14355 matches found
[SECURITY] [DSA 3318-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3318-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS July 26, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3317-1] lxc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3317-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3317-1] lxc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3317-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 282-1] lighttpd security update
Package : lighttpd Version : 1.4.28-2+squeeze1.7 CVE ID : CVE-2014-3566 Debian Bug : 765702 This update allows to disable SSLv3 in lighttpd in order to protect against the POODLE attack. SSLv3 is now disabled by default and can be reenabled if needed using the ssl.use-sslv3 option...
[SECURITY] [DLA 281-1] expat security update
Package : expat Version : 2.0.1-7+squeeze2 CVE ID : CVE-2015-1283 Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or...
[SECURITY] [DLA 280-1] ghostscript security update
Package : ghostscript Version : 8.71dfsg2-9+squeeze2 CVE ID : CVE-2015-3228 Debian Bug : 793489 In gsheapallocbytes, add a sanity check to ensure we dont overflow the variable holding the actual number of bytes we allocate...
[SECURITY] [DSA 3316-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3316-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3315-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3315-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3314-1] typo3-src end of life
------------------------------------------------------------------------- Debian Security Advisory DSA-3314-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3313-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3313-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 279-1] python-tornado security update
Package : python-tornado Version : 1.0.1-1+deb6u1 CVE ID : CVE-2014-9720 A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random...
[SECURITY] [DSA 3312-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3312-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 22, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 278-2] cacti regression update
Package : cacti Version : 0.8.7g-1+squeeze8 The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in...
[SECURITY] [DLA 278-1] cacti security update
Package : cacti Version : 0.8.7g-1+squeeze7 CVE ID : CVE-2015-4634 Debian Bug : NA Several SQL injection vulnerabilities were discovered in cacti, a frontend to rrdtool for monitoring systems and service: CVE-2015-4634 SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to...
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 277-1] libidn security update
Package : libidn Version : 1.15-2+deb6u1 CVE ID : CVE-2015-2059 Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names IDNs. In the case of the Jabber server, this results in information disclosure, and it is...
[SECURITY] [DLA 275-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u6 CVE ID : CVE-2014-6438 It was discovered that the uri package in the Ruby standard library uses regular expressions that may result in excessive backtracking. Ruby applications that parse untrusted URIs using this library were susceptible to...
[SECURITY] [DLA 274-1] groovy security update
Package : groovy Version : 1.7.0-4+deb6u1 CVE ID : CVE-2015-3253 cpnrodzc7, working with HPs Zero Day Initiative, discovered that Java applications using standard Java serialization mechanisms to decode untrusted data, and that have Groovy on their classpath, can be passed a serialized object tha...
[SECURITY] [DSA 3310-1] freexl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3310-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 276-1] inspircd security update
Package : inspircd Version : 1.1.22+dfsg-4+squeeze2 Debian Bug : 780880 Adam [email protected], upstream author of inspircd found the Debian patch that fixed CVE-2012-1836 was incomplete. Furthermore, it introduced an issue, since invalid dns packets caused an infinite loop. This upload corrects the...
[SECURITY] [DSA 3309-1] tidy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 273-1] tidy security update
Package : tidy Version : 20091223cvs-1+deb6u1 CVE ID : CVE-2015-5522 CVE-2015-5523 Debian Bug : 792571 Fernando Muñoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this...
[SECURITY] [DSA 3308-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3308-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3308-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 272-1] python-django security update
Package : python-django Version : 1.2.3-3+squeeze13 CVE ID : CVE-2015-2317 CVE-2015-5143 CVE-2015-5144 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web developmen...
[SECURITY] [DLA 271-1] libunwind security update
Package : libunwind Version : 0.99-0.2+deb6u1 CVE ID : CVE-2015-3239 Invalid dwarf opcodes can cause references beyond the end of the array...
[SECURITY] [DLA 270-1] bind9 security update
Package : bind9 Version : 9.7.3.dfsg-1squeeze15 CVE ID : CVE-2015-4620 Debian Bug : 791715 A vulnerability has been found in the Internet Domain Name Server bind9: CVE-2015-4620 Breno Silveira Soares of Servico Federal de Processamento de Dados SERPRO discovered that the BIND DNS server is prone ...
[SECURITY] [DSA 3307-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3307-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 09, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3306-1] pdns security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3306-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 09, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3305-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3305-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 08, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 269-1] linux-ftpd-ssl security update
Package : linux-ftpd-ssl Version : 0.17.32+0.3-1+deb6u1 Debian Bug : 788331 The issue is due to a case of missing brackets in the patch 500-ssl.diff, which causes the execution of fcloseNULL and thus displays as a segmentation fault. The error appears while transmogrifying linux-ftpd into...
[SECURITY] [DSA 3304-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3304-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 07, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3304-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3304-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 07, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3303-1] cups-filters security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3303-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 07, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3302-1] libwmf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3302-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 06, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 268-1] virtualbox-ose security update
Package : virtualbox-ose Version : 3.2.10-dfsg-1+squeeze4 CVE ID : CVE-2015-0377 CVE-2015-0418 CVE-2015-3456 Debian Bug : 775888 785424 Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox package name: virtualbox-ose, a x86 virtualisation solution. CVE-2015-0377...
[SECURITY] [DLA 261-2] aptdaemon regression update
Package : aptdaemon Version : 0.31+bzr413-1.1+deb6u2 Debian Bug : 791469 It was reported that version 0.31+bzr413-1.1+deb6u1 of aptdaemon which fixed CVE-2015-1323 was not installable if you have Python 2.5 installed. This has been fixed in version 0.31+bzr413-1.1+deb6u2. Raphaël Hertzog ◈ Debian...
[SECURITY] [DSA 3301-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3301-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3301-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3301-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3300-1] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3300-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 266-1] libxml2 security update
Package : libxml2 Version : 2.7.8.dfsg-2+squeeze12 CVE ID : CVE-2015-1819 Debian Bug : 782782 782985 783010 This upload to Debian squeeze-lts fixes three issues found in the libxml2 package. 1 CVE-2015-1819 / 782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser whi...
[SECURITY] [DLA 265-1] pykerberos security update
Package : pykerberos Version : 1.1+svn4895-1+deb6u1 CVE ID : CVE-2015-3206 Martin Prpic has reported the possibility of a man-in-the-middle attack in the pykerberos code to the Red Hat Bugzilla Fedora bug tracker. The original issue has earlier been reported upstream 1. We are quoting the upstrea...
[SECURITY] [DSA 3299-1] stunnel4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3299-1] stunnel4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 265-1] unattended-upgrades security update
Package : unattended-upgrades Version : 0.62.2+squeeze1 CVE ID : CVE-2015-1330 Bug : LP: 1466380 It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg...
[SECURITY] [DLA 264-1] libmodule-signature-perl security update
Package : libmodule-signature-perl Version : 0.63-1+squeeze2 CVE ID : CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 Debian Bug : 783451 John Lightsey discovered multiple vulnerabilities in Module::Signature, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities an...
[SECURITY] [DLA 263-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u5 CVE ID : CVE-2012-5371 CVE-2013-0269 Debian Bug : 693024 700471 Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly...