14348 matches found
[SECURITY] [DLA 928-1] libsndfile security update
Package : libsndfile Version : 1.0.25-9.1+deb7u1 CVE ID : CVE-2015-7805 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 Debian Bug : 860255 Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585 In libsndfile before 1.0.28, an...
[SECURITY] [DLA 927-1] fop security update
Package : fop Version : 1:1.0.dfsg2-6+deb7u1 CVE ID : CVE-2017-5661 Debian Bug : 860567 In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the use...
[SECURITY] [DLA 925-1] kedpm security update
Package : kedpm Version : 0.5.0-4+deb7u1 CVE ID : CVE-2017-8296 Debian Bug : 860817 An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the...
[SECURITY] [DLA 926-1] batik security update
Package : batik Version : 1.7+dfsg-3+deb7u2 CVE ID : CVE-2017-5662 Debian Bug : 860566 In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the...
[SECURITY] [DLA 924-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u12 CVE ID : CVE-2017-5647 CVE-2017-5648 Debian Bug : 860068 Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2017-5647 A bug in the handling of the pipelined requests when send file was used resulted in the...
[SECURITY] [DLA 923-1] partclone security update
Package : partclone Version : 0.2.48-1+deb7u1 CVE ID : CVE-2017-6596 Debian Bug : 857966 It was discovered that partclone, an utility to backup partitions, was prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. This could allow remote...
[SECURITY] [DSA 3839-1] freetype security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3839-1] freetype security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 922-1] linux security update
Package : linux Version : 3.2.88-1 CVE ID : CVE-2016-2188 CVE-2016-9604 CVE-2016-10200 CVE-2017-2647 CVE-2017-2671 CVE-2017-5967 CVE-2017-5970 CVE-2017-6951 CVE-2017-7184 CVE-2017-7261 CVE-2017-7273 CVE-2017-7294 CVE-2017-7308 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618 Several vulnerabilities have...
[SECURITY] [DSA 3838-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3838-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3838-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3838-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3837-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3837-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 921-1] slurm-llnl security update
Package : slurm-llnl Version : 2.3.4-2+deb7u1 CVE ID : CVE-2016-10030 Debian Bug : 850491 With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script. For Debian 7 "Wheezy", these proble...
[SECURITY] [DSA 3836-1] weechat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3836-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3836-1] weechat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3836-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 920-1] jasper security update
Package : jasper Version : 1.900.1-13+deb7u6 CVE ID : CVE-2016-9591 CVE-2016-10251 CVE-2016-9591 Use-after-free on heap in jasmatrixdestroy The vulnerability exists in code responsible for re-encoding the decoded input image file to a JP2 image. The vulnerability is caused by not setting related...
[SECURITY] [DSA 3835-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3835-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3835-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3835-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 919-1] weechat security update
Package : weechat Version : 0.3.8-1+deb7u2 CVE ID : CVE-2017-8073 Debian Bug : 861121 WeeChat before allows a remote crash by sending a filename via DCC to the IRC plugin. For Debian 7 "Wheezy", these problems have been fixed in version 0.3.8-1+deb7u2. We recommend that you upgrade your weechat...
[SECURITY] [DLA 918-1] freetype security update
Package : freetype Version : 2.4.9-1.1+deb7u6 CVE ID : CVE-2017-8105 Debian Bug : 861220 860303 It was found that an out of bounds write caused by a heap-based buffer overflow could be triggered in freetype via a crafted font. This update also reverts the fix for CVE-2016-10328, as it was...
[SECURITY] [DLA 917-1] rtmpdump security update
Package : rtmpdump Version : 2.4+20111222.git4e06e21-1+deb7u1 CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272 Several vulnerabilities were found in rtmpdump and the librtmp library. CVE-2015-8270 A bug in AMF3ReadString in librtmp can cause a denial of service via application crash to librtmp...
[SECURITY] [DLA 916-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.55-0+deb7u1 CVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Debian Bug : 854713 860544 Several issues have been discover...
[SECURITY] [DLA 915-1] botan1.10 security update
Package : botan1.10 Version : 1.10.5-1+deb7u3 CVE ID : CVE-2017-2801 Debian Bug : 860072 A bug in X509 DN string comparisons could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. For Debian 7...
[SECURITY] [DSA 3834-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3834-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3834-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3834-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3833-1] libav security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3833-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 913-1] activemq security update
Package : activemq Version : 5.6.0+dfsg-1+deb7u3 CVE ID : CVE-2015-7559 Debian Bug : 860866 It was found that Apache ActiveMQ exposed a remote shutdown command in the ActiveMQConnection class. An attacker could use this flaw to achieve denial of service on a client. For Debian 7 "Wheezy", these...
[SECURITY] [DLA 912-1] tiff3 security update
Package : tiff3 Version : 3.9.6-11+deb7u5 CVE ID : CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 Debian Bug : 860000 860001 860003 Multiple security issues have been found in the tiff3 image library that may allow remote attackers ...
[SECURITY] [DLA 914-1] minicom security update
Package : minicom Version : 2.6.1-1+deb7u1 CVE ID : CVE-2017-7467 Debian Bug : 860940 CVE-2017-7467 Out of bounds write in vt100.c For Debian 7 "Wheezy", these problems have been fixed in version 2.6.1-1+deb7u1. We recommend that you upgrade your minicom packages. Further information about Debian...
[SECURITY] [DLA 911-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u12 CVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Debian Bug : 859998 860000 860001 860003 Multiple security issues have been found in the tiff...
[SECURITY] [DLA 910-1] libreoffice security update
Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u9 CVE ID : CVE-2017-3157 CVE-2017-7870 CVE-2017-3157 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157...
[SECURITY] [DLA 909-1] libcroco security update
Package : libcroco Version : 0.6.6-2+deb7u1 CVE ID : CVE-2017-7960 CVE-2017-7961 Debian Bug : 860961 CVE-2017-7960 A heap-based buffer over-read vulnerability could be triggered remotely via a crafted CSS file to cause a denial of service. CVE-2017-7961 An "outside the range of representable valu...
[SECURITY] [DLA 908-1] chicken security update
Package : chicken Version : 4.7.0-1+deb7u2 CVE ID : CVE-2017-6949 Debian Bug : 858057 It was found that CHICKEN did not sanitize the size argument when allocating SRFI-4 vectors, which could lead to segfaults or buffer overflows with some sizes. For Debian 7 "Wheezy", these problems have been fix...
[SECURITY] [DLA 907-1] xen security update
Package : xen Version : 4.1.6.lts1-6 CVE ID : CVE-2017-7228 Debian Bug : 859560 CVE-2017-7228 XSA-212 An insufficient check on XENMEMexchange may allow PV guests to access all of system memory. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-6. We recommend that you...
[SECURITY] [DLA 906-1] firefox-esr security update
Package : firefox-esr Version : 45.9.0esr-1deb7u1 CVE ID : CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448...
[SECURITY] [DSA 3832-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3832-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 905-1] ghostscript security update
Package : ghostscript Version : 9.05dfsg-6.3+deb7u5 CVE ID : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 ghostscript is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2016-10219 Application crash with division by 0 in scan conversion code...
[SECURITY] [DLA 904-1] uzbek-wordlist update
Package : uzbek-wordlist Version : 0.6-3.2+deb7u1 The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy. For Debian 7 "Wheezy", this problem has been fixed in version 0.6-3.2+deb7u1. We recommend...
[SECURITY] [DLA 903-1] hunspell-en-us update
Package : hunspell-en-us Version : 20070829-6+deb7u1 The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy. For Debian 7 "Wheezy", this problem has been fixed in version 20070829-6+deb7u1. We...
[SECURITY] [DSA 3831-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3831-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3830-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3830-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3830-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3830-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 19, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 896-1] icedove/thunderbird security update
Package : icedove Version : 1:45.8.0-3deb7u1 CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...
[SECURITY] [DLA 902-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u13 CVE ID : CVE-2017-7606 CVE-2017-7619 Debian Bug : 859771 859769 Two security vulnerabilities were discovered in imagemagick that allow remote attackers to cause a denial of service application crash and infinite loop or possibly other unspecifi...
[SECURITY] [DLA 901-1] radare2 security update
Package : radare2 Version : 0.9-3+deb7u2 CVE ID : CVE-2017-6448 CVE-2017-6448 The dalvikdisassemble function in libr/asm/p/asmdalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact...
[SECURITY] [DLA 900-1] freetype security update
Package : freetype Version : 2.4.9-1.1+deb7u5 CVE ID : CVE-2016-10328 Debian Bug : 860303 The Freetype 2 font engine was vulnerable to an out-of-bounds write caused by a heap-based buffer overflow in the cffparserrun function in cff/cffparse.c. For Debian 7 "Wheezy", these problems have been fixe...
[SECURITY] [DLA 899-1] feh security update
Package : feh Version : 2.3-2+deb7u1 CVE ID : CVE-2017-7875 Debian Bug : 860367 Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DLA 898-1] libosip2 security update
Package : libosip2 Version : 3.6.0-4+deb7u1 CVE ID : CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 CVE-2016-10324 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipclrncpy function defined in osipparser2/osipport.c. CVE-2016-10325 In...
[SECURITY] [DLA 897-1] qbittorrent security update
Package : qbittorrent Version : 2.9.8-1+deb7u1 CVE ID : CVE-2017-6503 CVE-2017-6504 CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. CVE-2017-6504 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which coul...
[SECURITY] [DLA 895-1] openoffice.org-dictionaries update
Package : openoffice.org-dictionaries Version : 3.3.0rc10-4+deb7u1 Debian Bug : 646693 The dictionaries provided by this package had an unversioned conflict against the thunderbird package which so far was not part of wheezy. Since the next update of Icedove introduces a thunderbird package the...