14345 matches found
[SECURITY] [DLA 1351-1] qemu security update
Package : qemu Version : 1.1.2+dfsg-6+deb7u25 CVE ID : CVE-2018-7550 Debian Bug : 892041 The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which...
[SECURITY] [DLA 1350-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u25 CVE ID : CVE-2018-7550 Debian Bug : 892041 The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, whi...
[SECURITY] [DSA 4174-1] corosync security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4174-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4174-1] corosync security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4174-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 17, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1349-1] linux-tools security update
Package : linux-tools Version : 3.2.101-1 Debian Bug : 693667 696957 708994 This update doesnt fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 Spectre variant 2. This update also includes bug fixes from t...
[SECURITY] [DSA 4173-1] r-cran-readxl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4173-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1348-1] patch security update
Package : patch Version : 2.6.1-3+deb7u1 CVE ID : CVE-2018-1000156 Debian Bug : 894993 It was discovered that there was an input validation vulnerability in the patch1 utility where an ed1 script embedded in a regular input file could result in arbitrary code execution. This was reported by Rache...
[SECURITY] [DLA 1344-1] squirrelmail security update
Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb7u2 CVE ID : CVE-2018-8741 Debian Bug : 893202 Florian Grunow and Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrar...
[SECURITY] [DLA 1347-1] tiff3 security update
Package : tiff3 Version : 3.9.6-11+deb7u10 CVE ID : CVE-2018-7456 Debian Bug : 891288 A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function tifprint.c when using the tiffinfo tool to print crafted TIFF information. This vulnerability could be leveraged by remote attackers t...
[SECURITY] [DLA 1346-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u19 CVE ID : CVE-2018-7456 Debian Bug : 891288 A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function tifprint.c when using the tiffinfo tool to print crafted TIFF information. This vulnerability could be leveraged by remote attackers to...
[SECURITY] [DLA 1345-1] perl security update
Package : perl Version : 5.14.2-21+deb7u6 CVE ID : CVE-2018-6913 GwanYeong Kim reported that pack could cause a heap buffer write overflow with a large item count. For Debian 7 "Wheezy", these problems have been fixed in version 5.14.2-21+deb7u6. We recommend that you upgrade your perl packages...
[SECURITY] [DSA 4172-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4172-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 14, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4172-1] perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4172-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 14, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4171-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4171-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4079-2] poppler regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4079-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4079-2] poppler regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4079-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4169-1] pcs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4169-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez April 11, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4170-1] pjproject security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4170-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 09, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1343-1] ming security update
Package : ming Version : 0.4.4-1.1+deb7u8 CVE ID : CVE-2018-6358 CVE-2018-7867 CVE-2018-7868 CVE-2018-7870 CVE-2018-7871 CVE-2018-7872 CVE-2018-7875 CVE-2018-9165 Multiple vulnerabilities have been discovered in Ming: CVE-2018-6358 Heap-based buffer overflow vulnerability in the printDefineFont2...
[SECURITY] [DLA 1342-1] ldap-account-manager security update
Package : ldap-account-manager Version : 3.7-2+deb7u1 CVE ID : CVE-2018-8763 Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting XSS vulnerability might allow an attacker to execute JavaScri...
[SECURITY] [DLA 1283-2] python-crypto security update
Package : python-crypto Version : 2.6-4+deb7u8 This is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the issue described in CVE-2018-6594 is fixed. It turns out that the fix is partial and upstream has decided not to fix the issue as it would break compatibility and that ElGamal...
[SECURITY] [DSA 4168-1] squirrelmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4168-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4168-1] squirrelmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4168-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1341-1] sdl-image1.2 security update
Package : sdl-image1.2 Version : 1.2.12-2+deb7u2 CVE ID : CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 Lilith of Cisco Talos discovered several buffer overflow vulnerabilities in the SDL Image library which can be leveraged by attackers to execute...
[SECURITY] [DLA 1340-1] sam2p security update
Package : sam2p Version : 0.49.1-1+deb7u3 CVE ID : CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554 Multiple invalid frees and buffer-overflow vulnerabilities were discovered in sam2p, a utility to convert raster images and other image formats, that may lead to a...
[SECURITY] [DSA 4167-1] sharutils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4167-1 [email protected] https://www.debian.org/security/ Luciano Bello April 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4167-1] sharutils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4167-1 [email protected] https://www.debian.org/security/ Luciano Bello April 05, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4166-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4166-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4165-1] ldap-account-manager security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4165-1 [email protected] https://www.debian.org/security/ Luciano Bello April 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4165-1] ldap-account-manager security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4165-1 [email protected] https://www.debian.org/security/ Luciano Bello April 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1339-1] openjdk-7 security update
Package : openjdk-7 Version : 7u171-2.6.13-1deb7u1 CVE ID : CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 Debian Bug : 891330 Several vulnerabiliti...
[SECURITY] [DSA 4164-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4164-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4164-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4164-1 [email protected] https://www.debian.org/security/ Stefan Fritsch April 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1338-1] beep security update
Package : beep Version : 1.3-3+deb7u1 CVE ID : CVE-2018-0492 Debian Bug : 894667 It was discovered that there was a local privilege escalation vulnerability in beep, an "advanced PC speaker beeper". For Debian 7 "Wheezy", this issue has been fixed in beep version 1.3-3+deb7u1. We recommend that y...
[SECURITY] [DLA 1337-1] jruby security update
Package : jruby Version : 1.5.6-5+deb7u1 CVE ID : CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language. CVE-2018-1000075 ...
[SECURITY] [DSA 4163-1] beep security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4163-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4162-1] irssi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4162-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1336-1] rubygems security update
Package : rubygems Version : 1.8.24-1+deb7u2 CVE ID : CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 Multiple vulnerabilities were found in rubygems, a package management framework for Ruby. CVE-2018-1000075 A negative size vulnerability in ruby gem package tar header that...
[SECURITY] [DSA 4161-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4161-1 [email protected] https://www.debian.org/security/ Luciano Bello April 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4161-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4161-1 [email protected] https://www.debian.org/security/ Luciano Bello April 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4160-1] libevt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4160-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4159-1] remctl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4159-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1335-1] zsh security update
Package : zsh Version : 4.3.17-1+deb7u2 CVE ID : CVE-2018-1071 CVE-2018-1083 Debian Bug : 894044 894043 Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of...
[SECURITY] [DLA 1334-1] mosquitto security update
Package : mosquitto Version : 0.15-2+deb7u3 CVE ID : CVE-2017-7651 CVE-2017-7652 CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption. CVE-2017-7652 In case all sockets/file descriptors are exhausted, a SIGHUP signal to reload the...
[SECURITY] [DLA 1333-1] dovecot security update
Package : dovecot Version : 1:2.1.7-7+deb7u2 CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco...
[SECURITY] [DLA 1332-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg-1+deb7u3 CVE ID : CVE-2018-7225 Debian Bug : 894045 libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer...
[SECURITY] [DLA 1331-1] mercurial security update
Package : mercurial Version : 2.2.2-4+deb7u7 CVE ID : CVE-2018-1000132 Debian Bug : 892964 Mercurial version 4.5 and earlier contains a Incorrect Access Control CWE-285 vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network...
[SECURITY] [DLA 1330-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb7u4 CVE ID : CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory:...
[SECURITY] [DLA 1328-1] xerces-c security update
Package : xerces-c Version : 3.1.1-3+deb7u5 CVE ID : CVE-2017-12627 Debian Bug : 894050 Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while...