14409 matches found
[SECURITY] [DSA 4698-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4698-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2243-1] firefox-esr security update [REVISED]
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...
[SECURITY] [DLA 2243-1] firefox-esr security update
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...
[SECURITY] [DLA 2240-1] bluez security update
Package : bluez Version : 5.43-2+deb9u2deb8u1 CVE ID : CVE-2020-0556 Debian Bug : 953770 It was reported that the BlueZs HID and HOGP profile implementations dont specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target...
[SECURITY] [DLA 2239-1] libpam-tacplus security update
Package : libpam-tacplus Version : 1.3.8-2+deb8u1 CVE ID : CVE-2020-13881 It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For...
[SECURITY] [DLA 2238-1] libupnp security update
Package : libupnp Version : 1.6.19+git20141001-1+deb8u2 CVE ID : CVE-2020-13848 Debian Bug : 962282 libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions...
[SECURITY] [DLA 2237-1] cups security update
Package : cups Version : 1.7.5-11+deb8u8 CVE ID : CVE-2019-8842 CVE-2020-3898 The following CVEs were reported against src:cups. CVE-2019-8842 The ippReadIO function may under-read an extension field. CVE-2020-3898 There was a heap based buffer overflow in libcupss ppdFindOption in ppd-mark.c. Th...
[SECURITY] [DLA 2236-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u11 CVE ID : CVE-2020-12672 Debian Bug : 960000 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. For Debian 8 "Jessie", this problem has bee...
[SECURITY] [DSA 4697-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4697-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4696-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4696-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2235-1] dbus security update
Package : dbus Version : 1.8.22-0+deb8u3 CVE ID : CVE-2020-12049 It was discovered that there was a file descriptor leak in the D-Bus message bus. An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine. For Debian ...
[SECURITY] [DLA 2234-1] netqmail security update
Package : netqmail Version : 1.06-6.2deb8u1 CVE ID : CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812 Debian Bug : 961060 There were several CVE bugs reported against src:netqmail. CVE-2005-1513 Integer overflow in the strallocreadyplus function in qmail, when running on 64 b...
[SECURITY] [DLA 2233-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u9 CVE IDs : CVE-2020-13254 CVE-2020-13596 It was discovered that there were two issues in Django, the Python web development framework: CVE-2020-13254: Potential a data leakage via malformed memcached keys. In cases where a memcached backend does no...
[SECURITY] [DSA 4695-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4695-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2232-1] python-httplib2 security update
Package : python-httplib2 Version : 0.9+dfsg-2+deb8u1 CVE ID : CVE-2020-11078 In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses...
[SECURITY] [DLA 2231-1] sane-backends security update
Package : sane-backends Version : 1.0.24-8+deb8u3 CVE ID : CVE-2020-12867 Debian Bug : 961302 Remote denial of service and several memory management issues were fixed in the epson2 driver. For Debian 8 "Jessie", this problem has been fixed in version 1.0.24-8+deb8u3. We recommend that you upgrade...
[SECURITY] [DLA 2230-1] php-horde security update
Package : php-horde Version : 5.2.1+debian0-2+deb8u6 CVE ID : CVE-2020-8035 The image view functionality in Horde Groupware Webmail Edition was affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker could have obtained acce...
[SECURITY] [DLA 2228-2] json-c regression update
Package : json-c Version : 0.11-4+deb8u2 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. This follow-up version now uses an upstream sanctioned patch that was...
[SECURITY] [DLA 2229-1] php-horde-gollem security update
Package : php-horde-gollem Version : 3.0.3-2+deb8u1 CVE ID : CVE-2020-8034 Debian Bug : 961649 Gollem, as used in Horde Groupware Webmail Edition and other products, had been affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality...
[SECURITY] [DLA 2228-1] json-c security update
Package : json-c Version : 0.11-4+deb8u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 The json-c shared library had an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. For Debian 8 "Jessie", this problem has been fixed in version 0.11-4+deb8u1. ...
[SECURITY] [DLA 2227-1] bind9 security update
Package : bind9 Version : 1:9.9.5.dfsg-9+deb8u19 CVE ID : CVE-2020-8616 CVE-2020-8617 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An...
[SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update
Package : gst-plugins-ugly0.10 Version : 0.10.19-2.1+deb8u1 CVE ID : CVE-2017-5846 CVE-2017-5847 Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file. For Debian 8 "Jessie", these problems...
[SECURITY] [DLA 2225-1] gst-plugins-good0.10 security update
Package : gst-plugins-good0.10 Version : 0.10.31-3+nmu4+deb8u3 CVE ID : CVE-2016-10198 CVE-2017-5840 Two memory handling issues were found in gst-plugins-good0.10, a collection of GStreamer plugins from the "good" set: CVE-2016-10198 An invalid read can be triggered in the aacparse element via a...
[SECURITY] [DLA 2224-1] dosfstools security update
Package : dosfstools Version : 3.0.27-1+deb8u1 CVE ID : CVE-2015-8872 CVE-2016-4804 It was discovered that there was both an invalid memory and heap overflow vulnerability in dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems. For Debian 8 "Jessie", these problem...
[SECURITY] [DLA 2223-1] salt security update
Package : salt Version : 2014.1.13+ds-3+deb8u1 CVE ID : CVE-2020-11651 CVE-2020-11652 Debian Bug : 959684 Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software. CVE-2020-11651 The salt-master process ClearFuncs class does not...
[SECURITY] [DLA 2209-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u17 CVE ID : CVE-2019-17563 CVE-2020-1935 CVE-2020-1938 CVE-2020-9484 Debian Bug : 961209 952436 952437 952438 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. WARNING: The fix for CVE-2020-1938 may disrupt servic...
[SECURITY] [DLA 2222-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u3 CVE ID : CVE-2018-20030 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Debian Bug : 918730 961407 961409 961410 Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files. CVE-2018-20030 This issue had already been...
[SECURITY] [DSA 4694-1] unbound security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4694-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4693-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2221-1] sqlite3
Package : sqlite3 Version : 3.8.7.1-1+deb8u6 CVE ID : CVE-2020-13434 An integer overflow vulnerability was found in the sqlite3strvappendf function of the src/printf.c file of sqlite3 from version 3.8.3. For Debian 8 "Jessie", this problem has been fixed in version 3.8.7.1-1+deb8u6. We recommend...
[SECURITY] [DLA 2220-1] cracklib2 security update
Package : cracklib2 Version : 2.9.2-1+deb8u1 CVE ID : CVE-2016-6318 It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 8 "Jessie", this problem has been fixed in version 2.9.2-1+deb8u1. We...
[SECURITY] [DLA 2219-1] feh security update
Package : feh Version : 2.12-1+deb8u1 CVE ID : CVE-2017-7875 Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8 "Jessie", this problem has been fixed in version 2.12-1+deb8u1. We recomme...
[SECURITY] [DLA 2218-1] transmission security update
Package : transmission Version : 2.84-0.2+deb8u2 CVE ID : CVE-2018-10756 Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service crash or possible execution of arbitrary code. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2217-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.100-1+deb8u1 CVE ID : CVE-2020-9484 Debian Bug : 961209 It was discovered that there was a potential remote code execution via deserialization in tomcat7, a server for HTTP and Java "servlets". For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DLA 2216-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u3 CVE ID : CVE-2020-8161 There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this...
[SECURITY] [DSA 4691-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4690-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4690-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2215-1] clamav security update
Package : clamav Version : 0.101.5+dfsg-0+deb8u2 CVE ID : CVE-2020-3327 CVE-2020-3341 The following CVEs were found in src:clamav package. CVE-2020-3327 A vulnerability in the ARJ archive parsing module in Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of...
[SECURITY] [DSA 4689-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4689-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4688-1] dpdk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2213-1] exim4 security update
Package : exim4 Version : 4.84.2-2+deb8u7 CVE ID : CVE-2020-12783 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 2214-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u2 CVE ID : CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2020-0093 CVE-2020-12767 Debian Bug : 960199 918730 876466 873022 Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow...
[SECURITY] [DSA 4687-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4687-1 [email protected] https://www.debian.org/security/ Florian Weimer May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2212-1] openconnect security update
Package : openconnect Version : 6.00-2+deb8u2 CVE ID : CVE-2020-12823 Debian Bug : 960620 OpenConnect, a VPN software, had a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c. For Debian 8...
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...