14407 matches found
[SECURITY] [DLA 2267-1] libmatio security update
Package : libmatio Version : 1.5.2-3+deb8u1 CVE ID : CVE-2019-17533 In libmatio, a library to read and write Matlab MAT files, a vulnerability was fixed in MatVarReadNextInfo4 in mat4.c that could lead to a heap-based buffer over-read in strdupvprintf. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 2266-1] nss security update
Package : nss Version : 2:3.26-1+debu8u11 CVE ID : CVE-2020-12399 CVE-2020-12402 Several vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2020-12399 Force a fixed length for DSA exponentiation. CVE-2020-12402 Side channel vulnerabilities during RSA key generation. Fo...
[SECURITY] [DLA 2265-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u7 CVE ID : CVE-2020-15011 Debian Bug : GNU Mailman allowed arbitrary content injection via the Cgi/private.py private archive login page. For Debian 8 "Jessie", this problem has been fixed in version 1:2.1.18-2+deb8u7. We recommend that you upgrade your...
[SECURITY] [DLA 2264-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u8 CVE ID : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 Debian Bug : Several vulnerabilities have been discovered in libVNC libvncserver Debian package, ...
[SECURITY] [DLA 2263-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u19 CVE ID : CVE-2020-13663 Debian Bug : CVE-2020-13663 - Drupal SA 2020-004 The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DLA 2261-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u12 CVE ID : CVE-2019-11048 It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory limit could be...
[SECURITY] [DLA 2262-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u15 CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 Debian Bug : Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983 slirp: Fix use-after-free in ipreass. CVE-2020-13361 es1370transferaudio in...
[SECURITY] [DSA 4711-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4711-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4711-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2260-1] mcabber security update
Package : mcabber Version : 0.10.2-1+deb8u1 CVE ID : CVE-2016-9928 It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber XMPP client. This is identical to CVE-2015-8688 for gajim. For Debian 8 "Jessie", this problem has been fixed in version 0.10.2-1+deb8u1. W...
[SECURITY] [DLA 2259-1] picocom security update
Package : picocom Version : 1.7-1+deb8u1 CVE ID : CVE-2015-9059 It was discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program. For Debian 8 "Jessie", this problem has been fixed in version 1.7-1+deb8u1. We recommend that you upgrade your...
[SECURITY] [DLA 2258-1] zziplib security update
Package : zziplib Version : 0.13.62-3+deb8u2 CVE ID : CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-16548 Several issues have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to...
[SECURITY] [DLA 2257-1] pngquant security update
Package : pngquant Version : 2.3.0-1+deb8u1 CVE ID : CVE-2016-5735 It was found that pngquant, a PNG Portable Network Graphics image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other...
[SECURITY] [DLA 2256-1] libtirpc security update
Package : libtirpc Version : 0.2.5-1+deb8u3 CVE ID : CVE-2016-4429 It was discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets. For...
[SECURITY] [DLA 2255-1] libtasn1-6 security update
Package : libtasn1-6 Version : 4.2-3+deb8u4 CVE ID : CVE-2017-10790 A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. For Debian 8 "Jessie", this problem...
[SECURITY] [DSA 4710-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4710-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2254-1] alpine security update
Package : alpine Version : 2.11+dfsg1-3+deb8u1 CVE ID : CVE-2020-14929 Debian Bug : 963179 CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of...
[SECURITY] [DSA 4709-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4709-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4709-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4709-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4708-1] neomutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2253-1] lynis security update
Package : lynis Version : 1.6.3-1+deb8u1 CVE ID : CVE-2019-13033 Debian Bug : 963161 It was discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. For Debian 8...
[SECURITY] [DLA 2252-1] ngircd security update
Package : ngircd Version : 22-2+deb8u1 CVE ID : CVE-2020-14148 Debian Bug : 963147 It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat IRC server. For Debian 8 "Jessie", this issue has been fixed in ngircd version...
[SECURITY] [DSA 4707-1] mutt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2251-1] rails security update
Package : rails Version : 2:4.1.8-1+deb8u7 CVE ID : CVE-2020-8164 CVE-2020-8165 Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the applicatio...
[SECURITY] [DSA 4706-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4706-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2250-1] drupal7 security update
Package : drupal7 Version : 7.32-1+deb8u18 CVE ID : CVE-2020-13662 Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DSA 4704-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4704-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2249-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u4 CVE ID : CVE-2020-0182 CVE-2020-0198 Debian Bug : 962345 The following CVEs were reported against src:libexif. CVE-2020-0182 In exifentrygetvalue of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to...
[SECURITY] [DLA 2248-1] intel-microcode security update
Package : intel-microcode Version : 3.20200609.2deb8u1 CVE ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 The following CVEs were reported against src:intel-microcode. CVE-2020-0543 A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found...
[SECURITY] [DLA 2246-1] xawtv security update
Package : xawtv Version : 3.103-3+deb8u1 CVE ID : CVE-2020-13696 Debian Bug : 962221 An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem...
[SECURITY] [DLA 2247-1] thunderbird security update
Package : thunderbird Version : 1:68.9.0-1deb8u2 CVE ID : CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the...
[SECURITY] [DLA 2233-2] python-django regression update
Package : python-django Version : 1.7.11-1+deb8u10 CVE ID : CVE-2020-13254 It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some...
[SECURITY] [DLA 2245-1] mysql-connector-java security update
Package : mysql-connector-java Version : 5.1.49-0+deb8u1 CVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 Several issues were discovered in mysql-connector-java, a Java database JDBC driver for MySQL, that allow attackers to update, insert or delete access to some of MySQL Connectors accessible...
[SECURITY] [DSA 4703-1] mysql-connector-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4703-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4702-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4702-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4701-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4701-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2244-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u6 CVE ID : CVE-2020-13625 It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file...
[SECURITY] [DSA 4700-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4700-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4700-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4700-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2241-2] linux security update
Package : linux Version : 3.16.84-1 CVE ID : CVE-2015-8839 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2019-5108 CVE-2019-19319 CVE-2019-19447 CVE-2019-19768 CVE-2019-20636 CVE-2020-0009 CVE-2020-0543 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649...
[SECURITY] [DLA 2242-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.210-1+deb9u1deb8u1 CVE ID : CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462 CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543 CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732...
[SECURITY] [DLA 2241-1] linux security update
Package : linux Version : 3.16.84-1 CVE ID : CVE-2015-8839 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2019-5108 CVE-2019-19319 CVE-2019-19447 CVE-2019-19768 CVE-2019-20636 CVE-2020-0009 CVE-2020-0543 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649...
[SECURITY] [DSA 4699-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4699-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4699-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4699-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2243-1] firefox-esr security update [REVISED]
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...