14355 matches found
[SECURITY] [DLA 240-1] libapache-mod-jk security update
Package : libapache-mod-jk Version : 1:1.2.30-1squeeze2 CVE ID : CVE-2014-8111 Debian Bug : 783233 An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount...
[SECURITY] [DLA 239-1] cups security update
Package : cups Version : 1.4.4-7+squeeze8 CVE ID : CVE-2015-1158 CVE-2015-1159 Two critical vulnerabilities have been found in the CUPS printing system: CVE-2015-1158 - Improper Update of Reference Count Cupsd uses reference-counted strings with global scope. When parsing a print job request, cup...
[SECURITY] [DSA 3282-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3282-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez June 08, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice
------------------------------------------------------------------------- Debian Security Advisory DSA-3281-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 7, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3280-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 238-1] fuse security update
Package : fuse Version : 2.8.4-1.1+deb6u1 CVE ID : CVE-2015-3202 Debian Bug : 786439 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite...
[SECURITY] [DSA 3279-1] redis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3279-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini June 06, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 237-1] mercurial security update
Package : mercurial Version : 1.6.4-1+deb6u1 CVE ID : CVE-2014-9390 CVE-2014-9462 CVE-2014-9462 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3249-2] jqueryui security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3249-2 [email protected] http://www.debian.org/security/ Sebastien Delafond June 02, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3249-2] jqueryui security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3249-2 [email protected] http://www.debian.org/security/ Sebastien Delafond June 02, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3277-1] wireshark security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3277-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 02, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 236-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb6u6 CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CVE-2015-3438 CVE-2015-3439 CVE-2015-3440 Debian Bug : 783347 783554 770425 In the Debian squeeze-lts version of Wordpress,...
[SECURITY] [DSA 3276-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3269-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 31, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3269-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 31, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 235-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u4 CVE ID : CVE-2011-0188 CVE-2011-2705 CVE-2012-4522 CVE-2013-0256 CVE-2013-2065 CVE-2015-1855 CVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and oth...
[SECURITY] [DLA 234-1] ipsec-tools security update
Package : ipsec-tools Version : 1:0.7.3-12+deb6u1 CVE ID : CVE-2015-4047 Debian Bug : 785778 Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted U...
[SECURITY] [DSA 3275-1] fusionforge security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3275-1] fusionforge security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA-227-1] postgresql-8.4 update
Package : postgresql-8.4 Version : 8.4.22lts2-0+deb6u2 CVE ID : CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Several vulnerabilities were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version...
[SECURITY] [DLA 233-1] clamav security and upstream version update
Package : clamav Version : 0.98.7+dfsg-0+deb6u1 CVE ID : CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2668 Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used...
[SECURITY] [DSA 3274-1] virtualbox security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3274-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 28, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 232-1] tomcat6 security update
Package : tomcat6 Version : 6.0.41-2+squeeze7 CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 Debian Bug : 787010 785312 785316 The following vulnerabilities were found in Apache Tomcat 6: CVE-2014-0227 The Tomcat security team identified that it was possible to conduct HTTP request smuggling...
[SECURITY] [DLA 228-1] exactimage security update
Package : exactimage Version : 0.8.1-3+deb6u4 CVE ID : CVE-2015-3885 Debian Bug : 786785 A vulnerability has been discovered in the ExactImage image manipulation programs. CVE-2015-3885 Eduardo Castellanos discovered an Integer overflow in the dcraw version included in ExactImage. This...
[SECURITY] [DLA 231-1] dulwich security update
Package : dulwich Version : 0.6.1-1+deb6u1 CVE ID : CVE-2015-0838 Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the applydelta function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the...
[SECURITY] [DLA 230-1] eglibc security update
Package : eglibc Version : 2.11.3-4+deb6u6 CVE ID : CVE-2015-1781 Arjun Shankar of Red Hat discovered that gethostbynamer and related functions compute the size of an input buffer incorrectly if the passed-in buffer is misaligned. This results in a buffer overflow. For the oldoldstable distributi...
[SECURITY] [DLA 229-1] libnokogiri-ruby security update
Package : libnokogiri-ruby Version : 1.4.0-4+deb6u1 CVE ID : CVE-2012-6685 An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause...
[SECURITY] [DLA 226-2] ntfs-3g regression update
Package : ntfs-3g Version : 1:2010.3.6-1+deb6u2 CVE ID : CVE-2015-3202 The patch applied for ntfs-3g to fix CVE-2015-3202 in DLA 226-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driv...
[SECURITY] [DSA 3268-2] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3268-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 26, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3268-2] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3268-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 26, 2015 http://www.debian.org/security/faq -...
[BSA-107] Security Update for horizon
Thomas Goirand uploaded new packages for horizon which fixed the following security problem: CVE-2015-3988: Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a...
[SECURITY] [DSA 3273-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3273-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 25, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 226-1] ntfs-3g security update
Package : ntfs-3g Version : 1:2010.3.6-1+deb6u1 CVE ID : CVE-2015-3202 Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite...
[BSA-106] Security Update for nbd
Wouter Verhelst uploaded new packages for nbd which fixed the following security problems: CVE-2015-0847 Tuomas Räsänen discovered that nbd-server unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server...
[SECURITY] [DSA 3265-2] zendframework regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3265-2 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 24, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3272-1] ipsec-tools security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3272-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 23, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3272-1] ipsec-tools security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3272-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 23, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3271-1] nbd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3271-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 23, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3270-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3270-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3269-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3269-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3269-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3269-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3268-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3268-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3268-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3268-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3267-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3267-1 [email protected] http://www.debian.org/security/ Michael Gilbert May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3267-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3267-1 [email protected] http://www.debian.org/security/ Michael Gilbert May 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3266-1] fuse security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3266-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 21, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3266-1] fuse security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3266-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 21, 2015 http://www.debian.org/security/faq -...