14355 matches found
[SECURITY] [DSA 3298-1] jackrabbit security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3298-1 [email protected] https://www.debian.org/security/ Markus Koschany July 01, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 262-1] libcrypto++ security update
Package : libcrypto++ Version : 5.6.0-6+deb6u1 CVE ID : CVE-2015-2141 Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow...
[SECURITY] [DLA 261-1] aptdaemon security update
Package : aptdaemon Version : 0.31+bzr413-1.1+deb6u1 CVE ID : CVE-2015-1323 Debian Bug : 789162 Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the...
[SECURITY] [DLA 260-1] hostapd security update
Package : hostapd Version : 1:0.6.10-2+squeeze2 CVE ID : CVE-2015-4142 A vulnerability was found in WMM Action frame processing in a case where hostapd is used to implement AP mode MLME/SME functionality i.e., Host AP driver of a mac80211-based driver on Linux. This vulnerability can be used to...
[SECURITY] [DLA 259-1] shibboleth-sp2 security update
Package : shibboleth-sp2 Version : 2.3.1+dfsg-5+deb6u1 CVE ID : CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth an federated identity framework Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could...
[SECURITY] [DLA 258-1] jqueryui security update
Package : jqueryui Version : 1.8.dfsg-3+deb6u1 CVE ID : CVE-2010-5312 Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripti...
[SECURITY] [DSA 3297-1] unattended-upgrades security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3297-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 257-1] libwmf security update
Package : libwmf Version : 0.2.8.4-6.2+deb6u2 CVE ID : CVE-2015-4695 CVE-2015-4696 Debian Bug : 784192 784205 libwmf is vulnerable to two denial of service due to invalid read operations when processing specially crafted WMF files. CVE-2015-4695 Heap buffer overread in libwmf CVE-2015-4696 Read...
[SECURITY] [DLA 256-1] t1utils security update
Package : t1utils Version : 1.36-1+deb6u1 CVE ID : CVE-2015-3905 Debian Bug : 779274 Jakub Wilk found a vulnerability in the Type 1 font manipulation programs, t1utils: CVE-2015-3905 Buffer overflow in the setcsstart function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a...
[SECURITY] [DSA 3296-1] libcrypto++ security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 255-1] cacti security update
Package : cacti Version : 0.8.7g-1+squeeze6 CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454 Several vulnerabilities cross-site scripting and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. We recommend that you upgrade your cacti packages...
[SECURITY] [DLA 254-1] librack-ruby security update
Package : librack-ruby Version : 1.1.0-4+squeeze3 CVE ID : CVE-2015-3225 There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface. Carefully crafted requests can cause a SystemStackError and cause a denial of service attack by exploiting the lack of a...
[SECURITY] [DLA 253-1] libwmf security update
Package : libwmf Version : 0.2.8.4-6.2+deb6u1 CVE ID : CVE-2015-0848 CVE-2015-4588 Debian Bug : 787644 The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files: CVE-2015-0848 A heap overflow when decoding embedded BMP...
[SECURITY] [DSA 3295-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3295-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 251-2] zendframework regression update
Package : zendframework Version : 1.10.6-1squeeze4 CVE ID : CVE-2012-6531 CVE-2012-6532 CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 Debian Bug : 743175 754201 The previous zendframework upload incorrectly fixes...
[SECURITY] [DSA 3294-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3294-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA-252-1] postgresql-8.4 update
Package : postgresql-8.4 Version : 8.4.22lts4-0+deb6u1 Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to the 9.0.22...
[SECURITY] [DLA 251-1] zendframework security update
Package : zendframework Version : 1.10.6-1squeeze3 CVE ID : CVE-2012-6531 CVE-2012-6532 CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 Debian Bug : 743175 754201 Several vulnerabilities were found in the Zend PHP...
[SECURITY] [DSA 3293-1] pyjwt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3293-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 20, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 250-1] libclamunrar security update
Package : libclamunrar Version : 0.98.5-0+deb6u1 Debian Bug : 770647 Upstream published version 0.98.5. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases. This update corrects a double-free error that existed within the...
[SECURITY] [DLA 249-1] qemu-kvm security update
Package : qemu-kvm Version : 0.12.5+dfsg-5+squeeze11 CVE ID : CVE-2015-3456 A vulnerability was discovered in the qemu virtualisation solution: CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. Despi...
[SECURITY] [DLA 248-1] qemu security update
Package : qemu Version : 0.12.5+dfsg-3squeeze4 CVE ID : CVE-2015-3456 A vulnerability was discovered in the qemu virtualisation solution: CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. Despite the...
[SECURITY] [DSA 3292-1] cinder security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3292-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 19, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3292-1] cinder security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3292-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 19, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3291-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3291-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3290-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3290-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 247-1] openssl security update
Package : openssl Version : 0.9.8o-4squeeze21 CVE ID : CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000 Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert...
[SECURITY] [DLA 246-2] linux-2.6 regression update
Package : linux-2.6 Version : 2.6.32-48squeeze13 CVE ID : CVE-2011-5321 CVE-2012-6689 CVE-2014-3184 CVE-2014-8159 CVE-2014-9683 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2830 CVE-2015-2922 CVE-2015-3339 CVE-2015-4167 Debian Bug :...
[SECURITY] [DLA 246-1] linux-2.6 security update
Package : linux-2.6 Version : 2.6.32-48squeeze12 CVE ID : CVE-2011-5321 CVE-2012-6689 CVE-2014-3184 CVE-2014-8159 CVE-2014-9683 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2830 CVE-2015-2922 CVE-2015-3339 CVE-2015-4167 This update fix...
[SECURITY] [DSA 3289-1] p7zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3289-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 15, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3289-1] p7zip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3289-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 15, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 245-1] p7zip security update
Package : p7zip Version : 9.04dfsg.1-1+deb6u1 CVE ID : CVE-2015-1038 Debian Bug : 774660 Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further...
[SECURITY] [DSA 3252-2] sqlite3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3252-2 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 14, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3288-1] libav security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3288-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3287-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3287-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3286-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3286-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3285-1] qemu-kvm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3285-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3285-1] qemu-kvm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3285-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3284-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3284-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3284-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3284-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 244-1] strongswan security update
Package : strongswan Version : 4.4.1-5.7 CVE ID : CVE-2015-4171 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When a client authenticate the server with certificates and the client authenticates using pre-shared key or EAP, th...
[SECURITY] [DLA 242-1] imagemagick security update
Package : imagemagick Version : 8:6.6.0.4-3+squeeze6 CVE ID : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 Debian Bug : 773834 767240 683285 692367 This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats...
[SECURITY] [DLA 243-1] libraw security update
Package : libraw Version : 0.9.1-1+deb6u1 CVE ID : CVE-2015-3885 Debian Bug : 786788 This DLA supersedes my wrong announcement using DLA 241-1 CVE-2015-3885: Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a...
[SECURITY][DLA 241-1] wireshark security update
Package : wireshark Version : 1.8.2-5wheezy16deb6u1 CVE ID : CVE-2015-3811 The following vulnerabilities were discovered in the Squeeze LTSs prior Wireshark version: CVE-2015-3811 The WCP dissector could crash while decompressing data...
[SECURITY] [DLA 241-1] libraw security update
Package : libraw Version : 0.9.1-1+deb6u1 CVE ID : CVE-2015-3885 Debian Bug : 786788 CVE-2015-3885: Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a crafted image, which triggers a buffer overflow, related to th...
[SECURITY] [DSA 3283-1] cups security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3283-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3283-1] cups security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3283-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2015 https://www.debian.org/security/faq -...