14348 matches found
[SECURITY] [DLA 1193-1] roundcube security update
Package : roundcube Version : 0.7.2-9+deb7u9 CVE ID : CVE-2017-16651 A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. CVE-2017-16651 An authenticated attacker can take advantage of this flaw to read roundcubes configuration fil...
[SECURITY] [DSA 4049-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4049-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 27, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1192-1] libofx security update
Package : libofx Version : 1:0.9.4-2.1+deb7u1 CVE ID : CVE-2017-2816 CVE-2017-14731 CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on t...
[SECURITY] [DLA 1191-1] python-werkzeug security update
Package : python-werkzeug Version : 0.8.3+dfsg-1+deb7u1 CVE ID : CVE-2016-10516 A security issue that allows XSS on the Werkzeug debugger allows remote attackers to inject arbitrary stuff via a field that contains an exception message. For Debian 7 "Wheezy", these problems have been fixed in...
[SECURITY] [DLA 1190-1] python2.6 security update
Package : python2.6 Version : 2.6.8-1.1+deb7u1 CVE ID : CVE-2017-1000158 A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython the reference implementation of Python also commonly known as simply Python...
[SECURITY] [DLA 1189-1] python2.7 security update
Package : python2.7 Version : 2.7.3-6+deb7u4 CVE ID : CVE-2017-1000158 A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython the reference implementation of Python also commonly known as simply Python version...
[SECURITY] [DSA 4048-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4048-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4047-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4047-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1188-1] libxml2 security update
Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy10 CVE ID : CVE-2017-5130 Pranjal Jumde @pjumde reported an heap overflow in memory debug code of libxml2. For Debian 7 "Wheezy", these problems have been fixed in version 2.8.0+dfsg1-7+wheezy10. We recommend that you upgrade your libxml2 packages...
[SECURITY] [DLA 1187-1] openjdk-7 security update
Package : openjdk-7 Version : 7u151-2.6.11-2deb7u2 CVE ID : CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Several vulnerabilities hav...
[SECURITY] [DLA 1186-1] xorg-server security update
Package : xorg-server Version : 2:1.12.4-6+deb7u8 CVE ID : CVE-2017-2624 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12180 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12187 CVE-2017-13723 Several vulnerabilities have been discovered in the X.Org X server. An...
[SECURITY] [DLA 1185-1] sam2p security update
Package : sam2p Version : 0.49.1-1+deb7u2 CVE ID : CVE-2017-16663 It was discovered that sam2p, a utility to convert raster images and other image formats, was affected by an integer overflow vulnerability with resultant heap-based buffer overflow in input-bmp.ci because width and height...
[SECURITY] [DSA 4046-1] libspring-ldap-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4046-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4045-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4045-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1184-1] optipng security update
Package : optipng Version : 0.6.4-1+deb7u3 CVE ID : CVE-2017-1000229 Debian Bug : 882032 An integer overflow vulnerability was found in optipng, an advanced PNG optimizer that also recognizes other external file formats. This may lead to arbitrary code execution when a maliciously crafted TIFF fi...
[SECURITY] [DSA 4044-1] swauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4044-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4043-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4043-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1183-1] samba security update
Package : samba Version : 2:3.6.6-6+deb7u15 CVE ID : CVE-2017-15275 Volker Lendecke of SerNet and the Samba team discovered that Samba, a SMB/CIFS file, print, and login server for Unix, is prone to a heap memory information leak, where server allocated heap memory may be returned to the client...
[SECURITY] [DLA 1182-1] ldns security update
Package : ldns Version : 1.6.13-1+deb7u2 CVE ID : CVE-2017-1000231 Debian Bug : 882015 A security vulnerability has been discovered in ldns, a library and collection of utilities for DNS programming. CVE-2017-1000231 The generic parser contained a double-free vulnerability which resulted in an...
[SECURITY] [DLA 1181-1] xen security update
Package : xen Version : 4.1.6.lts1-10 CVE ID : CVE-2017-15588 CVE-2017-15589 CVE-2017-15592 CVE-2017-15593 CVE-2017-15595 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-15588 Jann Horn discovered a race condition that can cause a stale TLB entry which might result i...
[SECURITY] [DLA 1180-1] libspring-ldap-java security update
Package : libspring-ldap-java Version : 1.3.1.RELEASE-4+deb7u1 CVE ID : CVE-2017-8028 Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with...
[SECURITY] [DSA 4042-1] libxml-libxml-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4042-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4042-1] libxml-libxml-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4042-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4041-1] procmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4041-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4041-1] procmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4041-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1179-1] shibboleth-sp2 security update
Package : shibboleth-sp2 Version : 2.4.3+dfsg-5+deb7u2 CVE ID : CVE-2017-16852 Debian Bug : 881857 Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the...
[SECURITY] [DLA 1178-1] opensaml2 security update
Package : opensaml2 Version : 2.4.3-4+deb7u2 CVE ID : CVE-2017-16853 Debian Bug : 881856 Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting...
[SECURITY] [DLA 1177-1] poppler security update
Package : poppler Version : 0.18.4-6+deb7u4 CVE ID : CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 Debian Bug : 879066 877952 877954 877957 It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service application crash, null pointer dereferences...
[SECURITY] [DLA 1176-1] ming security update
Package : ming Version : 1:0.4.4-1.1+deb7u5 CVE ID : CVE-2017-9988 CVE-2017-9989 CVE-2017-11733 Multiple vulnerabilities have been discovered in Ming: CVE-2017-9988 NULL pointer dereference in the readEncUInt30 function util/read.c in Ming = 0.4.8, which allows attackers to cause a denial of...
[SECURITY] [DLA 1175-1] lynx-cur security update
Package : lynx-cur Version : 2.8.8dev.12-2+deb7u2 CVE ID : CVE-2017-1000211 It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure. For Debian 7 "Wheezy", this issue has bee...
[SECURITY] [DLA 1174-1] konversation security update
Package : konversation Version : 1.4-1+deb7u2 CVE ID : CVE-2017-15923 Debian Bug : 881586 It was discovered that there was a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes. For Debian 7 "Wheezy", this issue has been fixed in konversatio...
[SECURITY] [DLA 1173-1] procmail security update
Package : procmail Version : 3.22-20+deb7u2 CVE ID : CVE-2017-16844 Debian Bug : 876511 It was discovered that there was a heap-based buffer overflow in procmail, a tool used to sort incoming mail into various directories and filter out spam messages. For Debian 7 "Wheezy", this issue has been...
[SECURITY] [DSA 4040-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4040-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4039-1] opensaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4039-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4039-1] opensaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4039-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4038-1] shibboleth-sp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4038-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4038-1] shibboleth-sp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4038-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4037-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4037-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1172-1] firefox-esr security update
Package : firefox-esr Version : 52.5.0esr-1deb7u1 CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary...
[SECURITY] [DSA 4036-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4036-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4035-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4034-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4034-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4034-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4034-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1171-1] libxml-libxml-perl security update
Package : libxml-libxml-perl Version : 2.0001+dfsg-1+deb7u2 CVE ID : CVE-2017-10672 Debian Bug : 866676 The XML::LibXML perl module is affected by a "use-after-free" vulnerability which allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. For Debi...
[SECURITY] [DLA 1170-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.16-1.1+deb7u15 CVE ID : CVE-2017-13134 CVE-2017-16547 Debian Bug : 881524 Security vulnerabilities have been identified in graphicsmagick, a collection of image processing utilities and libraries. CVE-2017-13134 Graphicsmagick was vulnerable to a heap-based...
[SECURITY] [DSA 4033-1] konversation security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4033-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4033-1] konversation security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4033-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1151-2] wordpress regression update
Package : wordpress Version : 3.6.1+dfsg-1deb7u19 Debian Bug : 881088 The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed a...
[SECURITY] [DSA 4032-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4032-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2017 https://www.debian.org/security/faq -...