14333 matches found
[SECURITY] [DSA 4706-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4706-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2250-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u18 CVE ID : CVE-2020-13662 Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DSA 4704-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4704-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2249-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u4 CVE ID : CVE-2020-0182 CVE-2020-0198 Debian Bug : 962345 The following CVEs were reported against src:libexif. CVE-2020-0182 In exifentrygetvalue of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to...
[SECURITY] [DLA 2248-1] intel-microcode security update
Package : intel-microcode Version : 3.20200609.2deb8u1 CVE ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 The following CVEs were reported against src:intel-microcode. CVE-2020-0543 A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found...
[SECURITY] [DLA 2246-1] xawtv security update
Package : xawtv Version : 3.103-3+deb8u1 CVE ID : CVE-2020-13696 Debian Bug : 962221 An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem...
[SECURITY] [DLA 2247-1] thunderbird security update
Package : thunderbird Version : 1:68.9.0-1deb8u2 CVE ID : CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the...
[SECURITY] [DLA 2233-2] python-django regression update
Package : python-django Version : 1.7.11-1+deb8u10 CVE ID : CVE-2020-13254 It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some...
[SECURITY] [DLA 2245-1] mysql-connector-java security update
Package : mysql-connector-java Version : 5.1.49-0+deb8u1 CVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 Several issues were discovered in mysql-connector-java, a Java database JDBC driver for MySQL, that allow attackers to update, insert or delete access to some of MySQL Connectors accessible...
[SECURITY] [DSA 4703-1] mysql-connector-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4703-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4702-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4702-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4701-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4701-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2244-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u6 CVE ID : CVE-2020-13625 It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file...
[SECURITY] [DSA 4700-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4700-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4700-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4700-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2241-2] linux security update
Package : linux Version : 3.16.84-1 CVE ID : CVE-2015-8839 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2019-5108 CVE-2019-19319 CVE-2019-19447 CVE-2019-19768 CVE-2019-20636 CVE-2020-0009 CVE-2020-0543 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649...
[SECURITY] [DLA 2242-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.210-1+deb9u1deb8u1 CVE ID : CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462 CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543 CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732...
[SECURITY] [DLA 2241-1] linux security update
Package : linux Version : 3.16.84-1 CVE ID : CVE-2015-8839 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2019-5108 CVE-2019-19319 CVE-2019-19447 CVE-2019-19768 CVE-2019-20636 CVE-2020-0009 CVE-2020-0543 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649...
[SECURITY] [DSA 4699-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4699-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4699-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4699-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2243-1] firefox-esr security update [REVISED]
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...
[SECURITY] [DLA 2243-1] firefox-esr security update
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...
[SECURITY] [DLA 2240-1] bluez security update
Package : bluez Version : 5.43-2+deb9u2deb8u1 CVE ID : CVE-2020-0556 Debian Bug : 953770 It was reported that the BlueZs HID and HOGP profile implementations dont specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target...
[SECURITY] [DLA 2239-1] libpam-tacplus security update
Package : libpam-tacplus Version : 1.3.8-2+deb8u1 CVE ID : CVE-2020-13881 It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For...
[SECURITY] [DLA 2238-1] libupnp security update
Package : libupnp Version : 1.6.19+git20141001-1+deb8u2 CVE ID : CVE-2020-13848 Debian Bug : 962282 libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions...
[SECURITY] [DLA 2237-1] cups security update
Package : cups Version : 1.7.5-11+deb8u8 CVE ID : CVE-2019-8842 CVE-2020-3898 The following CVEs were reported against src:cups. CVE-2019-8842 The ippReadIO function may under-read an extension field. CVE-2020-3898 There was a heap based buffer overflow in libcupss ppdFindOption in ppd-mark.c. Th...
[SECURITY] [DLA 2236-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u11 CVE ID : CVE-2020-12672 Debian Bug : 960000 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. For Debian 8 "Jessie", this problem has bee...
[SECURITY] [DSA 4697-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4697-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4696-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4696-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2235-1] dbus security update
Package : dbus Version : 1.8.22-0+deb8u3 CVE ID : CVE-2020-12049 It was discovered that there was a file descriptor leak in the D-Bus message bus. An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine. For Debian ...
[SECURITY] [DLA 2234-1] netqmail security update
Package : netqmail Version : 1.06-6.2deb8u1 CVE ID : CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812 Debian Bug : 961060 There were several CVE bugs reported against src:netqmail. CVE-2005-1513 Integer overflow in the strallocreadyplus function in qmail, when running on 64 b...
[SECURITY] [DLA 2233-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u9 CVE IDs : CVE-2020-13254 CVE-2020-13596 It was discovered that there were two issues in Django, the Python web development framework: CVE-2020-13254: Potential a data leakage via malformed memcached keys. In cases where a memcached backend does no...
[SECURITY] [DSA 4695-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4695-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2232-1] python-httplib2 security update
Package : python-httplib2 Version : 0.9+dfsg-2+deb8u1 CVE ID : CVE-2020-11078 In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses...
[SECURITY] [DLA 2231-1] sane-backends security update
Package : sane-backends Version : 1.0.24-8+deb8u3 CVE ID : CVE-2020-12867 Debian Bug : 961302 Remote denial of service and several memory management issues were fixed in the epson2 driver. For Debian 8 "Jessie", this problem has been fixed in version 1.0.24-8+deb8u3. We recommend that you upgrade...
[SECURITY] [DLA 2230-1] php-horde security update
Package : php-horde Version : 5.2.1+debian0-2+deb8u6 CVE ID : CVE-2020-8035 The image view functionality in Horde Groupware Webmail Edition was affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker could have obtained acce...
[SECURITY] [DLA 2228-2] json-c regression update
Package : json-c Version : 0.11-4+deb8u2 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. This follow-up version now uses an upstream sanctioned patch that was...
[SECURITY] [DLA 2229-1] php-horde-gollem security update
Package : php-horde-gollem Version : 3.0.3-2+deb8u1 CVE ID : CVE-2020-8034 Debian Bug : 961649 Gollem, as used in Horde Groupware Webmail Edition and other products, had been affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality...
[SECURITY] [DLA 2228-1] json-c security update
Package : json-c Version : 0.11-4+deb8u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. For Debian 8 "Jessie", this problem has been fixed in version 0.11-4+deb8u1. ...
[SECURITY] [DLA 2227-1] bind9 security update
Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u19 CVE ID : CVE-2020-8616 CVE-2020-8617 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An...
[SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update
Package : gst-plugins-ugly0.10 Version : 0.10.19-2.1+deb8u1 CVE ID : CVE-2017-5846 CVE-2017-5847 Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file. For Debian 8 "Jessie", these problems...
[SECURITY] [DLA 2225-1] gst-plugins-good0.10 security update
Package : gst-plugins-good0.10 Version : 0.10.31-3+nmu4+deb8u3 CVE ID : CVE-2016-10198 CVE-2017-5840 Two memory handling issues were found in gst-plugins-good0.10, a collection of GStreamer plugins from the "good" set: CVE-2016-10198 An invalid read can be triggered in the aacparse element via a...
[SECURITY] [DLA 2224-1] dosfstools security update
Package : dosfstools Version : 3.0.27-1+deb8u1 CVE ID : CVE-2015-8872 CVE-2016-4804 It was discovered that there was both an invalid memory and heap overflow vulnerability in dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems. For Debian 8 "Jessie", these problem...
[SECURITY] [DLA 2223-1] salt security update
Package : salt Version : 2014.1.13+ds-3+deb8u1 CVE ID : CVE-2020-11651 CVE-2020-11652 Debian Bug : 959684 Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software. CVE-2020-11651 The salt-master process ClearFuncs class does not...