[SECURITY] [DLA 215-1] libjson-ruby security update

Package : libjson-ruby Version : 1.1.9-1+deb6u1 CVE ID : CVE-2013-0269 The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbo...

[SECURITY] [DLA 214-1] libxml-libxml-perl security update

Package : libxml-libxml-perl Version : 1.70.ds-1+deb6u1 CVE ID : CVE-2015-3451 Debian Bug : 783443 In some cases, XML::LibXML did not respect the request to disable entities expansion. Applications handling untrusted XML files can then be tricked into disclosing the content of local files. In...

[SECURITY] [DLA 213-1] openjdk-6 security update

Package : openjdk-6 Version : 6b35-1.13.7-1deb6u1 CVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of...

[SECURITY] [DLA 210-1] qt4-x11 security update

Package : qt4-x11 Version : 4:4.6.3-4+squeeze3 CVE ID : CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 Debian Bug : 779550 783133 This update fixes multiple security issues in the Qt library. CVE-2013-0254 The QSharedMemory class uses weak permissions world-readable and...

[SECURITY] [DLA 212-1] php5 security update

Package : php5 Version : 5.3.3.1-7+squeeze26 CVE ID : CVE-2014-9705 CVE-2015-0232 CVE-2015-2301 CVE-2015-2331 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 CVE-2014-9705 Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38,...

[SECURITY] [DLA 211-1] curl security update

Package : curl Version : 7.21.0-2.1+squeeze12 CVE ID : CVE-2015-3143 CVE-2015-3148 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests bein...

[SECURITY] [DSA 3241-1] elasticsearch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3241-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 29, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3240-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3240-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 29, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3239-1] icecast2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3239-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 29, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 209-1] jruby security update

Package : jruby Version : 1.5.1-1+deb6u1 CVE ID : CVE-2011-4838 Debian Bug : 686867 JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted...

[SECURITY] [DLA 208-1] tzdata new upstream version

Package : tzdata Version : 2015d-0+deb6u1 Upstream published version 2015d, removing the DST rule for Egypt starting in 2015. Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://www.aurel32.net...

[BSA-104] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2015-1774: It was discovered that missing input sanitising in Libreoffices filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. For the...

[BSA-104] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2015-1774: It was discovered that missing input sanitising in Libreoffices filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. For the...

[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3237-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3237-1 [email protected] http://www.debian.org/security/ Ben Hutchings April 26, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3237-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3237-1 [email protected] http://www.debian.org/security/ Ben Hutchings April 26, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3236-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3236-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 25, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3235-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3235-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3234-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3234-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3233-1] wpa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3233-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3233-1] wpa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3233-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 207-1] subversion security update

Package : subversion Version : 1.6.12dfsg-7+deb6u2 CVE ID : CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2014-0032 CVE-2015-0248 CVE-2015-0251 Debian Bug : 704940 737815 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and...

[SECURITY] [DSA 3232-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3232-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 198-1] wireshark security update

Package : wireshark Version : 1.8.2-5wheezy15deb6u1 CVE ID : CVE-2015-2191 CVE-2015-2188 CVE-2015-0564 CVE-2015-0562 CVE-2014-8714 CVE-2014-8713 CVE-2014-8712 CVE-2014-8711 CVE-2014-8710 CVE-2014-6432 CVE-2014-6431 CVE-2014-6430 CVE-2014-6429 CVE-2014-6428 CVE-2014-6423 CVE-2014-6422 The followin...

[SECURITY] [DSA 3231-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3231-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 21, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3231-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3231-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 21, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 206-1] python-django-markupfield security update

Package : python-django-markupfield Version : 1.0.0a2-1+deb6u1 CVE ID : CVE-2015-0846 James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didnt disable the ..raw directive, allowing remote attackers to include arbitra...

[SECURITY] [DSA 3230-1] django-markupfield security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3230-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 20, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 205-1] ppp security update

Package : ppp Version : 2.4.5-4+deb6u2 CVE ID : CVE-2015-3310 Debian Bug : 782450 Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a...

[SECURITY] [DLA 204-1] file security update

Package : file Version : 5.04-5+squeeze10 CVE ID : CVE-2014-9653 Debian Bug : 777585 This update fixes the following issue in the file package: CVE-2014-9653 readelf.c does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a...

[SECURITY] [DSA 3229-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3229-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 19, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3229-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3229-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 19, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 203-1] openldap security update

Package : openldap Version : 2.4.23-7.3+deb6u1 CVE IDs : CVE-2012-1164 CVE-2013-4449 CVE-2014-9713 CVE-2015-1545 Debian Bugs : 663644 729367 761406 776988 Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. Please carefully check...

[SECURITY] [DLA 202-1] wesnoth-1.8 security update

Package : wesnoth-1.8 Version : 1:1.8.5-1+deb6u1 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the users home directory if malicious campaigns/maps are loaded. For the...

[SECURITY] [DLA 201-1] tzdata new upstream version

Package : tzdata Version : 2015c-0+deb6u1 Upstream published version 2015c, fixing the DST rule for Egypt. Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://www.aurel32.net...

[SECURITY] [DSA 3228-1] ppp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3228-1 [email protected] http://www.debian.org/security/ Sebastien Delafond April 16, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3228-1] ppp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3228-1 [email protected] http://www.debian.org/security/ Sebastien Delafond April 16, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3227-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3227-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 200-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u3 CVE ID : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrar...

[SECURITY] [DSA 3226-1] inspircd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3226-1 [email protected] http://www.debian.org/security/ Sebastien Delafond April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3226-1] inspircd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3226-1 [email protected] http://www.debian.org/security/ Sebastien Delafond April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3225-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 15, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 199-1] libx11 security update

Package : libx11 Version : 2:1.3.3-4+squeeze2 CVE ID : CVE-2013-7439 Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code. Several other xorg packages e.g. libxrender will be recompiled...

[SECURITY] [DLA 197-1] libvncserver security update

Package : libvncserver Version : 0.9.7-2+deb6u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Debian Bug : 762745 Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in t...

[BSA-103] Security Update for shibboleth-sp

Matthew Vernon uploaded new packages for shibboleth-sp which fixed the following security problems: CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth a federated identity framework Service Provider. When processing certain malformed SAML messages generated by an...

[SECURITY] [DLA 196-1] ia32-libs security update

Package : ia32-libs, ia32-libs-gtk Version : 20150413 The ia32-libs and ia32-libs-gtk packages contain 32 bit versions of various libraries for use on 64 bit systems. This update rolls in all security fixes made to these libraries since the previous update of ia32-libs and ia32-libs-gtk in Squeez...

[SECURITY] [DSA 3224-1] libx11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3224-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 12, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 195-1] libtasn1-3 security update

Package : libtasn1-3 Version : 2.7-1+squeeze+3 CVE ID : CVE-2015-2806 Hanno Boeck discovered a stack-based buffer overflow in the asn1derdecoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the...