14348 matches found
[SECURITY] [DSA 3790-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3790-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3790-1] spice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3790-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 824-1] libevent security update
Package : libevent Version : 2.0.19-stable-3+deb7u2 CVE ID : CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Debian Bug : 854092 Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code...
[SECURITY] [DSA 3789-1] libevent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3789-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3789-1] libevent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3789-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 15, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 823-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u10 CVE ID : not yet available Debian Bug : 854551 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For Debian 7 "Wheezy", these...
[SECURITY] [DSA 3788-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3788-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3787-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3787-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3786-1] vim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3786-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 822-1] vim security update
Package : vim Version : 2:7.3.547-7+deb7u2 CVE ID : CVE-2017-5953 Debian Bug : 854969 A vulnerability has been discovered in Vim where a malformed spell file could cause an integer overflow which is used as the size for memory allocation, resulting in a subsequent buffer overflow. For Debian 7...
[SECURITY] [DLA 821-1] openjdk-7 security update
Package : openjdk-7 Version : 7u121-2.6.8-2deb7u1 CVE ID : CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Several vulnerabilities have been discovered in OpenJDK, an...
[SECURITY] [DLA 819-2] mysql-5.5 version number correction
Package : mysql-5.5 Version : 5.5.54-0+deb7u2 CVE ID : not assigned yet Debian Bug : 854713 This is a correction of DLA 819-1 that mentioned that mysql-5.5 5.5.47-0+deb7u2 was corrected. The corrected package version was 5.5.54-0+deb7u2. For completeness the text from DLA 819-1 is available below...
[SECURITY] [DLA 820-1] viewvc security update
Package : viewvc Version : 1.1.5-1.4+deb7u1 CVE ID : CVE-2017-5938 Debian Bug : 854681 Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This issue resulted in a potential Cross-Site Scripting vulnerability. For Debian...
[SECURITY] [DSA 3785-1] jasper security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3785-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 819-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.47-0+deb7u2 CVE ID : not assigned yet Debian Bug : 854713 It has been found that the C client library for MySQL libmysqlclient.so has use-after-free vulnerability which can cause crash of applications using that MySQL client. For Debian 7 "Wheezy", these problems...
[SECURITY] [DSA 3784-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3784-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3783-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3783-1 [email protected] https://www.debian.org/security/ Luciano Bello February 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3783-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3783-1 [email protected] https://www.debian.org/security/ Luciano Bello February 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3782-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3782-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 818-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u7 CVE ID : CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-4342 CVE-2016-9934 CVE-2016-9935 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 PHP-Bugs : 71323 70979 71039 71459 71391 71335 Several issues have been discovered in PHP recursive...
[SECURITY] [DLA 693-2] tiff regression update
Package : tiff Version : 4.0.2-6+deb7u10 Debian Bug : 852610 Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff being unable to write out tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. This problem manifested itself with...
[SECURITY] [DLA 817-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.1-1.3+deb7u1 CVE ID : CVE-2017-5223 Debian Bug : 853232 It was discovered that there was a local file disclosure vulnerability in libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of HTML messages could potentially be used by...
[SECURITY] [DSA 3781-1] svgsalamander security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3781-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 816-1] svgsalamander security update
Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DLA 815-1] ntfs-3g security update
Package : ntfs-3g Version : 1:2012.1.15AR.5-2.1+deb7u3 CVE ID : CVE-2017-0358 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this fla...
[SECURITY] [DLA 814-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb7u2 CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets...
[SECURITY] [DSA 3780-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3780-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3779-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3779-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3779-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3779-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 01, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 813-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u13 CVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 Debian Bug : 851310 852767 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common...
[SECURITY] [DLA 812-1] ikiwiki security update
Package : ikiwiki Version : 3.20120629.2+deb7u2 CVE ID : CVE-2016-9646 CVE-2016-10026 CVE-2017-0356 Several vulnerabilities have been found in ikiwiki, a wiki compiler: CVE-2016-9646 Commit metadata forgery CVE-2016-10026 Authorization bypass when reverting changes CVE-2017-0356 Authentication...
[SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3778-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3778-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 811-1] libplist security update
Package : libplist Version : 1.8-1+deb7u1 CVE ID : CVE-2017-5209 CVE-2017-5545 Debian Bug : 851196 852385 The following vulnerabilities have been fixed in libplist: CVE-2017-5209 Out of bounds read when parsing specially crafted Apple plist file CVE-2017-5545 Heap buffer overflow via crafted Appl...
[SECURITY] [DSA 3777-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3777-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3777-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3777-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 810-1] libarchive security update
Package : libarchive Version : 3.0.4-3+wheezy5+deb7u1 CVE ID : CVE-2017-5601 Debian Bug : 853278 It was discovered that there was a heap buffer overflow in libarchive, a multi-format archive and compression library. For Debian 7 "Wheezy", this issue has been fixed in libarchive version...
[SECURITY] [DSA 3776-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3776-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3776-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3776-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 31, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 809-1] tcpdump security update
Package : tcpdump Version : 4.9.0-1deb7u1 CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938...
[SECURITY] [DLA 808-1] ruby-archive-tar-minitar security update
Package : ruby-archive-tar-minitar Version : 0.5.2-2+deb7u1 CVE ID : CVE-2016-10173 Debian Bug : 853249 It has been found that rubygem archive-tar-minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. For Debian 7 "Wheezy", thes...
[SECURITY] [DLA 610-2] tiff3 regression update
Package : tiff3 Version : 3.9.6-11+deb7u3 Debian Bug : 852610 Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. For Debian 7 "Wheezy",...
[SECURITY] [DLA 807-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u11 CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Debian Bug : 851485, 851483, 851380, 851383, 851382, 851381, 851376, 851374 Numerous vulnerabilities were discovered in...
[SECURITY] [DSA 3775-1] tcpdump security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3775-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 806-1] zoneminder security update
Package : zoneminder Version : 1.25.0-4+deb7u1 CVE ID : CVE-2016-10140 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web...
[SECURITY] [DLA 805-1] bind9 security update
Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u14 CVE ID : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Several denial-of-service vulnerabilities assertion failures were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an...
[SECURITY] [DSA 3774-1] lcms2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3774-1] lcms2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 804-1] libgd2 security update
Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u8 CVE ID : CVE-2016-9317 CVE-2016-10167 CVE-2016-10168 Multiple security issues have been found in the GD Graphics Library. They may lead to the execution of arbitrary code or causing application crash. CVE-2016-9317 Signed integer overflow in...