14333 matches found
[SECURITY] [DLA 2209-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u17 CVE ID : CVE-2019-17563 CVE-2020-1935 CVE-2020-1938 CVE-2020-9484 Debian Bug : 961209 952436 952437 952438 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. WARNING: The fix for CVE-2020-1938 may disrupt servic...
[SECURITY] [DLA 2222-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u3 CVE ID : CVE-2018-20030 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Debian Bug : 918730 961407 961409 961410 Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files. CVE-2018-20030 This issue had already been...
[SECURITY] [DSA 4694-1] unbound security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4694-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4693-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2221-1] sqlite3
Package : sqlite3 Version : 3.8.7.1-1+deb8u6 CVE ID : CVE-2020-13434 An integer overflow vulnerability was found in the sqlite3strvappendf function of the src/printf.c file of sqlite3 from version 3.8.3. For Debian 8 "Jessie", this problem has been fixed in version 3.8.7.1-1+deb8u6. We recommend...
[SECURITY] [DLA 2220-1] cracklib2 security update
Package : cracklib2 Version : 2.9.2-1+deb8u1 CVE ID : CVE-2016-6318 It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 8 "Jessie", this problem has been fixed in version 2.9.2-1+deb8u1. We...
[SECURITY] [DLA 2219-1] feh security update
Package : feh Version : 2.12-1+deb8u1 CVE ID : CVE-2017-7875 Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8 "Jessie", this problem has been fixed in version 2.12-1+deb8u1. We recomme...
[SECURITY] [DLA 2218-1] transmission security update
Package : transmission Version : 2.84-0.2+deb8u2 CVE ID : CVE-2018-10756 Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service crash or possible execution of arbitrary code. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2217-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.100-1+deb8u1 CVE ID : CVE-2020-9484 Debian Bug : 961209 It was discovered that there was a potential remote code execution via deserialization in tomcat7, a server for HTTP and Java "servlets". For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DLA 2216-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u3 CVE ID : CVE-2020-8161 There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this...
[SECURITY] [DSA 4691-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4690-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4690-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2215-1] clamav security update
Package : clamav Version : 0.101.5+dfsg-0+deb8u2 CVE ID : CVE-2020-3327 CVE-2020-3341 The following CVEs were found in src:clamav package. CVE-2020-3327 A vulnerability in the ARJ archive parsing module in Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of...
[SECURITY] [DSA 4689-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4689-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4688-1] dpdk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2213-1] exim4 security update
Package : exim4 Version : 4.84.2-2+deb8u7 CVE ID : CVE-2020-12783 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 2214-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u2 CVE ID : CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2020-0093 CVE-2020-12767 Debian Bug : 960199 918730 876466 873022 Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow...
[SECURITY] [DSA 4687-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4687-1 [email protected] https://www.debian.org/security/ Florian Weimer May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2212-1] openconnect security update
Package : openconnect Version : 6.00-2+deb8u2 CVE ID : CVE-2020-12823 Debian Bug : 960620 OpenConnect, a VPN software, had a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c. For Debian 8...
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2211-1] log4net security update
Package : log4net Version : 1.2.10+dfsg-6+deb8u1 It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as "Mono". This type of attack occurs when XML input containing a reference to an...
[SECURITY] [DLA 2210-1] apt security update
Package : apt Version : 1.0.9.8.6 CVE ID : CVE-2020-3810 When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue...
[SECURITY] [DLA 2176-1] inetutils security update
Package : inetutils Version : 2:1.9.2.39.3a460-3+deb8u1 CVE ID : CVE-2020-10188 Debian Bug : 956084 NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new versio...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4684-1] libreswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4684-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4684-1] libreswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4684-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2208-1] wordpress security update
Package : wordpress Version : 4.1.30+dfsg-0+deb8u1 CVE ID : CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 Debian Bug : 959391 Multiple CVEs were discovered in the src:wordpress package. CVE-2020-11026 Files with a specially crafted name when uploaded to the Media section can lead to...
[SECURITY] [DLA 2207-1] libntlm security update
Package : libntlm Version : 1.4-3+deb8u1 CVE ID : CVE-2019-17455 It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...
[SECURITY] [DLA 2206-1] thunderbird security update
Package : thunderbird Version : 1:68.8.0-1deb8u1 CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the...
[SECURITY] [DSA 4683-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4683-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4682-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4682-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2205-1] firefox-esr security update
Package : firefox-esr Version : 68.8.0esr-1deb8u1 CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debia...
[SECURITY] [DSA 4676-2] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-2] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2204-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u6 CVE ID : CVE-2020-12108 It was discovered that there was an arbitrary content injection vulnerability in the Mailman mailing list manager. For Debian 8 "Jessie", this issue has been fixed in mailman version 1:2.1.18-2+deb8u6. We recommend that you...
[SECURITY] [DSA 4680-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4679-1] keystone security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4679-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4678-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4678-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4677-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4677-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...