14348 matches found
[SECURITY] [DLA 1150-1] wpa security update
Package : wpa Version : 1.0-3+deb7u5 CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys TK, GTK, or IGTK by...
[SECURITY] [DSA 4012-1] libav security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4012-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4011-1] quagga security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4011-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4011-1] quagga security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4011-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4010-1] git-annex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4010-1] git-annex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4009-1] shadowsocks-libev security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4009-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4008-1] wget security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4008-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1149-1] wget security update
Package : wget Version : 1.13.4-3+deb7u5 CVE ID : CVE-2017-13089 CVE-2017-13090 CVE-2017-13089 Fix stack overflow in HTTP protocol handling. CVE-2017-13090 Fix heap overflow in HTTP protocol handling. For Debian 7 "Wheezy", these problems have been fixed in version 1.13.4-3+deb7u5. We recommend...
[SECURITY] [DSA 4007-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4007-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 27, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1148-1] golang security update
Package : golang Version : 2:1.0.2-1.1+deb7u2 CVE ID : CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points...
[SECURITY] [DLA 1144-1] git-annex security update
Package : git-annex Version : 3.20120629+deb7u1 CVE ID : CVE-2017-12976 Debian Bug : 873088 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related...
[SECURITY] [DLA 1147-1] exiv2 security update
Package : exiv2 Version : 0.23-1+deb7u2 CVE ID : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 Debian Bug : 876893 The exiv2 library is vulnerable to multiple issues that can all lead to denial of service of the applications relying on the library to parse images...
[SECURITY] [DLA 1145-1] zoneminder security update
Package : zoneminder Version : 1.25.0-4+deb7u2 CVE ID : CVE-2017-5595 Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability CVE-2017-5595. The application has been found to suffer from many other problems such as SQL injection...
[SECURITY] [DLA 1146-1] mosquitto security update
Package : mosquitto Version : 0.15-2+deb7u2 CVE ID : CVE-2017-9868 Debian Bug : 865959 mosquittos persistence file mosquitto.db was created in a world-readable way thus allowing local users to obtain sensitive MQTT topic information. While the application has been fixed to set proper permissions ...
[SECURITY] [DLA 1143-1] curl security update
Package : curl Version : 7.26.0-1+wheezy22 CVE ID : CVE-2017-1000257 Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 "Wheezy", this problem has been fixed in version...
[SECURITY] [DSA 4006-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4006-1 [email protected] https://www.debian.org/security/ October 24, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 4006-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4006-1 [email protected] https://www.debian.org/security/ October 24, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DLA 1142-1] libav security update
Package : libav Version : 6:0.8.21-0+deb7u1 CVE ID : CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992 Multiple vulnerabilities have been found in libav: CVE-2015-8365 The smkadecodeframe function in libavcodec/smacker.c does not verify that the data size is consistent with the number of...
[SECURITY] [DLA 1133-1] ming security update
Package : ming Version : 1:0.4.4-1.1+deb7u4 CVE ID : CVE-2017-11704 CVE-2017-11728 CVE-2017-11729 CVE-2017-11730 CVE-2017-11731 CVE-2017-11734 Multiple vulnerabilities have been discovered in Ming: CVE-2017-11704 Heap-based buffer over-read in the function decompileIF in util/decompile.c in Ming ...
[SECURITY] [DSA 4005-1] openjfx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4005-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4004-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4004-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4004-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4004-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4003-1] libvirt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4003-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4003-1] libvirt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4003-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1141-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.58-0+deb7u1 CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Debian Bug : 878402 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which...
[SECURITY] [DSA 4002-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4002-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1139-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u18 CVE ID : CVE-2017-15277 CVE-2017-15281 Debian Bug : 878578 878579 This update fixes two vulnerabilities in ImageMagick: CVE-2017-15277 An uninitialized data structure could lead to information disclosure when reading a specially crafted GIF fil...
[SECURITY] [DLA 1138-1] nss security update
Package : nss Version : 2:3.26-1+debu7u5 CVE ID : CVE-2017-7805 Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of...
[SECURITY] [DSA 4001-1] yadifa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4001-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4001-1] yadifa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4001-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1140-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.16-1.1+deb7u11 CVE ID : CVE-2017-13737 CVE-2017-15277 Immediately after the previous update to graphicsmagick, two more security issues were identified. These updates are included here. CVE-2017-13737 Incorrect rounding up resulted in scrambling the heap...
[SECURITY] [DLA 1137-1] db4.7 security update
Package : db4.7 Version : 4.7.25-21+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436 It was found that the Berkeley DB reads DBCONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these...
[SECURITY] [DLA 1136-1] db4.8 security update
Package : db4.8 Version : 4.8.30-12+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436 It was found that the Berkeley DB reads DBCONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these...
[SECURITY] [DLA 1135-1] db security update
Package : db Version : 5.1.29-5+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436 It was found that the Berkeley DB reads DBCONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these problems...
[SECURITY] [DSA 4000-1] xorg-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4000-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1134-1] sdl-image1.2 security update
Package : sdl-image1.2 Version : 1.2.12-2+deb7u1 CVE ID : CVE-2017-2887 Debian Bug : 878267 It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow resulting in potential co...
[SECURITY] [DSA 3999-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3999-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3998-1] nss security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3998-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3998-1] nss security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3998-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 11, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3997-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3997-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1132-1] xen security update
Package : xen Version : 4.1.6.lts1-9 CVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 Multiple vulnerabilities...
[SECURITY] [DLA 1131-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u17 CVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14341...
[SECURITY] [DSA 3996-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3996-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3995-1] libxfont security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3995-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1129-1] qemu security update
Package : qemu Version : 1.1.2+dfsg-6+deb7u24 CVE ID : CVE-2017-14167 CVE-2017-15038 Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-14167 Incorrect validation of multiboot...
[SECURITY] [DLA 1128-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u24 CVE ID : CVE-2017-14167 CVE-2017-15038 Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-14167 Incorrect validation of...
[SECURITY] [DLA 1127-1] sam2p security update
Package : sam2p Version : 0.49.1-1+deb7u1 CVE ID : CVE-2017-14628 CVE-2017-14629 CVE-2017-14630 CVE-2017-14631 CVE-2017-14636 CVE-2017-14637 Several vulnerabilites, like heap-based buffer overflows, integer signedness or overflow errors have been found by fpbibi and have been fixed by upstream. F...
[SECURITY] [DSA 3994-1] nautilus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3994-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 07, 2017 https://www.debian.org/security/faq -...