14355 matches found
[SECURITY] [DSA 3748-1] libcrypto++ security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3748-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 26, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 763-1] squid3 security update
Package : squid3 Version : 3.1.20-2.2+deb7u7 CVE ID : CVE-2016-10002 Debian Bug : 848493 Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests,...
[SECURITY] [DLA 762-1] exim4 security update
Package : exim4 Version : 4.80-7+deb7u4 CVE ID : CVE-2016-9963 Bjoern Jacke discovered that Exim, Debians default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met. For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DSA 3747-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3747-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3747-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3747-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 760-1] spip security update
Package : spip Version : 2.1.17-1+deb7u8 CVE ID : CVE-2016-9997 CVE-2016-9998 Debian Bug : 848641 Multiple reflected cross-site scripting XSS vulnerabilities have been discovered in SPIP, a website publishing engine written in PHP. CVE-2016-9997 It was discovered that the id parameter to the...
[SECURITY] [DLA 757-1] phpmyadmin security update
Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u7 CVE ID : CVE-2016-4412 CVE-2016-6626 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2016-9865 Various security issues where found and fixed in phpmyadmin in wheezy. CVE-2016-4412 / PMASA-2016-57 A user can be tricked in following a...
[SECURITY] [DSA 3746-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3746-1 [email protected] https://www.debian.org/security/ Luciano Bello December 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3746-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3746-1 [email protected] https://www.debian.org/security/ Luciano Bello December 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 761-1] python-bottle security update
Package : python-bottle Version : 0.10.11-1+deb7u2 CVE ID : CVE-2016-9964 Debian Bug : 848392 It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks...
[SECURITY] [DSA 3745-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3745-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3744-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3744-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3744-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3744-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 759-1] nss security update
Package : nss Version : 2:3.26-1+debu7u2 CVE ID : CVE-2016-9074 Franziskus Kiefer reported that the existing mitigations for some timing side-channel attacks were insufficient: https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/CVE-2016-9074 For Debian 7 "Wheezy", these problems have...
[SECURITY] [DLA 758-1] libgd2 security update
Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u7 CVE ID : CVE-2016-9933 Debian Bug : 849038 It was discovered that invalid color causes stack exhaustion by recursive call to function gdImageFillToBorder when the image used is truecolor. The vulnerability can be exploited through php5 which use...
[SECURITY] [DLA 756-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u10 CVE ID : CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 Debian Bug : 840437 845206 848139 845634 845242 845243 845195 845196 845198 845202 845212 845213 845241 845244 845246 Numerous vulnerabilities were discovered in...
[SECURITY] [DSA 3732-2] php-ssh2 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3732-2 [email protected] https://www.debian.org/security/ Sebastien Delafond December 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3732-2] php-ssh2 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3732-2 [email protected] https://www.debian.org/security/ Sebastien Delafond December 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 755-1] dcmtk security update
Package : dcmtk Version : 3.6.0-12+deb7u1 CVE ID : CVE-2015-8979 Debian Bug : 848830 At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when processing those data structures. Related checks have been added at various...
[SECURITY] [DSA 3743-1] python-bottle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3743-1] python-bottle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3742-1] flightgear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3742-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 754-1] tor security update
Package : tor Version : 0.2.4.27-3 CVE ID : CVE-2016-1254 Debian Bug : 848847 It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash...
[SECURITY] [DSA 3741-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3741-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3741-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3741-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3740-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3740-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3740-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3740-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 753-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u8 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses several regressions stemming from incomplete fixe...
[SECURITY] [DSA 3739-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3739-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3739-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3739-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3738-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3738-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 746-2] tomcat6 regression update
Package : tomcat6 Version : 6.0.45+dfsg-1deb7u5 Debian Bug : 848492 The last security update introduced a regression due to the use of StringManager in the ResourceLinkFactory class. The code was removed again since it is not strictly required to resolve CVE-2016-6797. For Debian 7 "Wheezy", thes...
[SECURITY] [DLA 752-1] icedove security update
Package : icedove Version : 45.5.1-1deb7u1 CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client: Multiple memory safety errors,...
[SECURITY] [DLA 751-1] nagios3 security update
Package : nagios3 Version : 3.4.1-3+deb7u3 CVE ID : CVE-2016-9565 CVE-2016-9566 Nagios was found to be vulnerable to two security issues that, when combined, lead to a remote root code execution vulnerability. Fortunately, the hardened permissions of the Debian package limit the effect of those t...
[SECURITY] [DLA 750-1] game-music-emu security update
Package : game-music-emu Version : 0.5.5-2+deb7u1 CVE ID : CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 Chris Evans found several issues in the emulation code in game-music-emu that could lead to arbitrary code execution. For Debian 7 "Wheezy", these problems have been...
[SECURITY] [DLA 749-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u6 CVE ID : CVE-2016-5385 CVE-2016-7124 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-5385 PHP through 7.0.8 does not attempt to...
[SECURITY] [DLA 748-1] libupnp4 security update
Package : libupnp4 Version : 1.8.0svn20100507-1.2+deb7u1 CVE ID : CVE-2016-8863 Scott Tenaglia discovered a heap-based buffer overflow in libupnp4, a portable SDK for UPnP Devices. That can lead to denial of service or remote code execution. For Debian 7 "Wheezy", these problems have been fixed i...
[SECURITY] [DSA 3737-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3737-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3737-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3737-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 747-1] libupnp security update
Package : libupnp Version : 1:1.6.17-1.2+deb7u2 CVE ID : CVE-2016-8863 Debian Bug : 842093 Scott Tenaglia discovered a heap-based buffer overflow in libupnp, a portable SDK for UPnP Devices. That can lead to denial of service or remote code execution. For Debian 7 "Wheezy", these problems have be...
[SECURITY] [DLA 746-1] tomcat6 security update
Package : tomcat6 Version : 6.0.45+dfsg-1deb7u4 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses two regressions which were introduced by the...
[SECURITY] [DLA 745-1] most security update
Package : most Version : 5.0.0a-2.2 CVE ID : CVE-2016-1253 Debian Bug : 848132 The most pager can automatically open files compressed with gzip, bzip2 and in Debian LZMA. Alberto Garcia discovered that Debians version of most was susceptible for a shell injection attack that could be exploited to...
[SECURITY] [DSA 3736-1] libupnp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3736-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3736-1] libupnp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3736-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 744-1] icu security update
Package : icu Version : 4.8.1.1-12+deb7u6 CVE ID : CVE-2014-9911 CVE-2016-7415 Debian Bug : 838694 Brief introduction CVE-2014-9911 Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via...
[SECURITY] [DLA 743-1] firefox-esr security update
Package : firefox-esr Version : 45.6.0esr-1deb7u1 CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safet...
[SECURITY] [DSA 3735-1] game-music-emu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3735-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3734-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3734-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 14, 2016 https://www.debian.org/security/faq -...