14343 matches found
[SECURITY] [DLA 1424-1] linux-latest-4.9 new package
Package : linux-latest-4.9 Version : 80+deb9u5deb8u1 Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the "jessie-backports" suite. However, "apt full-upgrade" will not automatically install the updat...
[SECURITY] [DLA 1423-1] linux-4.9 new package
Package : linux-4.9 Version : 4.9.110-1deb8u1 CVE ID : CVE-2017-5753 CVE-2017-18255 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-3639 CVE-2018-5814 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880...
[SECURITY] [DSA 4250-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4250-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4250-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4250-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 18, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4249-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4249-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4248-1] blender security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4248-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4247-1] ruby-rack-protection security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4247-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1429-1] sssd security update
Package : sssd Version : 1.11.7-3+deb8u1 CVE ID : CVE-2018-10852 Debian Bug : 902860 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD us...
[SECURITY] [DLA 1428-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u1 CVE ID : CVE-2015-1854 CVE-2017-15134 CVE-2018-1054 CVE-2018-1089 CVE-2018-10850 CVE-2015-1854 A flaw was found while doing authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server cou...
[SECURITY] [DSA 4246-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4246-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4246-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4246-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA-1427-1] znc security update
Package : znc Version : 1.4-2+deb8u1 CVE IDs : CVE-2018-14055 CVE-2018-14056 Debian Bugs : 903787 903788 It was discovered that there were two issues in znc, a modular IRC bouncer: There was insufficient validation of lines coming from the network allowing a non-admin user to escalate his privile...
[SECURITY] [DLA 1422-2] linux security update
Package : linux Version : 3.16.57-2 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 The previous update to linux failed to buil...
[SECURITY] [DLA 1422-1] linux security update
Package : linux Version : 3.16.57-1 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 Several vulnerabilities have been discovere...
[SECURITY] [DSA 4245-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4245-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 14, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1426-1] cups security update
Package : cups Version : 1.7.5-11+deb8u4 CVE ID : CVE-2018-4180 CVE-2018-4181 CVE-2018-6553 Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids: CVE-2018-4180 Dan Bastone of Gotham Digital Science discovere...
[SECURITY] [DLA 1425-1] thunderbird security update
Package : thunderbird Version : 1:52.9.1-1deb8u1 CVE ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 Multiple security issues have been found in Thunderbird, which may lead to...
[SECURITY] [DLA 1421-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...
[SECURITY] [DSA 4244-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4244-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA-1420-1] cinnamon security update
Package : cinnamon Version : 2.2.16-5+deb8u1 CVE ID : CVE-2018-13054 Debian Bug : 903201 It was discovered that there was a symlink attack in the Cinnamon desktop environment. An attacker could overwrite an arbitrary file on the filesystem via a $HOME/.face icon file as the...
[SECURITY] [DLA-1419-1] ruby-sprockets security update
Package : ruby-sprockets Version : 2.12.3-1+deb8u1 CVE IDs : CVE-2018-3760 Debian Bug : 901913 It was discovered that there was a discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker could take advantage of this flaw to read arbitrary files...
[SECURITY] [DSA 4243-1] cups security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4243-1 [email protected] https://www.debian.org/security/ Luciano Bello July 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4243-1] cups security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4243-1 [email protected] https://www.debian.org/security/ Luciano Bello July 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4242-1] ruby-sprockets security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4242-1] ruby-sprockets security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1418-1] bouncycastle security update
Package : bouncycastle Version : 1.49+dfsg-3+deb8u3 CVE ID : CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000345 CVE-2016-1000346 Several security vulnerabilities were found in Bouncy Castle, a Java implementation of cryptographic algorithms...
[SECURITY] [DLA-1417-1] ca-certificates security update
Package : ca-certificates Version : 20141019+deb8u4 Debian Bugs : 858064 858539 867461 894070 There have been a number of updates to the set of Certificate Authority CA certificates that are considered "valid" or otherwise should be trusted. For Debian 8 "Jessie", these issues have been fixed in...
[SECURITY] [DLA 1416-1] libsoup2.4 security update
Package : libsoup2.4 Version : 2.48.0-1+deb8u2 CVE ID : CVE-2018-12910 It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DLA 1415-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u3 CVE ID : CVE-2016-6609 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-9865 CVE-2017-18264 Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration...
[SECURITY] [DLA 1414-1] mercurial security update
Package : mercurial Version : 3.1.2-2+deb8u5 CVE ID : CVE-2017-9462 CVE-2017-17458 CVE-2018-1000132 Debian Bug : 861243 892964 901050 Some security vulnerabilities were found in Mercurial which allow authenticated users to trigger arbitrary code execution and unauthorized data access in certain...
[SECURITY] [DSA 4241-1] libsoup2.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4241-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4240-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1413-1] dokuwiki security update
Package : dokuwiki Version : 0.0.20140505.a+dfsg-4+deb8u1 CVE ID : CVE-2017-18123 Debian Bug : 889281 The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to...
[SECURITY] [DSA 4239-1] gosa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4239-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4238-1] exiv2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4238-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1412-1] cups security update
Package : cups Version : 1.7.5-11+deb8u3 CVE ID : CVE-2017-18190 CVE-2017-18248 Two vulnerabilities affecting the cups printing server were found which can lead to arbitrary IPP command execution and denial of service. CVE-2017-18190 A localhost.localdomain whitelist entry in validhost in...
[SECURITY] [DLA 1411-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u6 CVE ID : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2018-10963 Debian Bug : 869823 898348 890441 891288 893806 Several issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a...
[SECURITY] [DLA 1400-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.56-3+really7.0.88-2 Debian Bug : 902670 The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework. The MANIFEST file of tomcat-jdbc.jar in libtomcat7-java contains an invalid version...
[SECURITY] [DLA 1410-1] python-pysaml2 security update
Package : python-pysaml2 Version : 2.0.0-1+deb8u2 CVE ID : CVE-2017-1000433 Debian Bug : 886423 Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without...
[SECURITY] [DSA 4237-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4237-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 30, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4237-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4237-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 30, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1409-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u2 CVE ID : CVE-2017-7651 CVE-2017-7652 CVE-2017-7651 fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client CVE-2017-7652 in case all sockets/file descriptors are exhausted, this is a fix to avoid default conf...
[SECURITY] [DLA 1408-1] simplesamlphp security update
Package : simplesamlphp Version : 1.13.1-2+deb8u2 CVE ID : CVE-2017-12868 CVE-2017-12872 CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing...
[SECURITY] [DLA 1407-1] mariadb-10.0 security update
Package : mariadb-10.0 Version : 10.0.35-0+deb8u1 CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-281...
[SECURITY] [DLA 1406-1] firefox-esr security update
Package : firefox-esr Version : 52.9.0esr-1deb8u1 CVE ID : CVE-2018-5156 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors...
[SECURITY] [DLA 1405-1] libgcrypt20 security update
Package : libgcrypt20 Version : 1.6.3-2+deb8u5 CVE ID : CVE-2018-0495 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8 "Jessie", these problems have been fixed in version 1.6.3-2+deb8u5. We recommend that you upgrade yo...
[SECURITY] [DLA 1404-1] lava-server security update
Package : lava-server Version : 2014.09.1-1+deb8u1 CVE ID : CVE-2018-12564 CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled...
[SECURITY] [DLA 1403-1] zendframework security update
Package : zendframework Version : 1.12.9+dfsg-2+deb8u7 CVE ID : CVE-2016-4861 CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DLA 1402-1] exiv2 security update
Package : exiv2 Version : 0.24-4.1+deb8u1 CVE ID : CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265 Debian Bug : 901706 901707 Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulti...
[SECURITY] [DLA 1401-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u3 CVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2017-11636 CVE-2017-11643 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13134 CVE-2017-14314...