14409 matches found
[SECURITY] [DLA 2168-1] libplist security update
Package : libplist Version : 1.11-3+deb8u1 CVE ID : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982 Debian Bug : 851196 852385 854000 860945 libplist is a library for reading and writing the Apple binary and XML property lists format...
[SECURITY] [DLA 2167-1] python-bleach security update
Package : python-bleach Version : 1.4-1+deb8u1 CVE ID : CVE-2020-6817 Debian Bug : 955388 A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression...
[SECURITY] [DLA 2166-1] libpam-krb5 security update
Package : libpam-krb5 Version : 4.6-3+deb8u1 CVE ID : CVE-2020-10595 The krb5 PAM module pamkrb5.so had a buffer overflow that might have caused remote code execution in situations involving supplemental prompting by a Kerberos library. It might have overflown a buffer provided by the underlying...
[SECURITY] [DLA 2165-1] apng2gif security update
Package : apng2gif Version : 1.5-3+deb8u1 CVE ID : CVE-2017-6960 An issue has been found in apng2gif, a tool for converting APNG images to animated GIF format. One of the function contained an integer overflow resulting in a heap-based buffer over-read. For Debian 8 "Jessie", this problem has bee...
[SECURITY] [DSA 4648-1] libpam-krb5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4648-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
Package : gst-plugins-bad0.10 Version : 0.10.23-7.4+deb8u3 CVE ID : CVE-2015-0797 CVE-2016-9809 CVE-2017-5843 CVE-2017-5848 Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the "bad" set. All issues are about use-after-free, out of bounds reads or...
[SECURITY] [DLA 2163-1] tinyproxy security update
Package : tinyproxy Version : 1.8.3-3+deb8u1 CVE ID : CVE-2017-11747 Debian Bug : 870307 948283 A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon. CVE-2017-11747 main.c in Tinyproxy created a /var/run/tinyproxy/tinyproxy.pid file after...
[SECURITY] [DLA 2162-1] php-horde-form security update
Package : php-horde-form Version : 2.0.8-2+deb8u2 CVE ID : CVE-2020-8866 Debian Bug : 955020 A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an...
[SECURITY] [DLA 2161-1] tika security update
Package : tika Version : 1.5-1+deb8u1 CVE ID : CVE-2020-1950 CVE-2020-1951 Debian Bug : 954302 954303 Two security issues have been detected in tika and fixed. CVE-2020-1950: carefully crafted or corrupt PSD file can cause excessive memory usage in Apache. CVE-2020-1951: Infinite Loop DoS...
[SECURITY] [DSA 4647-1] bluez security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4647-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4647-1] bluez security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4647-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2160-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u10 CVE ID : CVE-2020-7062 CVE-2020-7063 Two security issues have been identified and fixed in php5, a server-side, HTML-embedded scripting language. CVE-2020-7062 is about a possible null pointer derefernce, which would likely lead to a crash, during a...
[SECURITY] [DLA 2159-1] okular security update
Package : okular Version : 4:4.14.2-2+deb8u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Mickael Karatekin from Sysdream Labs discovered that the Okular document viewer allows code execution via an action link in a PDF document. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DSA 4646-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4646-1] icu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 25, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2158-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u9 CVE ID : CVE-2016-2338 An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructe...
[SECURITY] [DLA 2157-1] weechat security update
Package : weechat Version : 1.0.1-1+deb8u3 CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that could result in a buffer overflow and application crash. This could cause ...
[SECURITY] [DLA 2156-1] e2fsprogs security update
Package : e2fsprogs Version : 1.42.12-2+deb8u2 CVE ID : CVE-2019-5188 An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can...
[SECURITY] [DLA 2155-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u16 CVE ID : CVE-2019-12418 Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture...
[SECURITY] [DSA 4645-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4645-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 22, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4645-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4645-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 22, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2154-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u9 CVE ID : CVE-2020-10802 CVE-2020-10803 Debian Bug : 954665 954666 The following packages CVEs were reported against phpmyadmin. CVE-2020-10802 In phpMyAdmin 4.x before 4.9.5, a SQL injection vulnerability has been discovered where certain parameter...
[SECURITY] [DLA 2153-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u13 CVE ID : CVE-2020-10672 CVE-2020-10673 The following CVEs were reported against jackson-databind. CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...
[SECURITY] [DLA 2152-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u9 CVE ID : CVE-2019-12921 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG. For Debian 8 "Jessie"...
[SECURITY] [DSA 4644-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4644-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4643-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4643-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2148-1] amd64-microcode security update
Package : amd64-microcode Version : 3.20181128.1deb8u1 CVE ID : CVE-2017-5715 Debian Bug : 886382 It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user acce...
[SECURITY] [DLA 2151-1] icu security update
Package : icu Version : 52.1-8+deb8u8 CVE ID : CVE-2020-10531 Debian Bug : 953747 It was discovered that an integer overflow in the International Components for Unicode ICU library could result in denial of service and potentially the execution of arbitrary code. For Debian 8 "Jessie", this probl...
[SECURITY] [DLA 2150-1] thunderbird security update
Package : thunderbird Version : 1:68.6.0-1deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807. CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8...
[SECURITY] [DLA 2149-1] rails security update
Package : rails Version : 2:4.1.8-1+deb8u6 CVE ID : CVE-2020-5267 Debian Bug : 954304 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionViews JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to X...
[SECURITY] [DSA 4642-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4642-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2145-2] twisted security update
Package : twisted Version : 14.0.2-3+deb8u2 CVE IDs : CVE-2020-10108 CVE-2020-10109 Debian Bug : 953950 It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP...
[SECURITY] [DLA 2147-1] gdal security update
Package : gdal Version : 1.10.1+dfsg-8+deb8u2 CVE ID : CVE-2019-17546 tifgetimage.c in LibTIFF, as used in GDAL has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. For Debian 8 "Jessie", this problem...
[SECURITY] [DLA 2146-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u7 CVE ID : CVE-2019-15690 Debian Bug : 954163 In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2145-1] twisted security update
Package : twisted Version : 14.0.2-3+deb8u1 CVE IDs : CVE-2020-10108 CVE-2020-10109 Debian Bug : 953950 It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications. For more...
[SECURITY] [DSA 4641-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4641-1 [email protected] https://www.debian.org/security/ Alberto Garcia March 16, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2144-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u14 CVE ID : CVE-2020-1711 CVE-2020-8608 Two out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code execution. For Debian 8 "Jessie", these problems have been fixed in...
[SECURITY] [DLA 2143-1] slurm-llnl security update
Package : slurm-llnl Version : 14.03.9-5+deb8u5 CVE ID : CVE-2019-6438 CVE-2019-12838 Debian Bug : 920997 931880 Several issue were found in Simple Linux Utility for Resource Management SLURM, a cluster resource management and job scheduling system. CVE-2019-6438 SchedMD Slurm mishandles 32-bit...
[SECURITY] [DSA 4640-1] graphicsmagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4640-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 15, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2142-1] slirp security update
Package : slirp Version : 1:1.0.17-7+deb8u2 CVE ID : CVE-2020-8608 It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf3. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2141-1] yubikey-val security update
Package : yubikey-val Version : 2.27-1+deb8u1 CVE ID : CVE-2020-10184 CVE-2020-10185 The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a...
[SECURITY] [DLA 2140-1] firefox-esr security update
Package : firefox-esr Version : 68.6.0esr-1deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary...
[SECURITY] [DSA 4639-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4639-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 11, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2139-1] dojo security update
Package : dojo Version : 1.10.2+dfsg-1+deb8u3 CVE ID : CVE-2020-5258 CVE-2020-5259 Debian Bug : 953585 953587 The following CVEs were reported against dojo: CVE-2020-5258 In affected versions of dojo, the deepCopy method is vulnerable to Prototype Pollution. An attacker could manipulate these...
[SECURITY] [DLA 2137-1] sleuthkit security update
Package : sleuthkit Version : 4.1.3-4+deb8u2 CVE ID : CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 2138-1] wpa security update
Package : wpa Version : 2.3-1+deb8u10 CVE ID : CVE-2019-10064 Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The problem was resolved by using the osgetrandom function which provides...
[SECURITY] [DSA 4638-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4638-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 10, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4637-1] network-manager-ssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4637-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4637-1] network-manager-ssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4637-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 09, 2020 https://www.debian.org/security/faq -...