14351 matches found
[SECURITY] [DSA 3659-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3659-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3653-2] flex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3653-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3653-2] flex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3653-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 609-1] linux security update
Package : linux Version : 3.2.81-2 CVE ID : CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7118 Debian Bug : 827561 This update fixes the CVEs described below. CVE-2016-3857 Chiachih Wu reported two bugs in the ARM OABI compatibility lay...
[SECURITY] [DLA 608-1] mailman security update
Package : mailman Version : 1:2.1.15-1+deb7u2 CVE ID : CVE-2016-6893 Debian Bug : 835970 It was discovered that there was a CSRF vulnerability in mailman, a web-based mailing list manager, which could allow an attacker to obtain a users password. For Debian 7 "Wheezy", this issue has been fixed i...
[SECURITY] [DSA 3658-1] libidn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 01, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3658-1] libidn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 01, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 560-2] cacti regression update
Package : cacti Version : 0.8.8a+dfsg-5+deb7u10 The fix for CVE-2016-2313 did not take into account guest users. This update fixes it. For Debian 7 "Wheezy", these problems have been fixed in version 0.8.8a+dfsg-5+deb7u10. We recommend that you upgrade your cacti packages. Further information abo...
[SECURITY] [DLA 606-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u6 CVE ID : CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875 Several vulnerabilities were found in the tiff library, potentially causing denial of services to applicatio...
[SECURITY] [DSA 3657-1] libarchive security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3657-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3656-1] tryton-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3656-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 602-1] gnupg security and hardening update
Package : gnupg Version : 1.4.12-7+deb7u8 CVE ID : CVE-2016-6313 Debian Bug : 834893 CVE-2016-6313 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPGs random number generator. An attacker who obtains 4640 bits from the...
[SECURITY] [DLA 605-1] eog security update
Package : eog Version : 3.4.2-1+build1+deb7u1 CVE ID : CVE-2016-6855 It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulti...
[SECURITY] [DLA 604-1] ruby-actionpack-3.2 security update
Package : ruby-actionpack-3.2 Version : 3.2.6-6+deb7u3 CVE ID : CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 CVE-2016-2098 CVE-2016-6316 Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails: CVE-2015-7576 A flaw was...
[SECURITY] [DLA 603-1] ruby-activesupport-3.2 security update
Package : ruby-activesupport-3.2 Version : 3.2.6-6+deb7u2 CVE ID : CVE-2015-3227 The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service SystemStackError via a large XML document depth. For Debian 7 "Wheezy", these problems have been fix...
[SECURITY] [DLA 601-1] quagga security update
Package : quagga Version : 0.99.22.4-1+wheezy3 CVE ID : CVE-2016-4036 CVE-2016-4049 Debian Bug : 835223, 822787 The quagga package installs world readable sensitive files in /etc/quagga, and might be subject to denial of service because of lacking packet size checks. CVE-2016-4036 The quagga...
[SECURITY] [DSA 3655-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3655-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3655-1] mupdf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3655-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3654-1] quagga security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3654-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3654-1] quagga security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3654-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3653-1] flex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3653-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3652-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3652-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3651-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3651-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3651-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3651-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 600-1] libgcrypt11 security update
Package : libgcrypt11 Version : 1.5.0-5+deb7u5 CVE ID : CVE-2016-6313 The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypts random...
[SECURITY] [DLA 599-1] cracklib2 security update
Package : cracklib2 Version : 2.8.19-3+deb7u1 CVE ID : CVE-2016-6318 Debian Bug : 834502 It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 7 "Wheezy", this issue has been fixed in cracklib...
[SECURITY] [DLA 598-1] suckless-tools security update
Package : suckless-tools Version : 38-2+deb7u1 CVE ID : CVE-2016-6866 It was discovered that the slock screen locking tool would segfault when the users account had been disabled. slock called crypt3 and used the return value for strcmp3 without checking to see if the return value of crypt3 was a...
[SECURITY] [DLA 597-1] libupnp security update
Package : libupnp Version : 1.6.17-1.2+deb7u1 CVE ID : CVE-2016-6255 Debian Bug : 831857 It has been discovered that libupnps default behaviour allows anyone to write to the filesystem of the system running a libupnp-based server application. For Debian 7 "Wheezy", these problems have been fixed ...
[SECURITY] [DSA 3650-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3650-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3649-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3649-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3649-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3649-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 596-1] extplorer security update
Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u4 CVE ID : CVE-2016-4313 It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager. The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended targe...
[SECURITY] [DLA 595-1] wireshark security update
Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u3 CVE ID : CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Multiple vulnerabilities were discovered in the dissectors for NDS, PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlo...
[SECURITY] [DLA 594-1] openssh security update
Package : openssh Version : 6.0p1-4+deb7u6 CVE ID : CVE-2016-6515 Debian Bug : 833823 OpenSSH secure shell client and server had a denial of service vulnerability reported. CVE-2016-6515 The password authentication function in sshd in OpenSSH before 7.3 does not limit password lengths for passwor...
[SECURITY] [DSA 3648-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3648-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3647-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3647-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 593-1] nettle security update
Package : nettle Version : 2.4-3+deb7u1 CVE ID : CVE-2016-6489 Debian Bug : 832983 The cryptographic library nettle had a potential information leak problem reported. CVE-2016-6489 RSA code is vulnerable to cache sharing related attacks. For Debian 7 "Wheezy", this problems has been fixed in...
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 592-1] postgresql-9.1 security update
Package : postgresql-9.1 Version : 9.1.23-0+deb7u1 Several vulnerabilities have been found in PostgreSQL, an SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclo...
[SECURITY] [DLA 588-2] mongodb security update
Package : mongodb Version : 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087 This is an update of DLA-558-1. The previous build had revision number that was considered lower than the one in wheezy and was therefore not installed at upgrade. The text for DLA-558-1 is included here...
[SECURITY] [DLA 587-1] fontconfig security update
Package : fontconfig Version : 2.9.0-7.1+deb7u1 CVE ID : CVE-2016-5384 Debian Bug : 833570 A possible double free vulnerability was found in fontconfig. The problem was due to insufficient validation when parsing the cache file. For Debian 7 "Wheezy", these problems have been fixed in version...
[SECURITY] [DLA 591-1] libreoffice security update
Package : libreoffice Version : 3.5.4+dfsg2-0+deb7u8 CVE ID : CVE-2016-1513 An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in LibreOffice Impress. The defect may cause the...
[SECURITY] [DLA 590-1] python-django security update
Package : python-django Version : 1.4.22-1 The release team recently approved rebasing jessie on latest python-django 1.7.x see 807654. For similiar reasons, it makes sense to rebase wheezy on latest 1.4.x, especially since 1.4.x is an LTS version. Django 1.4.22-1 has been uploaded to...
[SECURITY] [DSA 3645-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3645-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3644-1] fontconfig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3644-1] fontconfig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...