14348 matches found
[SECURITY] [DLA 1217-1] irssi security update
Package : irssi Version : 0.8.15-5+deb7u4 CVE ID : CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 Debian Bug : 879521 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client, which may lead to denial of service or...
[SECURITY] [DLA 1219-1] enigmail security update
Package : enigmail Version : 2:1.9.9-1deb7u1 CVE ID : CVE-2017-17843 CVE-2017-17844 CVE-2017-17845 CVE-2017-17846 CVE-2017-17847 CVE-2017-17848 Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked...
[SECURITY] [DLA 1218-1] rsync security update
Package : rsync Version : 3.0.9-4+deb7u1 CVE ID : CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 Several vulnerabilities were discovered in rsync, a fast, versatile, remote and local file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. F...
[SECURITY] [DSA 4072-1] bouncycastle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4072-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4071-1] sensible-utils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4071-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1216-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u20 CVE ID : CVE-2017-17091 CVE-2017-17092 CVE-2017-17093 CVE-2017-17094 Debian Bug : 883314 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues...
[SECURITY] [DSA 4070-1] enigmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4070-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1215-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1deb7u3 CVE ID : CVE-2017-17476 Debian Bug : 884801 Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this fla...
[SECURITY] [DLA 1214-1] libreoffice security update
Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u10 CVE ID : CVE-2017-12607 CVE-2017-12608 Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For Debian 7 "Wheezy", these problems have...
[SECURITY] [DSA 4069-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4069-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1213-1] openafs security update
Package : openafs Version : 1.6.1-3+deb7u8 CVE ID : CVE-2017-17432 CVE-2017-17432 It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. For Debian 7 "Wheezy", these problems have been fixed in...
[SECURITY] [DLA 1212-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1deb7u2 CVE ID : CVE-2017-15864 CVE-2017-16664 CVE-2017-16854 CVE-2017-16921 Four vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. For...
[SECURITY] [DLA 1211-1] libxml2 security update
Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy12 CVE ID : CVE-2017-15412 CVE-2017-15412 It was detected that some function calls in the XPath extensions functions could result in memory corruption due to "use after free". For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DSA 4068-1] rsync security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4068-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4067-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4067-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4066-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4066-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4065-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4065-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1210-1] kildclient security update
Package : kildclient Version : 2.11.1-1+deb7u1 CVE ID : CVE-2017-17511 It was discovered that there was a command-injection vulnerability in kildclient, a "MUD" multiplayer real-time virtual world game. For Debian 7 "Wheezy", this issue has been fixed in kildclient version 2.11.1-1+deb7u1. Thanks...
[SECURITY] [DLA 1209-1] sensible-utils security update
Package : sensible-utils Version : 0.0.7+deb7u1 CVE ID : CVE-2017-17512 Debian Bug : 881767 It was discovered that there was a vulnerability in sensible-browser, a utility to start the most suitable web browser based on your environment or configuration. Remote attackers could conduct...
[SECURITY] [DLA 1208-1] reportbug update
Package : reportbug Version : 6.4.4+deb7u2 Debian Bug : 878088 Reportbug, a tool designed to make the reporting of bugs in Debian easier, was further enhanced to automatically detect bug reports for potential regressions caused by a security update. After user confirmation an additional email wit...
[SECURITY] [DLA 1207-1] erlang security update
Package : erlang Version : 15.b.1-dfsg-4+deb7u2 CVE ID : CVE-2017-1000385 An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when exploited, may result in plaintext...
[SECURITY] [DLA 1203-2] xrdp regression update
Package : xrdp Version : 0.5.0-2+deb7u3 A regression was added by the patch introduced in version 0.5.0-2+deb7u2 to fix CVE-2017-16927: xrdp-sesman started to segfault in libscp. For Debian 7 "Wheezy", these problems have been fixed in version 0.5.0-2+deb7u3. We recommend that you upgrade your xr...
[SECURITY] [DLA 1206-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u17 CVE ID : CVE-2017-9935 Debian Bug : 866109 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2pwritepdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an...
[SECURITY] [DSA 4064-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4064-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1205-1] simplesamlphp security update
Package : simplesamlphp Version : 1.9.2-1+deb7u1 CVE ID : CVE-2017-12867 CVE-2017-12868 CVE-2017-12869 CVE-2017-12872 CVE-2017-12873 CVE-2017-12874 The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information...
[SECURITY] [DSA 4063-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4063-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 11, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1204-1] evince security update
Package : evince Version : 3.4.0-3.1+deb7u2 CVE ID : CVE-2017-1000159 It was discovered that there was an arbitrary command injection in the evince PDF viewer. A specially-crafted embedded DVI filename could be exploited to run commands as the current user when "printing" to PDF. For Debian 7...
[SECURITY] [DLA 1203-1] xrdp security update
Package : xrdp Version : 0.5.0-2+deb7u2 CVE ID : CVE-2017-16927 The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly...
[SECURITY] [DLA 1200-1] linux security update
Package : linux Version : 3.2.96-2 CVE ID : CVE-2016-10208 CVE-2017-8824 CVE-2017-8831 CVE-2017-12190 CVE-2017-13080 CVE-2017-14051 CVE-2017-15115 CVE-2017-15265 CVE-2017-15299 CVE-2017-15649 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16532 CVE-2017-16533...
[SECURITY] [DSA 4062-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4062-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4061-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4061-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1202-1] firefox-esr security update
Package : firefox-esr Version : 52.5.2esr-1deb7u1 CVE ID : CVE-2017-7843 It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode. For Debian 7 "Wheezy", these problems...
[SECURITY] [DLA 1201-1] libxcursor security update
Package : libxcursor Version : 1:1.1.13-1+deb7u2 CVE ID : CVE-2017-16612 Debian Bug : 883792 It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code executio...
[SECURITY] [DLA 1199-1] thunderbird security update
Package : thunderbird Version : 1:52.5.0-1deb7u1 CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution o...
[SECURITY] [DSA 4060-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4060-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4059-1] libxcursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4059-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4058-1] optipng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4058-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4057-1] erlang security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4057-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4056-1] nova security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4056-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 07, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4055-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4055-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 07, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1198-1] libextractor security update
Package : libextractor Version : 1:0.6.3-5+deb7u1 CVE ID : CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 Debian Bug : 878314 880016 Leon Zhao discovered several security vulnerabilities in libextractor, a universal library and command-line tool to obtai...
[SECURITY] [DSA 4054-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4054-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1197-1] sox security update
Package : sox Version : 14.4.0-3+deb7u2 CVE ID : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 Debian Bug : 870328 878810 878809 878808 882236 882144 Various security vulnerabilities were discovered in sox, a command line utility to conve...
[SECURITY] [DLA 1196-1] optipng security update
Package : optipng Version : 0.6.4-1+deb7u4 CVE ID : CVE-2017-16938 Debian Bug : 878839 optipng, an advanced PNG Portable Network Graphics optimizer, has been found vulnerable to a buffer overflow which allows remote attackers to cause a denial-of-service attack or other unspecified impact with a...
[SECURITY] [DLA 1195-1] curl security update
Package : curl Version : 7.26.0-1+wheezy23 CVE ID : CVE-2017-8817 CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern,...
[SECURITY] [DLA 1194-1] libxml2 security update
Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy11 CVE ID : CVE-2017-16931 CVE-2017-16932 CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a % character in a DTD name...
[SECURITY] [DSA 4053-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4053-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 30, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4052-1] bzr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4052-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4051-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4051-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4050-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4050-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2017 https://www.debian.org/security/faq -...