14348 matches found
[SECURITY] [DSA 3859-1] dropbear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3859-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3858-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3858-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 946-1] nss security update
Package : nss Version : 2:3.26-1+debu7u3 CVE ID : CVE-2017-5461 CVE-2017-5462 Debian Bug : 862958 The NSS library is vulnerable to two security issues: CVE-2017-5461 Out-of-bounds write in Base64 encoding. This can trigger a crash denial of service and might be exploitable for code execution...
[SECURITY] [DSA 3857-1] mysql-connector-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3857-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3856-1] deluge security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3856-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3855-1] jbig2dec security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3855-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3855-1] jbig2dec security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3855-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3793-2] shadow regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3793-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3793-2] shadow regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3793-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 945-1] mysql-connector-java security update
Package : mysql-connector-java Version : 5.1.42-1deb7u1 CVE ID : CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 Several issues were discovered in mysql-connector-java that allow attackers to execute arbitrary code, insert or delete access to some of MySQL Connectors accessible data as well as...
[SECURITY] [DLA 944-1] openvpn security update
Package : openvpn Version : 2.2.1-8+deb7u4 CVE ID : CVE-2017-7479 Denial of Service due to Exhaustion of Packet-ID counter An authenticated client can cause the servers the packet-id counter to roll over, which would lead the server process to hit an ASSERT and stop running. To make the server hi...
[SECURITY] [DLA 943-1] deluge security update
Package : deluge Version : 1.3.3-2+nmu1+deb7u2 Debian Bug : 862611 It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version 1.3.3-2+nmu1+deb7u2. We...
[SECURITY] [DLA 942-1] jbig2dec security update
Package : jbig2dec Version : 0.13-4deb7u2 CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer...
[SECURITY] [DSA 3853-1] bitlbee security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3853-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3853-1] bitlbee security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3853-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 941-1] squirrelmail security update
Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb7u1 CVE ID : CVE-2017-7692 Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. For...
[SECURITY] [DSA 3854-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3854-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3854-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3854-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3852-1] squirrelmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3852-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3852-1] squirrelmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3852-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 940-1] sane-backends security update
Package : sane-backends Version : 1.0.22-7.4+deb7u1 CVE ID : CVE-2017-6318 Debian Bug : 854804 It was discovered that there was an issue in sane-backends, an API library for scanners. It allowed remote attackers to obtain sensitive memory information via a crafted SANENETCONTROLOPTION packet. For...
[SECURITY] [DSA 3851-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3851-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3850-1] rtmpdump security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3850-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3849-1] kde4libs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3849-1] kde4libs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 939-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u21 CVE ID : CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick EmulatorQemu. The Common Vulnerabilities and Exposures project identifies t...
[SECURITY] [DLA 924-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.28-4+deb7u13 Debian Bug : 861872 The security update announced as DLA-924-1 introduced a regression in Tomcats APR protocol due to the fix for CVE-2017-5647 and prevented a successful sendfile request. For Debian 7 "Wheezy", these problems have been fixed in versio...
[SECURITY] [DLA 938-1] git security update
Package : git Version : 1:1.7.10.4-1+wheezy4 CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For Debian 7 "Wheezy", these...
[SECURITY] [DLA 937-1] rpcbind security update
Package : rpcbind Version : 0.2.0-8+deb7u2 CVE ID : CVE-2017-8779 Debian Bug : 861835 Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion depending on...
[SECURITY] [DLA 936-1] libtirpc security update
Package : libtirpc Version : 0.2.2-5+deb7u1 CVE ID : CVE-2017-8779 Debian Bug : 861834 Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion depending on...
[SECURITY] [DLA 935-1] lxterminal security update
Package : lxterminal Version : 0.1.11-4+deb7u1 CVE ID : CVE-2016-10369 Debian Bug : 862098 It was discovered that there was a local denial of service vulnerability in lxterminal, the terminal emulator for the LXDE desktop environment. This was caused by an insecure use of temporary files for a...
[SECURITY] [DSA 3848-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3848-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3847-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 934-1] radicale security update
Package : radicale Version : 0.7-1.1+deb7u2 CVE ID : CVE-2017-8342 Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 7 "Wheezy", these problems have been fixed in version 0.7-1.1+deb7u2...
[SECURITY] [DSA 3846-1] libytnef security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3846-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3846-1] libytnef security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3846-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3845-1] libtirpc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3845-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 933-1] roundcube security update
Package : roundcube Version : 0.7.2-9+deb7u7 CVE ID : CVE-2017-8114 Debian Bug : 861388 Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. For Debian 7...
[SECURITY] [DLA 932-1] ghostscript security update
Package : ghostscript Version : 9.05dfsg-6.3+deb7u6 CVE ID : CVE-2017-8291 Debian Bug : 861295 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is...
[SECURITY] [DLA 931-1] freetype security update
Package : freetype Version : 2.4.9-1.1+deb7u7 CVE ID : CVE-2017-8287 Debian Bug : 861308 It was found that a malformed font could result in denial of service or the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 2.4.9-1.1+deb7u7. We recommend that yo...
[SECURITY] [DSA 3844-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3844-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3843-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3843-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3843-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3843-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3842-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3842-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3842-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3842-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3841-1] libxstream-java
------------------------------------------------------------------------- Debian Security Advisory DSA-3841-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3840-1] mysql-connector-java
------------------------------------------------------------------------- Debian Security Advisory DSA-3840-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 930-1] libxstream-java security update
Package : libxstream-java Version : 1.4.2-1+deb7u2 CVE ID : CVE-2017-7957 Debian Bug : 861521 It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an...
[SECURITY] [DLA 929-1] libpodofo security update
Package : libpodofo Version : 0.9.0-1.1+deb7u1 CVE ID : CVE-2015-8981 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5886 CVE-2017-6844 CVE-2017-7379 Debian Bug : 854599 854600 854601 854602 854604 859331 Several heap-based buffer overflows, integer overflows and NULL pointer dereferences hav...