14409 matches found
[SECURITY] [DSA 4667-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4667-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4667-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4667-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4668-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4666-1] openldap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4666-1] openldap security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4666-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2190-1] ruby-json security update
Package : ruby-json Version : 1.8.1-1+deb8u1 CVE ID : CVE-2020-10663 In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target...
[SECURITY] [DSA 4665-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4665-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2189-1] rzip security update
Package : rzip Version : 2.1-2+deb8u1 CVE ID : CVE-2017-8364 Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program a compression program for large files when uncompressing maliciously crafted files. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2188-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u11 CVE ID : CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 Three issues have been found in php5, a server-side, HTML-embedded scripting language. CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash...
[SECURITY] [DSA 4664-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4664-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst April 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2187-1] radicale security update
Package : radicale Version : 0.9-1+deb8u2 CVE ID : CVE-2017-8342 Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2186-1] ncmpc security update
Package : ncmpc Version : 0.24-1+deb8u1 CVE ID : CVE-2018-9240 It has been discovered a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service. For Debian 8 "Jessie", this problem has been fixed in version 0.24-1+deb8u1...
[SECURITY] [DLA 2185-1] eog security update
Package : eog Version : 3.14.1-1+deb8u1 CVE ID : CVE-2016-6855 It was discovered that eog Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting...
[SECURITY] [DLA 2184-1] jsch security update
Package : jsch Version : 0.1.51-1+deb8u1 CVE ID : CVE-2016-5725 It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. For Debian 8 "Jessie", this problem has been fixed in version 0.1.51-1+deb8u1. We recommend that you upgrade yo...
[SECURITY] [DLA 2183-1] libgsf security update
Package : libgsf Version : 1.14.30-2+deb8u1 CVE ID : CVE-2016-9888 It was discovered that there was a null pointer deference exploit in libgsf, a I/O abstraction library for GNOME. An error within the "tardirectoryforfile" function could be exploited to trigger a null pointer dereference and...
[SECURITY] [DSA 4663-1] python-reportlab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4663-1] python-reportlab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4662-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2182-1] git security update
Package : git Version : 1:2.1.4-2.1+deb8u10 CVE ID : CVE-2020-11008 Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providi...
[SECURITY] [DSA 4661-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4660-1] awl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4660-1] awl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4659-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4659-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2181-1] shiro security update
Package : shiro Version : 1.2.3-1+deb8u1 CVE ID : CVE-2020-1957 Debian Bug : 955018 It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. For Debian 8...
[SECURITY] [DLA 2180-1] file-roller security update
Package : file-roller Version : 3.14.1-1+deb8u2 CVE ID : CVE-2020-11736 Debian Bug : 956638 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a files parent is a symlink to a directory outside of the intend...
[SECURITY] [DLA 2179-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u14 CVE ID : CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 Following CVEs were reported against the jackson-databind source package : CVE-2020-10968 FasterXML jackson-databind 2.x before...
[SECURITY] [DLA 2178-1] awl security update
Package : awl Version : 0.55-1+deb8u1 CVE ID : CVE-2020-11728 CVE-2020-11729 Debian Bug : 956650 Following CVEs were reported against the awl source package: CVE-2020-11728 An issue was discovered in DAViCal Andrews Web Libraries AWL through 0.60. Session management does not use a sufficiently...
[SECURITY] [DSA 4658-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4658-1 [email protected] https://www.debian.org/security/ Alberto Garcia April 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2177-1] git security update
Package : git Version : 1:2.1.4-2.1+deb8u9 CVE ID : CVE-2020-5260 Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential...
[SECURITY] [DLA 2175-1] php-horde-trean security update
Package : php-horde-trean Version : 1.1.1-2+deb8u1 CVE ID : CVE-2020-8865 Debian Bug : 955019 A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code ...
[SECURITY] [DLA 2174-1] php-horde-data security update
Package : php-horde-data Version : 2.1.0-5+deb8u1 CVE ID : CVE-2020-8518 Debian Bug : 951537 A remote code execution vulnerability was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data. For Debian 8 "Jessie"...
[SECURITY] [DLA 2173-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u10 CVE ID : CVE-2020-10938 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage...
[SECURITY] [DSA 4657-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4657-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4657-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4657-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2172-1] thunderbird security update
Package : thunderbird Version : 1:68.7.0-1deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. For Debian 8 "Jessie",...
[SECURITY] [DSA 4656-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4656-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2171-1] ceph security update
Package : ceph Version : 0.80.7-2+deb8u4 CVE ID : CVE-2020-1760 Debian Bug : 956142 It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system. For Debian 8 "Jessie", this issue has been fixed in ceph version 0.80.7-2+deb8u4. We recommend that...
[SECURITY] [DSA 4655-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4655-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2170-1] firefox-esr security update
Package : firefox-esr Version : 68.7.0esr-1deb8u1 CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie",...
[SECURITY] [DSA 4654-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4654-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2169-1] libmtp security update
Package : libmtp Version : 1.1.8-1+deb8u1 CVE ID : CVE-2017-9831 CVE-2017-9832 libmtp is a library for communicating with MTP aware devices. The Media Transfer Protocol commonly referred to as MTP is a devised set of custom extensions to support the transfer of music files on USB digital audio...
[SECURITY] [DSA 4653-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4653-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4652-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4652-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4652-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4652-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4650-1] qbittorrent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4650-1] qbittorrent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4651-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4651-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4649-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4649-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4649-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4649-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 02, 2020 https://www.debian.org/security/faq -...