-0498 CVE-2018-9988 CVE-2018-9989 Debian Bug : Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library nowadays continued under the name mbedtls which could result in plain...
[SECURITY] [DLA 1517-1] dom4j security update
Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u1 CVE ID : CVE-2018-1000632 Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document...
[SECURITY] [DSA 4305-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4305-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1516-1] okular security update
Package : okular Version : 4:4.14.2-2+deb8u1 CVE ID : CVE-2018-1000801 Joran Herve discovered that the Okular document viewer was susceptible to directory traversal via malformed .okular files annotated document archives, which could result in the creation of arbitrary files. For Debian 8 "Jessie...
[SECURITY] [DSA 4304-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4304-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4303-1] okular security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4303-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4302-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4302-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1515-1] hylafax security update
Package : hylafax Version : 3:6.0.6-6+deb8u1 CVE ID : CVE-2018-17141 Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message. For Debian 8 "Jessie",...
[SECURITY] [DSA 4301-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2018 https://www.debian.org/security/faq -...