14351 matches found
[SECURITY] [DLA 635-1] dwarfutils security update
Package : dwarfutils Version : 20120410-2+deb7u1 CVE IDs : CVE-2016-7510 CVE-2016-7511 It was discovered that there were out-of-bounds read issues in dwarfutils, a library to consume and produce DWARF debug information. For Debian 7 "Wheezy", this issue has been fixed in dwarfutils version...
[SECURITY] [DSA 3673-2] openssl regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3673-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3673-2] openssl regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3673-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3675-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3675-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 634-1] dropbear security update
Package : dropbear Version : 2012.55-1.3+deb7u1 CVE IDs : CVE-2016-7406 CVE-2016-7407 It was discovered that there were two issues in dropbear, a lightweight SSH2 server and client: - CVE-2016-7406: Potential issues in exit message formatting. - CVE-2016-7407: Overflows when parsing OpenSSHs ASN....
[SECURITY] [DLA 633-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u12 CVE ID : CVE-2015-8834 CVE-2016-4029 CVE-2016-5836 CVE-2016-6634 CVE-2016-6635 CVE-2016-7168 CVE-2016-7169 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the...
[SECURITY] [DSA 3674-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3674-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3673-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3672-1] irssi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3672-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3672-1] irssi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3672-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 632-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u4 CVE ID : CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the...
[SECURITY] [DLA 631-1] unadf security update
Package : unadf Version : 0.7.11a-3+deb7u1 CVE IDs : CVE-2016-1243 CVE-2016-1244 Debian Bug : 838248 It was discovered that there were two vulnerabilities in unadf, a tool to extract files from an Amiga Disk File dump .adf: - - CVE-2016-1243: stack buffer overflow caused by blindly trusting on...
[SECURITY] [DSA 3671-1] mutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3671-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 630-1] zookeeper security update
Package : zookeeper Version : 3.3.5+dfsg1-2+deb7u1 CVE ID : CVE-2016-5017 Lyon Yang discovered that the C client shells clist and climt of Apache Zookeeper, a high-performance coordination service for distributed applications, were affected by a buffer overflow vulnerability associated with parsi...
[SECURITY] [DLA 629-1] jackrabbit security update
Package : jackrabbit Version : 2.3.6-1+deb7u2 CVE ID : CVE-2016-6801 Debian Bug : 838204 Lukas Reschke discovered that Apache Jackrabbit, a content repository implementation for Java, was vulnerable to Cross-Site-Request-Forgery in Jackrabbits webdav module. The CSRF content-type check for POST...
[SECURITY] [DLA 628-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u5 CVE ID : CVE-2016-4473 CVE-2016-4538 CVE-2016-5114 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296...
[SECURITY] [DLA 627-1] pdns security update
Package : pdns Version : 3.1-4.1+deb7u2 CVE ID : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172 Debian Bug : 830808 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 /...
[SECURITY] [DLA 626-1] phpmyadmin security update
Package : phpmyadmin Version : 3.4.11.1-2+deb7u6 CVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6609 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6620 CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6630 CVE-2016-6631 Phpmyadmin, a web administration tool for MySQL, had...
[SECURITY] [DLA 625-1] curl security update
Package : curl Version : 7.26.0-1+wheezy16 CVE ID : CVE-2016-7167 Debian Bug : 837945 It was discovered that the four four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape accepted negative sting length inputs. For Debian 7 "Wheezy", these problems have been fixed i...
[SECURITY] [DLA 624-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.52-0+deb7u1 CVE ID : CVE-2016-6662 Dawid Golunski discovered that the mysqldsafe wrapper provided by the MySQL database server insufficiently restricted the load path for custom malloc implementations, which could result in privilege escalation. The vulnerability...
[SECURITY] [DSA 3670-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3670-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3669-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 623-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u6 CVE ID : CVE-2016-1240 Dawid Golunski from legalhackers.com discovered that Debians version of Tomcat 7 was vulnerable to a local privilege escalation. Local attackers who have gained access to the server in the context of the tomcat7 user through a...
[SECURITY] [DLA 622-1] tomcat6 security update
Package : tomcat6 Version : 6.0.45+dfsg-1deb7u2 CVE ID : CVE-2016-1240 Dawid Golunski from legalhackers.com discovered that Debians version of Tomcat 6 was vulnerable to a local privilege escalation. Local attackers who have gained access to the server in the context of the tomcat6 user through a...
[SECURITY] [DSA 3668-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3668-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst September 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 621-1] autotrace security update
Package : autotrace Version : 0.31.1-16+deb7u1 CVE ID : CVE-2016-7392 Autotrace is a program for converting bitmaps to vector graphics. It had a bug that caused an out-of-bounds write. This was caused by not allocating sufficient memory to store the terminating NULL pointer in an array. For Debia...
[SECURITY] [DSA 3667-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3667-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3667-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3667-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 15, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3666-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 14, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3666-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 14, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 620-1] libphp-adodb security update
Package : libphp-adodb Version : 5.15-1+deb7u1 Debian Bugs : 837211, 837418 It was discovered that there was a SQL injection vulnerability in libphp-adodb, PHP database abstraction layer library. For Debian 7 "Wheezy", this issue has been fixed in libphp-adodb version 5.15-1+deb7u1. We recommend...
[SECURITY] [DSA 3665-1] openjpeg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3665-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 619-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u15 CVE ID : CVE-2016-7116 qemu-kvm built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to a directory/path traversal issue. It could occur while creating or accessing files on a shared host directory. A...
[SECURITY] [DLA 618-1] qemu security update
Package : qemu Version : 1.1.2+dfsg-6+deb7u15 CVE ID : CVE-2016-7116 Debian Bug : 836502 Quick EmulatorQemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to a directory/path traversal issue. It could occur while creating or accessing files on a...
[SECURITY] [DLA 617-1] libarchive security update
Package : libarchive Version : 3.0.4-3+wheezy3 CVE ID : CVE-2015-8915 CVE-2016-7166 Debian Bug : 784213 Several security vulnerabilities have been discovered in libarchive, a multi-format archive and compression library. An attacker could take advantage of these flaws to cause an out of bounds re...
[SECURITY] [DSA 3664-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3664-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 10, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3664-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3664-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 10, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 616-1] curl security update
Package : curl Version : 7.26.0-1+wheezy15 CVE ID : CVE-2016-7141 Debian Bug : 836918 It was discovered that libcurl built on top of NSS Network Security Services incorrectly re-used client certificates if a certificate from file was used for one TLS connection but no certificate set for a...
[SECURITY] [DLA 614-1] xen security update
Package : xen Version : 4.1.6.lts1-2 CVE ID : CVE-2016-7092 CVE-2016-7094 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7092 XSA-185 Jeremie Boutoille of Quarkslab and Shangcong Lua...
[SECURITY] [DSA 3663-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3663-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3662-1] inspircd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 615-1] icu security update
Package : icu Version : 4.8.1.1-12+deb7u5 CVE ID : CVE-2016-6293 This update fixes a buffer overflow in the ulocacceptLanguageFromHTTP function in ICU, the International Components for Unicode C and C++ library, in Debian Wheezy For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DLA 613-1] roundcube security update
Package : roundcube Version : 0.7.2-9+deb7u4 CVE ID : CVE-2014-9587 CVE-2015-1433 CVE-2016-4069 Debian Bug : 822333 775576 776700 Multiple CSRF and XSS issues allow remote attackers to hijack the authentication and execute roundcube operations without the consent of the user. In some cases, this...
[SECURITY] [DLA 612-1] libtomcrypt security update
Package : libtomcrypt Version : 1.17-3.2+deb7u1 CVE ID : CVE-2016-6129 It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5...
[SECURITY] [DSA 3661-1] charybdis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3660-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3660-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 05, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3660-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3660-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 05, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 611-1] jsch security update
Package : jsch Version : 0.1.42-2+deb7u1 CVE ID : CVE-2016-5725 It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. For Debian 7 "Wheezy", this issue has been fixed in jsch version 0.1.42-2+deb7u1. We recommend that you upgrade...
[SECURITY] [DLA 610-1] tiff3 security update
Package : tiff3 Version : 3.9.6-11+deb7u1 CVE ID : CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317...