14351 matches found
[SECURITY] [DSA 3587-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 27, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3587-1] libgd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 27, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 490-1] bozohttpd security update
Package : bozohttpd Version : 20111118-1+deb7u1 CVE ID : CVE-2014-5015 CVE-2015-8212 Debian Bug : 755197 Two security vulnerabilities have been discovered in bozohttpd, a small HTTP server. CVE-2014-5015 Bozotic HTTP server aka bozohttpd before 201407081 truncates paths when checking .htpasswd...
[SECURITY] [DLA 487-1] debian-security-support - Long term security support update
Package : debian-security-support Version : 2016.05.24deb7u1 The Debian Long Term Support LTS Team is unable to continue supporting different packages in the extended life cycle of Wheezy LTS. The debian-security-support package provides the check-support-status tool that helps to warn the...
[SECURITY] [DLA 489-1] ruby-mail security update
Package : ruby-mail Version : 2.4.4-2+deb7u1 CVE ID : N/A Debian Bug : N/A This security update fixes a security issue in ruby-mail. We recommend you upgrade your ruby-mail package. Takeshi Terada Mitsui Bussan Secure Directions, Inc. released a whitepaper entitled "SMTP Injection via recipient...
[SECURITY] [DLA 488-1] xymon security update
Package : xymon Version : 4.3.0beta2.dfsg-9.1+deb7u1 CVE ID : CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2058 Markus Krell discovered that Xymon formerly known as Hobbit, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054 The...
[SECURITY] [DSA 3586-1] atheme-services security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3586-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 23, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 486-1] imagemagick security update
Package : imagemagick Version : 8:6.7.7.10-5+deb7u5 CVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 823542 Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image...
[SECURITY] [DSA 3585-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3585-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 485-1] extplorer security update
Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u3 CVE ID : CVE-2015-5660 This security update fixes a security issue in extplorer. We recommend you upgrade your extplorer package. CVE-2015-5660 Cross-site request forgery CSRF vulnerability allows remote attackers to hijack the authentication ...
[SECURITY] [DLA 484-1] graphicsmagick security update
Version : 1.3.16-1.1+deb7u1 CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 814732 Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files. GraphicsMagick is a fork of...
[SECURITY] [DLA 483-1] expat security update
Package : expat Version : 2.1.0-1+deb7u3 CVE ID : CVE-2016-0718 Gustavo Grieco discovered that Expat, a XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take...
[SECURITY] [DSA 3584-1] librsvg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3584-1] librsvg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 482-1] libgd2 security update
Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u3 CVE ID : CVE-2015-8874 Debian Bug : 824627 It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call. For...
[SECURITY] [DSA 3583-1] swift-plugin-s3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3583-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 472-2] icedove regression update
Package : icedove Version : 31.8.0-1deb7u1.1 CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807 Debian Bug : 823430 The security update for icedove did not build on armhf. This is resolved by this upload. The text of the original DLA follows: Multiple security issues have been found in Icedove,...
[SECURITY] [DLA 481-1] phpmyadmin security update
Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u3 CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2045 CVE-2016-2560 This security update fixes a number of security issues in phpMyAdmin. We recommend you upgrade your phpmyadmin packages. CVE-2016-1927...
[SECURITY] [DLA 480-1] nss security update
Package : nss Version : 3.14.5-1+deb7u6 CVE ID : CVE-2015-7181 CVE-2015-7182 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 This security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7 "wheezy", these problem...
[SECURITY] [DSA 3582-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3582-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 479-1] xen security update
Package : xen Version : 4.1.6.1-1+deb7u1 CVE ID : CVE-2015-2752 CVE-2015-2756 CVE-2015-5165 CVE-2015-5307 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8615 CVE-2016-1570 CVE-2016-1571...
[SECURITY] [DLA 477-1] librsvg security update
Package : librsvg Version : 2.36.1-2+deb7u2 CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348 Note CVE-2016-4347 is a duplicate of CVE-2015-7558 Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found they will produce stack exhaustion by Gustavo Grieco. The version in wheezy...
[SECURITY] [DLA 476-1] libidn security update
Package : libidn Version : 1.25-2+deb7u1 CVE ID : CVE-2015-2059 It was discovered that libidn, the GNU library for Internationalized Domain Names IDNs, did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an...
[SECURITY] [DSA 3581-1] libndp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3581-1] libndp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3580-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3580-1 [email protected] https://www.debian.org/security/ Luciano Bello May 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3580-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3580-1 [email protected] https://www.debian.org/security/ Luciano Bello May 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 478-1] squid3 security update
Package : squid3 Version : 3.1.20-2.2+deb7u5 CVE ID : CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Debian Bug : 823968 Several security issues have been discovered in the Squid caching proxy. CVE-2016-4051 CESG and Yuriy M. Kaminskiy discovered...
[SECURITY] [DSA 3579-1] xerces-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3579-1] xerces-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 475-1] python-tornado security update
Package : python-tornado Version : 2.3-2+deb7u1 CVE ID : CVE-2014-9720 It was discovered that python-tornado, a Python web framework and asynchronous networking library, was susceptible for the BREACH attack. The XSRF token is now encoded with a random mask on each request. This makes it safe to...
[SECURITY] [DLA 474-1] dosfstools security update
Package : dosfstools Version : 3.0.13-1+deb7u1 CVE IDs : CVE-2015-8872 CVE-2016-4804 It was discovered that there was an invalid memory and heap overflow vulnerability in dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems. For Debian 7 "Wheezy", this issue has be...
[SECURITY] [DLA 473-1] wpa security update
Package : wpa Version : 1.0-3+deb7u4 CVE ID : CVE-2016-4476 CVE-2016-4477 Debian Bug : 823411 A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters...
[SECURITY] [DSA 3578-1] libidn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3578-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3577-1] jansson security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3577-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 472-1] icedove security update
Package : icedove Version : 38.8.0-1deb7u1 CVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807 Multiple security issues have been found in Icedove, Debians version of the Mozilla Thunderbird mail client. Multiple memory safety errors may lead to the execution of arbitrary code or denial of service...
[SECURITY] [DSA 3576-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3576-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 13, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 471-1] jansson security update
Package : jansson Version : 2.3.1-2+deb7u1 CVE ID : CVE-2016-4425 Debian Bug : 823238 Applications that depend on Jansson, a C library for encoding, decoding and manipulating JSON data, could crash due to stack exhaustion while parsing a JSON file. This was caused due to an unlimited parsing dept...
[SECURITY] [DLA 470-1] libksba security update
Package : libksba Version : 1.2.0-2+deb7u2 CVE ID : CVE-2016-4579 It was discovered that there was a possible read access beyond a buffer vulnerability in libksba, a X.509 and CMS certificate support library. The returned length of the object from ksbaberparsetl ti.length was not always checked...
[SECURITY] [DSA 3575-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3575-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 468-1] libuser security update
Package : libuser Version : 1:0.56.9.dfsg.1-1.2+deb7u1 CVE ID : CVE-2015-3245 CVE-2015-3246 Debian Bug : 793465 Two security vulnerabilities were discovered in libuser, a library that implements a standardized interface for manipulating and administering user and group accounts, that could lead t...
[SECURITY] [DLA 469-1] libgwenhywfar security update
Package : libgwenhywfar Version : 4.3.3-1+deb7u1 CVE ID : CVE-2015-7542 Debian Bug : 748955 It was discovered that libgwenhywfar an OS abstraction layer that allows porting of software to different operating systems like Linux, BSD, Windows etc. used an outdated CA certificate bundle. For Debian ...
[SECURITY] [DLA 467-1] xerces-c security update
Package : xerces-c Version : 3.1.1-3+deb7u3 CVE ID : CVE-2016-2099 Debian Bug : 823863 XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed...
[SECURITY] [DLA 466-1] ocaml security update
Package : ocaml Version : 3.12.1-4+deb7u1 CVE ID : CVE-2015-8869 OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads...
[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3565-2 [email protected] https://www.debian.org/security/ Sebastien Delafond May 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3565-2 [email protected] https://www.debian.org/security/ Sebastien Delafond May 11, 2016 https://www.debian.org/security/faq -...
[BSA-110] Security Update for wordpress
Craig Small [email protected] uploaded new packages for wordpress which fixed the following securty problems: CVE-2016-4566 Reflected XSS in PLupload and mediaelement For the jessie-backports distribution the problems have been fixed in version 4.5.2+dfsg-1bpo8+1 Craig Small @smallsees...
[SECURITY] [DLA 465-1] debian-security-support update
Package : debian-security-support Version : 2016.05.09+nmu1deb7u1 It is not feasible to fully support some Debian packages through the releases life cycle. The debian-security-support package provides the check-support-status tool that helps to warn the administrator about installed packages whos...
[SECURITY] [DSA 3574-1] libarchive security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3574-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2016 https://www.debian.org/security/faq -...