14335 matches found
[SECURITY] [DLA 2277-1] openjpeg2 security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2277-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 11, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DLA 2276-1] mailman security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2276-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 10, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DLA 2275-1] ruby-rack security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2275-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 10, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DLA 2274-1] fwupd security update
Package : fwupd Version : 0.7.4-2+deb9u1 CVE ID : CVE-2020-10759 Debian Bug : 962517 It was discovered that there was a possible signature verification issue in firmware update daemon library "fwupd" as the return value of gpgmeopverifyresult was not being checked. For Debian 9 "Stretch", this...
[SECURITY] [DSA 4722-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4722-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4721-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4721-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2273-1] shiro security update
Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...
[SECURITY] [DSA 4720-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4720-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4720-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4720-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2272-1] Debian 8 Long Term Support reaching end-of-life
The Debian Long Term Support LTS Team hereby announces that Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015. Debian will not provide further security updates for Debian 8. A subset of jessie packages will be supported by...
[SECURITY] [DSA 4719-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4719-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4719-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4719-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4718-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4718-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4717-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4717-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4717-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4717-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4714-2] chromium regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4714-2 [email protected] https://www.debian.org/security/ Michael Gilbert July 04, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4716-1] docker.io security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4716-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4715-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4715-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4714-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4714-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4714-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4714-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4713-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4713-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2271-1] coturn security update
Package : coturn Version : 4.2.1.2-1+deb8u2 CVE ID : CVE-2020-4067 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client an attacker could use their...
[SECURITY] [DLA 2270-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u15 CVE ID : CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 There were several CVEs reported against src:jackson-databind, which are as follows: CVE-2020-14060 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction...
[SECURITY] [DLA 2269-1] wordpress security update
Package : wordpress Version : 4.1.31+dfsg-0+deb8u1 CVE ID : CVE-2020-4046 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 Debian Bug : 962685 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting XS...
[SECURITY] [DLA 2268-2] mutt regression update
Package : mutt Version : 1.5.23-3+deb8u3 CVE ID : CVE-2020-14093 CVE-2020-14954 Debian Bug : Two vulnerabilities have been discovered in mutt, a console email client. CVE-2020-14093 Mutt allowed an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14954 Mutt had a STARTT...
[SECURITY] [DLA 2268-1] mutt security update
Package : mutt Version : 1.5.23-3+deb8u2 CVE ID : CVE-2020-14093 CVE-2020-14954 Debian Bug : 962897 Two vulnerabilities have been discovered in mutt, a console email client. CVE-2020-14093 Mutt allowed an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14954 Mutt had a...
[SECURITY] [DSA 4712-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4712-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 30, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2267-1] libmatio security update
Package : libmatio Version : 1.5.2-3+deb8u1 CVE ID : CVE-2019-17533 In libmatio, a library to read and write Matlab MAT files, a vulnerability was fixed in MatVarReadNextInfo4 in mat4.c that could lead to a heap-based buffer over-read in strdupvprintf. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 2266-1] nss security update
Package : nss Version : 2:3.26-1+debu8u11 CVE ID : CVE-2020-12399 CVE-2020-12402 Several vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2020-12399 Force a fixed length for DSA exponentiation. CVE-2020-12402 Side channel vulnerabilities during RSA key generation. Fo...
[SECURITY] [DLA 2265-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u7 CVE ID : CVE-2020-15011 Debian Bug : GNU Mailman allowed arbitrary content injection via the Cgi/private.py private archive login page. For Debian 8 "Jessie", this problem has been fixed in version 1:2.1.18-2+deb8u7. We recommend that you upgrade your...
[SECURITY] [DLA 2264-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u8 CVE ID : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 Debian Bug : Several vulnerabilities have been discovered in libVNC libvncserver Debian package, ...
[SECURITY] [DLA 2263-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u19 CVE ID : CVE-2020-13663 Debian Bug : CVE-2020-13663 - Drupal SA 2020-004 The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 2261-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u12 CVE ID : CVE-2019-11048 It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory limit could be...
[SECURITY] [DLA 2262-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u15 CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 Debian Bug : Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983 slirp: Fix use-after-free in ipreass. CVE-2020-13361 es1370transferaudio in...
[SECURITY] [DSA 4711-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4711-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2260-1] mcabber security update
Package : mcabber Version : 0.10.2-1+deb8u1 CVE ID : CVE-2016-9928 It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber XMPP client. This is identical to CVE-2015-8688 for gajim. For Debian 8 "Jessie", this problem has been fixed in version 0.10.2-1+deb8u1. W...
[SECURITY] [DLA 2259-1] picocom security update
Package : picocom Version : 1.7-1+deb8u1 CVE ID : CVE-2015-9059 It was discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program. For Debian 8 "Jessie", this problem has been fixed in version 1.7-1+deb8u1. We recommend that you upgrade your...
[SECURITY] [DLA 2258-1] zziplib security update
Package : zziplib Version : 0.13.62-3+deb8u2 CVE ID : CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-16548 Several issues have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to...
[SECURITY] [DLA 2257-1] pngquant security update
Package : pngquant Version : 2.3.0-1+deb8u1 CVE ID : CVE-2016-5735 It was found that pngquant, a PNG Portable Network Graphics image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other...
[SECURITY] [DLA 2256-1] libtirpc security update
Package : libtirpc Version : 0.2.5-1+deb8u3 CVE ID : CVE-2016-4429 It was discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets. For...
[SECURITY] [DLA 2255-1] libtasn1-6 security update
Package : libtasn1-6 Version : 4.2-3+deb8u4 CVE ID : CVE-2017-10790 A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. For Debian 8 "Jessie", this problem...
[SECURITY] [DSA 4710-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4710-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2254-1] alpine security update
Package : alpine Version : 2.11+dfsg1-3+deb8u1 CVE ID : CVE-2020-14929 Debian Bug : 963179 CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of...
[SECURITY] [DSA 4709-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4709-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4709-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4709-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4708-1] neomutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2253-1] lynis security update
Package : lynis Version : 1.6.3-1+deb8u1 CVE ID : CVE-2019-13033 Debian Bug : 963161 It was discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. For Debian 8...
[SECURITY] [DLA 2252-1] ngircd security update
Package : ngircd Version : 22-2+deb8u1 CVE ID : CVE-2020-14148 Debian Bug : 963147 It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat IRC server. For Debian 8 "Jessie", this issue has been fixed in ngircd version...