14348 matches found
[SECURITY] [DSA 3801-1] ruby-zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3801-1] ruby-zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-3] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-3] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 836-2] munin regression update
Package : munin Version : 2.0.6-4+deb7u4 Debian Bug : 856455 856536 The update for munin issued as DLA-836-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie...
[SECURITY] [DSA 3800-1] libquicktime security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3800-1] libquicktime security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-2] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-2] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3799-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3799-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 845-1] qemu security update
Package : qemu Version : 1.1.2+dfsg-6+deb7u20 CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973 Debian Bug : Several vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-2615...
[SECURITY] [DSA 3798-1] tnef security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3798-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3798-1] tnef security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3798-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 844-1] libquicktime security update
Package : libquicktime Version : 2:1.2.4-3+deb7u1 CVE ID : CVE-2016-2399 Debian Bug : 855099 Marco nemux Romano discovered that an integer overflow in the quicktimereadpascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other...
[SECURITY] [DLA 842-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u20 CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2017-2615 The Cirrus CLGD 54xx VGA Emulator i...
[SECURITY] [DSA 3797-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3797-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 843-1] bind9 security update
Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u15 CVE ID : CVE-2017-3135 CVE-2017-3135 Assertion failure when using DNS64 and RPZ can lead to crash. For Debian 7 "Wheezy", these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u15. We recommend that you upgrade your bind9...
[SECURITY] [DLA 841-1] apache2 security update
Package : apache2 Version : 2.2.22-13+deb7u8 CVE ID : CVE-2016-8743 This upload fixes a security vulnerability in the header parsing code. David Dennerline, of IBM Securitys X-Force Researchers, and Régis Leroy discovered problems in the way Apache handled a broad pattern of unusual whitespace...
[SECURITY] [DLA 840-1] libplist security update
Package : libplist Version : 1.8-1+deb7u2 CVE ID : CVE-2017-5834 CVE-2017-5835 Debian Bug : 854000 Several vulnerabilities were discovered in libplist, a library for reading and writing the Apple binary and XML property lists format. A maliciously crafted plist file could cause an application to...
[SECURITY] [DLA 839-1] tnef security update
Package : tnef Version : 1.4.9-1+deb7u1 CVE ID : CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controll...
[SECURITY] [DLA 838-1] shadow security update
Package : shadow Version : 4.1.5.1-1+deb7u1 CVE ID : CVE-2017-2616 Debian Bug : 855943 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial ...
[SECURITY] [DLA 837-1] radare2 security update
Package : radare2 Version : 0.9-3+deb7u1 CVE ID : CVE-2017-6197 Debian Bug : 856063 CVE-2017-6197 The rread functions in libr/include/rendian.h in radare2 1.2.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted binary file, as...
[SECURITY] [DSA 3796-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3796-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3796-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3796-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3795-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3795-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-1] munin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-1] munin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 836-1] munin security update
Package : munin Version : 2.0.6-4+deb7u3 CVE ID : CVE-2017-6188 Debian Bug : 855705 Stevie Trujillo discovered a command injection vulnerability in munin, a network-wide graphing framework. The CGI script for drawing graphs allowed to pass arbitrary GET parameters to local shell command, allowing...
[SECURITY] [DLA 835-1] cakephp security update
Package : cakephp Version : 1.3.15-1+deb7u2 CVE ID : CVE-2016-4793 Dawid Golunski from legalhackers.com discovered that cakephp, an application development framework for PHP, contains a vulnerability that allows attackers to spoof the source IP address. It would allow them to bypass access contro...
[SECURITY] [DSA 3793-1] shadow security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3793-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 24, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3793-1] shadow security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3793-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 24, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 834-1] phpmyadmin security update
Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621 A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal...
[SECURITY] [DSA 3792-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3792-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 823-2] tomcat7 regression update
Package : tomcat7 Version : 7.0.28-4+deb7u11 CVE ID : CVE-2017-6056 Debian Bug : 854551 The update for tomcat7 issued as DLA-823-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original...
[SECURITY] [DLA 833-1] linux security update
Package : linux Version : 3.2.84-2 CVE ID : CVE-2014-9888 CVE-2014-9895 CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2017-5549 CVE-2017-6001 CVE-2017-6074 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other...
[SECURITY] [DSA 3791-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3791-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3791-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3791-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3788-2] tomcat8 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3788-2] tomcat8 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3787-2] tomcat7 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3787-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3787-2] tomcat7 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3787-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 832-1] bitlbee security update
Package : bitlbee Version : 3.0.5-1.2+deb7u1 CVE ID : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668 CVE-2017-5668 Fix for incomplete fix for "Null pointer dereference with file transfer request from unknown contacts". Though this package wasnt in Wheezy with this issue, I mention it here. The fix w...
[SECURITY] [DLA 831-1] gtk-vnc security update
Package : gtk-vnc Version : 0.5.0-3.1+deb7u1 CVE ID : CVE-2017-5884 CVE-2017-5885 Debian Bug : 854450 Josef Gajdusek discovered two vulnerabilities in gtk-vnc, a VNC viewer widget for GTK: CVE-2017-5884 Fix bounds checking for RRE, hextile & copyrec encodings. This bug allowed a remote server to...
[SECURITY] [DLA 830-1] gst-plugins-bad0.10 security update
Package : gst-plugins-bad0.10 Version : 0.10.23-7.1+deb7u5 CVE ID : CVE-2017-5843 CVE-2017-5848 Some memory management issues were found in the GStreamer "bad" plugins: CVE-2017-5843 A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted fil...
[SECURITY] [DLA 829-1] gst-plugins-ugly0.10 security update
Package : gst-plugins-ugly0.10 Version : 0.10.19-2+deb7u1 CVE ID : CVE-2017-5846 CVE-2017-5847 Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file. For Debian 7 "Wheezy", these problems ha...
[SECURITY] [DLA 828-1] gst-plugins-good0.10 security update
Package : gst-plugins-good0.10 Version : 0.10.31-3+nmu1+deb7u2 CVE ID : CVE-2016-10198 CVE-2017-5840 Two memory handling issues were found in gst-plugins-good0.10: CVE-2016-10198 An invalid read can be triggered in the aacparse element via a maliciously crafted file. CVE-2017-5840 An out of bound...
[SECURITY] [DLA 827-1] gst-plugins-base0.10 security update
Package : gst-plugins-base0.10 Version : 0.10.36-1.1+deb7u2 CVE ID : CVE-2017-5837 CVE-2017-5844 It was discovered that it is possible to trigger a floating point exception in GStreamer via specially crafted files, causing a denial of service. For Debian 7 "Wheezy", these problems have been fixed...
[SECURITY] [DLA 826-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u6 CVE ID : CVE-2017-6014 Debian Bug : 855408 It was discovered that there was denial of service vulnerability in wireshark, a network traffic analyzer. A malformed NATO Ground Moving Target Indicator Format "STANAG 4607" capture file coul...
[SECURITY] [DLA 825-1] spice security update
Package : spice Version : 0.11.0-1+deb7u4 CVE ID : CVE-2016-9577 CVE-2016-9578 Debian Bug : 854336 Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Fredia...