14335 matches found
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4675-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4675-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4675-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4675-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2203-1] sqlite3 security update
Package : sqlite3 Version : 3.8.7.1-1+deb8u5 CVE ID : CVE-2020-11655 It was discovered that there was a denial of service attack in the SQLite database, often embedded into other programs and servers. In the event of a semantic error in an aggregate query, SQLite did not return early from the...
[SECURITY] [DLA 2202-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u3 CVE ID : CVE-2019-14846 CVE-2020-1733 CVE-2020-1739 CVE-2020-1740 Debian Bug : 942188 Several vulnerabilities were discovered in Ansible, a configuration management, deployment, and task execution system. CVE-2019-14846 Ansible was logging at the...
[SECURITY] [DSA 4674-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4674-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4674-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4674-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2201-1] ntp security update
Package : ntp Version : 1:4.2.6.p5+dfsg-7+deb8u3 CVE ID : CVE-2020-11868 A Denial of Service DoS vulnerability was discovered in the network time protocol server/client, ntp. ntp allowed an "off-path" attacker to block unauthenticated synchronisation via a server mode packet with a spoofed source...
[SECURITY] [DSA 4673-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2196-2] pound regression update
Package : pound Version : 2.6-6+deb8u3 CVE ID : CVE-2016-10711 A regression has been found in the patch for CVE-2016-10711 of pound, a reverse proxy, load balancer and HTTPS front-end for Web servers. Without the fix pound can be tricked to use 100% CPU. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DLA 2200-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u5 CVE ID : CVE-2020-12137 A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, becau...
[SECURITY] [DLA 2199-1] openldap security update
Package : openldap Version : 2.4.40+dfsg-1+deb8u6 CVE ID : CVE-2020-12243 A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service slapd daemon crash. For...
[SECURITY] [DSA 4672-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4672-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2198-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...
[SECURITY] [DLA 2192-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u10 CVE ID : CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of...
[SECURITY] [DLA 2191-1] dom4j security update
Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u2 CVE ID : CVE-2020-10683 Debian Bug : 958055 A flaw was found in dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DSA 4671-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4671-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 30, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2197-1] miniupnpc security update
Package : miniupnpc Version : 1.9.20140610-2+deb8u2 CVE ID : CVE-2017-8798 It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2196-1] pound security update
Package : pound Version : 2.6-6+deb8u2 CVE ID : CVE-2016-10711 An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow attackers to send a specially crafted http request to a web...
[SECURITY] [DLA 2195-1] w3m security update
Package : w3m Version : 0.5.3-19+deb8u3 CVE ID : CVE-2018-6196 CVE-2018-6197 Two issues have been found in w3m, WWW browsable pager with excellent tables/frames support. One issue is related to a stack overflow, the other one is a fix for a null pointer dereference. Brief introduction CVE-2018-61...
[SECURITY] [DLA 2194-1] yodl security update
Package : yodl Version : 3.04.00-1+deb8u1 CVE ID : CVE-2016-10375 An issue has been found in yodl, a pre-document language. Hanno Bock discovered that there was a buffer over-read vulnerability. For Debian 8 "Jessie", this problem has been fixed in version 3.04.00-1+deb8u1. We recommend that you...
[SECURITY] [DSA 4670-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4670-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4670-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4670-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4669-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2193-1] openjdk-7 security update
Package : openjdk-7 Version : 7u261-2.6.22-1deb8u1 CVE ID : CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS...
[SECURITY] [DSA 4667-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4667-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4667-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4667-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4668-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4666-1] openldap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4666-1] openldap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2190-1] ruby-json security update
Package : ruby-json Version : 1.8.1-1+deb8u1 CVE ID : CVE-2020-10663 In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target...
[SECURITY] [DSA 4665-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4665-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2189-1] rzip security update
Package : rzip Version : 2.1-2+deb8u1 CVE ID : CVE-2017-8364 Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program a compression program for large files when uncompressing maliciously crafted files. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2188-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u11 CVE ID : CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 Three issues have been found in php5, a server-side, HTML-embedded scripting language. CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash...
[SECURITY] [DSA 4664-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4664-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst April 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2187-1] radicale security update
Package : radicale Version : 0.9-1+deb8u2 CVE ID : CVE-2017-8342 Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2186-1] ncmpc security update
Package : ncmpc Version : 0.24-1+deb8u1 CVE ID : CVE-2018-9240 It has been discovered a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service. For Debian 8 "Jessie", this problem has been fixed in version 0.24-1+deb8u1...
[SECURITY] [DLA 2185-1] eog security update
Package : eog Version : 3.14.1-1+deb8u1 CVE ID : CVE-2016-6855 It was discovered that eog Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting...
[SECURITY] [DLA 2184-1] jsch security update
Package : jsch Version : 0.1.51-1+deb8u1 CVE ID : CVE-2016-5725 It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. For Debian 8 "Jessie", this problem has been fixed in version 0.1.51-1+deb8u1. We recommend that you upgrade yo...
[SECURITY] [DLA 2183-1] libgsf security update
Package : libgsf Version : 1.14.30-2+deb8u1 CVE ID : CVE-2016-9888 It was discovered that there was a null pointer deference exploit in libgsf, a I/O abstraction library for GNOME. An error within the "tardirectoryforfile" function could be exploited to trigger a null pointer dereference and...
[SECURITY] [DSA 4663-1] python-reportlab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4663-1] python-reportlab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4662-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2182-1] git security update
Package : git Version : 1:2.1.4-2.1+deb8u10 CVE ID : CVE-2020-11008 Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providi...
[SECURITY] [DSA 4661-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4660-1] awl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4660-1] awl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4659-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4659-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2020 https://www.debian.org/security/faq -...