14409 matches found
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2211-1] log4net security update
Package : log4net Version : 1.2.10+dfsg-6+deb8u1 It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as "Mono". This type of attack occurs when XML input containing a reference to an...
[SECURITY] [DLA 2210-1] apt security update
Package : apt Version : 1.0.9.8.6 CVE ID : CVE-2020-3810 When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue...
[SECURITY] [DLA 2176-1] inetutils security update
Package : inetutils Version : 2:1.9.2.39.3a460-3+deb8u1 CVE ID : CVE-2020-10188 Debian Bug : 956084 NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new versio...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4685-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4684-1] libreswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4684-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4684-1] libreswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4684-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2208-1] wordpress security update
Package : wordpress Version : 4.1.30+dfsg-0+deb8u1 CVE ID : CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 Debian Bug : 959391 Multiple CVEs were discovered in the src:wordpress package. CVE-2020-11026 Files with a specially crafted name when uploaded to the Media section can lead to...
[SECURITY] [DLA 2207-1] libntlm security update
Package : libntlm Version : 1.4-3+deb8u1 CVE ID : CVE-2019-17455 It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...
[SECURITY] [DLA 2206-1] thunderbird security update
Package : thunderbird Version : 1:68.8.0-1deb8u1 CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the...
[SECURITY] [DSA 4683-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4683-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4682-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4682-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2205-1] firefox-esr security update
Package : firefox-esr Version : 68.8.0esr-1deb8u1 CVE ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debia...
[SECURITY] [DSA 4676-2] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-2] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2204-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u6 CVE ID : CVE-2020-12108 It was discovered that there was an arbitrary content injection vulnerability in the Mailman mailing list manager. For Debian 8 "Jessie", this issue has been fixed in mailman version 1:2.1.18-2+deb8u6. We recommend that you...
[SECURITY] [DSA 4680-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4679-1] keystone security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4679-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4678-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4678-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4677-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4677-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4676-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4675-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4675-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4675-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4675-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2203-1] sqlite3 security update
Package : sqlite3 Version : 3.8.7.1-1+deb8u5 CVE ID : CVE-2020-11655 It was discovered that there was a denial of service attack in the SQLite database, often embedded into other programs and servers. In the event of a semantic error in an aggregate query, SQLite did not return early from the...
[SECURITY] [DLA 2202-1] ansible security update
Package : ansible Version : 1.7.2+dfsg-2+deb8u3 CVE ID : CVE-2019-14846 CVE-2020-1733 CVE-2020-1739 CVE-2020-1740 Debian Bug : 942188 Several vulnerabilities were discovered in Ansible, a configuration management, deployment, and task execution system. CVE-2019-14846 Ansible was logging at the...
[SECURITY] [DSA 4674-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4674-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4674-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4674-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2201-1] ntp security update
Package : ntp Version : 1:4.2.6.p5+dfsg-7+deb8u3 CVE ID : CVE-2020-11868 A Denial of Service DoS vulnerability was discovered in the network time protocol server/client, ntp. ntp allowed an "off-path" attacker to block unauthenticated synchronisation via a server mode packet with a spoofed source...
[SECURITY] [DSA 4673-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2196-2] pound regression update
Package : pound Version : 2.6-6+deb8u3 CVE ID : CVE-2016-10711 A regression has been found in the patch for CVE-2016-10711 of pound, a reverse proxy, load balancer and HTTPS front-end for Web servers. Without the fix pound can be tricked to use 100% CPU. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DLA 2200-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u5 CVE ID : CVE-2020-12137 A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, becau...
[SECURITY] [DLA 2199-1] openldap security update
Package : openldap Version : 2.4.40+dfsg-1+deb8u6 CVE ID : CVE-2020-12243 A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service slapd daemon crash. For...
[SECURITY] [DSA 4672-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4672-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2198-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u15 CVE ID : CVE-2020-1770 CVE-2020-1772 CVE-2020-1774 Several vulnerabilities have been discovered in otrs2 Open source Ticket Request System CVE-2020-1770 Support bundle generated files could contain sensitive information that might be unwanted to be...
[SECURITY] [DLA 2192-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u10 CVE ID : CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of...
[SECURITY] [DLA 2191-1] dom4j security update
Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u2 CVE ID : CVE-2020-10683 Debian Bug : 958055 A flaw was found in dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 "Jessie", this problem has be...
[SECURITY] [DSA 4671-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4671-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 30, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2197-1] miniupnpc security update
Package : miniupnpc Version : 1.9.20140610-2+deb8u2 CVE ID : CVE-2017-8798 It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2196-1] pound security update
Package : pound Version : 2.6-6+deb8u2 CVE ID : CVE-2016-10711 An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow attackers to send a specially crafted http request to a web...
[SECURITY] [DLA 2195-1] w3m security update
Package : w3m Version : 0.5.3-19+deb8u3 CVE ID : CVE-2018-6196 CVE-2018-6197 Two issues have been found in w3m, WWW browsable pager with excellent tables/frames support. One issue is related to a stack overflow, the other one is a fix for a null pointer dereference. Brief introduction CVE-2018-61...
[SECURITY] [DLA 2194-1] yodl security update
Package : yodl Version : 3.04.00-1+deb8u1 CVE ID : CVE-2016-10375 An issue has been found in yodl, a pre-document language. Hanno Bock discovered that there was a buffer over-read vulnerability. For Debian 8 "Jessie", this problem has been fixed in version 3.04.00-1+deb8u1. We recommend that you...
[SECURITY] [DSA 4670-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4670-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4670-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4670-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4669-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2193-1] openjdk-7 security update
Package : openjdk-7 Version : 7u261-2.6.22-1deb8u1 CVE ID : CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS...