14348 matches found
[SECURITY] [DSA 3892-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3892-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3891-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3891-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3891-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3891-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3890-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3890-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3890-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3890-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 997-1] libffi security update
Package : libffi Version : 3.0.10-3+deb7u1 CVE ID : CVE-2017-1000376 libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. For Debian 7 "Wheezy", these proble...
[SECURITY] [DLA 996-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u14 CVE ID : CVE-2017-5664 Debian Bug : 864447 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to th...
[SECURITY] [DLA 995-1] swftools security update
Package : swftools Version : 0.9.2+ds1-3+deb7u1 CVE ID : CVE-2017-8400 CVE-2017-8401 CVE-2017-8400 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function pngload in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attacker...
[SECURITY] [DLA 994-1] zziplib security update
Package : zziplib Version : 0.13.56-1.1+deb7u1 CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 CVE-2017-5974 Heap-based buffer overflow in the zzipget32 function in fetch.c in zziplib allows remote attackers to cause a denial of service...
[SECURITY] [DLA 993-1] linux security update
Package : linux Version : 3.2.89-1 CVE ID : CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 CVE-2017-1000364 Several vulnerabilities have been discovered in the Linux kernel tha...
[SECURITY] [DLA 992-1] eglibc security update
Package : eglibc Version : 2.13-38+deb7u12 CVE ID : CVE-2017-1000366 The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at:...
[SECURITY] [DSA 3889-1] libffi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3889-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez June 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3886-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3886-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3886-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3886-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3888-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3888-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3887-1] glibc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3887-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 989-1] jython security update
Package : jython Version : 2.5.2-1+deb7u1 CVE ID : CVE-2016-4000 Debian Bug : 864859 Alvaro Munoz and Christian Schneider discovered that Jython, an implementation of the Python language seamlessly integrated with Java, would execute arbitrary code when deserializing objects. For Debian 7 "Wheezy...
[SECURITY] [DLA 991-1] firefox-esr security update
Package : firefox-esr Version : 52.2.0esr-1deb7u1 CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776...
[SECURITY] [DSA 3885-1] irssi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3885-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3885-1] irssi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3885-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 990-1] expat security update
Package : expat Version : 2.1.0-1+deb7u5 CVE ID : CVE-2017-9233 It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library: https://libexpat.github.io/doc/cve-2017-9233/ For Debian 7 "Wheezy", this issue has been fixed in expat version 2.1.0-1+deb7u5. We...
[SECURITY] [DSA 3884-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3884-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 988-1] rt-authen-externalauth security update
Package : rt-authen-externalauth Version : 0.10-4+deb7u1 CVE ID : CVE-2017-5361 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is...
[SECURITY] [DLA 987-1] request-tracker4 security update
Package : request-tracker4 Version : 4.0.7-5+deb7u5 CVE ID : CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the...
[SECURITY] [DLA 986-1] zookeeper security update
Package : zookeeper Version : 3.4.5+dfsg-2+deb7u1 CVE ID : CVE-2017-5637 Debian Bug : 863811 It was discovered that Zookeeper, a service for maintaining configuration information, didnt restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by...
[SECURITY] [DSA 3883-1] rt-authen-externalauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3883-1] rt-authen-externalauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3882-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3882-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3882-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3882-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 985-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb7u3 CVE ID : CVE-2017-6892 Debian Bug : 864704 It was discovered that there was a vulnerability in libsndfile, a library for reading/writing audio files. A specially-crafted AIFF "Audio Interchange File Format" file could result in an out-of-bounds...
[SECURITY] [DSA 3881-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3881-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3880-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3880-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3880-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3880-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3879-1] libosip2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3879-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 984-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u14 CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 Debian Bug : 863185 850316 tiff was affected by multiple memory leaks CVE-2017-9403, CVE-2017-9404 that could result in denial of service. Furthermore, while the current version in Debian wa...
[SECURITY] [DLA 983-1] tiff3 security update
Package : tiff3 Version : 3.9.6-11+deb7u6 CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 tiff3 was affected by multiple memory leaks CVE-2017-9403, CVE-2017-9404 that could result in denial of service. Furthermore, while the current version in Debian was already patched for...
[SECURITY] [DSA 3878-1] zziplib security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3878-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 982-1] tor security update
Package : tor Version : 0.2.4.29-1 CVE ID : CVE-2017-0376 Debian Bug : 864424 It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a flaw in the hidden service code. A remote attacker can take advantage of this flaw to cause a hidden service to...
[SECURITY] [DSA 3877-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3877-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3877-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3877-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3876-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3876-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3875-1] libmwaw security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3875-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3874-1] ettercap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3874-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3874-1] ettercap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3874-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 979-1] debian-security-support update
Package : debian-security-support Version : 2017.06.02+deb7u1 Besides bringing the package up to date regarding translations this update marks several packages as no longer supported by wheezy-lts: autotrace, inspircd, ioquake3, kfreebsd-8, kfreebsd-9, matrixssl, teeworlds and trn For the reasoni...
[SECURITY] [DLA 981-1] apng2gif security update
Package : apng2gif Version : 1.5-1+deb7u1 CVE ID : CVE-2017-6960 Debian Bug : 854367 It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote attacker could use this flaw to cause a denial of service application crash via a...
[SECURITY] [DLA 980-1] ming security update
Package : ming Version : 1:0.4.4-1.1+deb7u3 CVE ID : CVE-2017-8782 It was found that ming, a library to parse and generate SWF Flash files, is susceptible to an integer overflow that would lead into out of bound memory writes via a maliciously crafted file. For Debian 7 "Wheezy", these problems...
[SECURITY] [DLA 978-1] perl security update
Package : perl Version : 5.14.2-21+deb7u5 CVE ID : CVE-2017-6512 Debian Bug : 863870 The cPanel Security Team reported a time of check to time of use TOCTTOU race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw...
[SECURITY] [DLA 976-1] yodl security update
Package : yodl Version : 3.00.0-6+deb7u1 CVE ID : CVE-2016-10375 Hanno Bock discovered that there was a buffer over-read vulnerability in the yodl "Your Own Document Language" document processor. For Debian 7 "Wheezy", this issue has been fixed in yodl version 3.00.0-6+deb7u1. We recommend that y...