14343 matches found
[SECURITY] [DSA 4263-1] cgit security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4263-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4262-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4262-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4261-1] vim-syntastic security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4261-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1445-3] busybox regression update
Package : busybox Version : 1:1.22.0-9+deb8u4 It was found that the security update of busybox announced as DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking attack, was too strict in case of cpio archives. This update restores the old behavior. For Debian 8 "Jessie", this...
[SECURITY] [DLA 1456-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u4 CVE ID : CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777...
[SECURITY] [DSA 4260-1] libmspack security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4260-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4260-1] libmspack security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4260-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1455-1] mutt security update
Package : mutt Version : 1.5.23-3+deb8u1 CVE ID : CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 Debian Bug : 904051...
[SECURITY] [DLA 1445-2] busybox regression update
Package : busybox Version : 1:1.22.0-9+deb8u3 The security update of busybox announced as DLA-1445-1 introduced a regression due to an incomplete fix for CVE-2015-9261. It was no longer possible to decompress gzip archives which exceeded a certain file size. For Debian 8 "Jessie", this problem ha...
[SECURITY] [DSA 4259-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4259-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 31, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1454-1] network-manager-vpnc security update
Package : network-manager-vpnc Version : 0.9.10.0-1+deb8u1 CVE ID : CVE-2018-10900 Debian Bug : 904255 Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to...
[SECURITY] [DLA 1453-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.90-1 CVE ID : CVE-2018-8034 The host name verification in Tomcat when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 "Jessie", this problem has been fixed in version 7.0.56-3+really7.0.90-1. We recommend...
[SECURITY] [DLA 1452-1] wordpress security update
Package : wordpress Version : 4.1+dfsg-1+deb8u18 CVE ID : CVE-2016-5836 CVE-2018-12895 Debian Bug : 902876 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-5836 The oEmbed protocol...
[SECURITY] [DSA 4258-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4258-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 29, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1451-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u15 CVE ID : CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14368 CVE-2018-14369 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14368 CVE-2018-14369 Due to several flaws...
[SECURITY] [DLA 1450-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u12 CVE ID : CVE-2018-1304 CVE-2018-1305 Debian Bug : 802312 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of "" the empty string which exactly maps to the context root was not...
[SECURITY] [DSA 4257-1] fuse security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4257-1] fuse security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1449-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u9 CVE ID : CVE-2018-0732 CVE-2018-0737 Debian Bug : 895844 Two issues were discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2018-0732 Denial of service by a malicious server that sends a very large prime value to the client during TLS handshak...
[SECURITY] [DLA-1448-1] policykit-1 security update
Package : policykit-1 Version : 0.105-15deb8u3 CVE ID : CVE-2018-1116 Debian Bug : 903563 It was discovered that there was a denial of service vulnerability in policykit-1, a framework for managing administrative policies and privileges. For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DLA 1414-2] mercurial regression update
Package : mercurial Version : 3.1.2-2+deb8u6 CVE ID : CVE-2017-17458 The fix for arbitrary code execution documented in CVE-2017-17458 was incomplete in the previous upload. A more exhaustive change was implemented upstream and completely disables non-Mercurial subrepositories unless users change...
[SECURITY] [DLA 1447-1] libidn security update
Package : libidn Version : 1.29-1+deb8u3 CVE ID : CVE-2017-14062 Debian Bug : 873903 An integer overflow vulnerability was discovered in libidn, the GNU library for Internationalized Domain Names IDNs, in its Punycode handling a Unicode characters to ASCII encoding allowing a remote attacker to...
[SECURITY] [DLA 1442-2] mailman regression update
Package : mailman Version : 1:2.1.18-2+deb8u4 Debian Bug : 904680 The security update of mailman announced as DLA-1442-1 introduced a regression due to an incomplete fix for CVE-2018-13796 that broke the admin and listinfo overview pages. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DSA 4256-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4256-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 26, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4256-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4256-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 26, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1446-1] intel-microcode security update
Package : intel-microcode Version : 3.20180703.2deb8u1 CVE ID : CVE-2018-3639 CVE-2018-3640 Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with...
[SECURITY] [DLA 1445-1] busybox security update
Package : busybox Version : 1:1.22.0-9+deb8u2 CVE ID : CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517 Debian Bug : 902724 882258 879732 818497 818499 803097 802702 Busybox, utility programs for small and embedded systems, was...
[SECURITY] [DLA 1444-1] vim-syntastic security update
Package : vim-syntastic Version : 3.5.0-1+deb8u1 CVE ID : CVE-2018-11319 CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 "Jessie", this problem has been fixed in version 3.5.0-1+deb8u1...
[SECURITY] [DLA 1443-1] evolution-data-server security update
Package : evolution-data-server Version : 3.12.9git20141128.5242b0-2+deb8u4 CVE IDs : CVE-2016-10727 It was discovered that there was a protocol implementation error in evolution-data-server where "STARTTLS not supported" errors from IMAP servers were ignored leading to the use of insecure...
[SECURITY] [DLA 1442-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u3 CVE ID : CVE-2018-0618 CVE-2018-13796 Debian Bug : 903674 Two flaws were discovered in mailman, a web-based mailing list manager. CVE-2018-0618 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman is prone to a cross-si...
[SECURITY] [DLA 1441-1] sympa security update
Package : sympa Version : 6.1.23dfsg-2+deb8u2 CVE ID : CVE-2018-1000550 A vulnerability has been discovered in Sympa, a modern mailing list manager, that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the...
[SECURITY] [DLA 1440-1] libarchive-zip-perl security update
Package : libarchive-zip-perl Version : 1.39-1+deb8u1 CVE ID : CVE-2018-10860 Debian Bug : 902882 The libarchive-zip-perl package is vulnerable to a directory traversal attack in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An...
[SECURITY] [DLA 1439-1] resiprocate security update
Package : resiprocate Version : 1:1.9.7-5+deb8u1 CVE ID : CVE-2017-11521 CVE-2018-12584 CVE-2018-12584 A flaw in function ConnectionBase::preparseNewBytes of resip/stack/ConnectionBase.cxx has been detected, that allows remote attackers to cause a denial of service buffer overflow or possibly...
[SECURITY] [DSA 4255-1] ant security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4255-1] ant security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4254-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4254-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4254-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4254-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4253-1] network-manager-vpnc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4253-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4253-1] network-manager-vpnc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4253-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1438-1] opencv security update
Package : opencv Version : 2.4.9.1+dfsg-1+deb8u2 CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268...
[SECURITY] [DLA 1437-1] slurm-llnl security update
Package : slurm-llnl Version : 14.03.9-5+deb8u3 CVE ID : CVE-2018-7033 CVE-2018-10995 CVE-2018-7033 Fix for issue in accountingstorage/mysql plugin by always escaping strings within the slurmdbd. CVE-2018-10995 Fix for mishandling of user names aka username fields and group ids aka gid fields. Fo...
[SECURITY] [DLA 1436-1] gosa security update
Package : gosa Version : 2.7.4+reloaded2-1+deb8u3 CVE ID : CVE-2018-1000528 Debian Bug : 902723 Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. For Debian 8 "Jessie", this problem has been fixed in versio...
[SECURITY] [DLA 1435-1] dnsmasq regression update
Package : dnsmasq Version : 2.72-3+deb8u3 Debian Bug : 860064 The dns-root-data update to 2017072601deb8u2 broke dnsmasqs init script, making dnsmasq no longer start when dns-root-data was installed. This update fixes dnsmasqs parsing of dns-root-data. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 1434-1] linux-base update
Package : linux-base Version : 4.5deb8u1 Debian Bug : 702482 761614 The linux-base package has been updated to support the package of Linux 4.9 that was recently added to Debian 8. This resolves a dependency that was not satisfiable by the jessie and jessie-security suites. This update also fixes...
[SECURITY] [DLA 1433-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u4 CVE ID : CVE-2015-1239 CVE-2016-5139 CVE-2015-1239 Fix for denial of service process crash via a crafted PDF. CVE-2016-5139 Fix for integer overflows, allowing a denial of service heap-based buffer overflow or possibly have unspecified other impact via...
[SECURITY] [DLA 1432-1] gpac security update
Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u1 CVE ID : CVE-2018-13005 CVE-2018-13006 Debian Bug : 902782 Two heap buffer over read conditions were found in gpac. CVE-2018-13005 Due to an error in a while loop condition, the function urnRead in isomedia/boxcodebase.c has a heap-based buffer...
[SECURITY] [DLA 1431-1] ant security update
Package : ant Version : 1.9.4-3+deb8u1 CVE ID : CVE-2018-10886 unzip and untar target tasks in ant allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant...
[SECURITY] [DSA 4252-1] znc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4252-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4251-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4251-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1430-1] taglib security update
Package : taglib Version : 1.9.1-2.1+deb8u1 CVE ID : CVE-2018-11439 CVE-2018-11439 Fix for a heap-based buffer over-read via a crafted audio file. For Debian 8 "Jessie", these problems have been fixed in version 1.9.1-2.1+deb8u1. We recommend that you upgrade your taglib packages. Further...