14335 matches found
[SECURITY] [DSA 4615-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4615-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4614-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4614-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4613-1] libidn2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4613-1] libidn2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2093-1] firefox-esr security update
Package : firefox-esr Version : 68.4.1esr-1deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version 68.4.1esr-1deb8u1. We recommend...
[SECURITY] [DLA 2092-1] qtbase-opensource-src security update
Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u4 CVE ID : CVE-2020-0569 In Qt5s plugin loader code as found in qtbase-opensource-src, it was possible to side-load plugins from "the" local folder in addition to a system-widely defined library path. For Debian 8 "Jessie", this problem...
[SECURITY] [DSA 4612-1] prosody-modules security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4612-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2091-1] libjackson-json-java security update
Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...
[SECURITY] [DLA 2090-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u13 CVE ID : CVE-2020-7039 Debian Bug : 949085 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based buffer overflow or other out-of-bounds acces s whi...
[SECURITY] [DLA 2089-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u10 CVE ID : CVE-2020-8112 Debian Bug : 950184 opjt1clbldecodeprocessor in openjp2/t1.c of OpenJPEG had a heap-based buffer overflow in the qmfbid==1 case, a similar but different issue than CVE-2020-6851. For Debian 8 "Jessie", this problem has been fixe...
[SECURITY] [DLA 2088-1] libsolv security update
Package : libsolv Version : 0.6.5-1+deb8u1 CVE ID : CVE-2019-20387 Debian Bug : 949611 repodataschema2id in repodata.c in libsolv, a dependency solver library, had a heap-based buffer over-read via a last schema whose length could be less than the length of the input schema. For Debian 8 "Jessie"...
[SECURITY] [DLA 2078-1] libxmlrpc3-java security update
Package : libxmlrpc3-java Version : 3.1.3-7+deb8u1 CVE ID : CVE-2019-17570 Debian Bug : 949089 An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC...
[SECURITY] [DLA 2087-1] suricata security update
Package : suricata Version : 2.0.7-2+deb8u5 CVE ID : CVE-2019-18625 CVE-2019-18792 Two vulnerabilities have recently been discovered in the stream-tcp code of the intrusion detection and prevention tool Suricata. CVE-2019-18625 It was possible to bypass/evade any tcp based signature by faking a...
[SECURITY] [DSA 4611-1] opensmtpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4611-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2086-1] wget security update
Package : wget Version : 1.16-1+deb8u7 CVE ID : CVE-2016-7098 An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection. For Debian 8 "Jessie", this problem ha...
[SECURITY] [DLA 2085-1] zlib security update
Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointe...
[SECURITY] [DLA 2084-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u8 CVE ID : CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 Three issues have been found in graphicsmagick, a collection of image processing tools. They are basically a heap-based buffer over-read, heap-based buffer overflow and a use-after-free in...
[SECURITY] [DSA 4610-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4610-1 [email protected] https://www.debian.org/security/ Alberto Garcia January 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2083-1] hiredis security update
Package : hiredis Version : 0.11.0-4+deb8u1 CVE ID : CVE-2020-7105 Debian Bug : 949995 It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 "Jessie", these iss...
[SECURITY] [DLA 2079-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u13 CVE ID : CVE-2020-1765 CVE-2020-1766 CVE-2020-1767 Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing. CVE-2020-1765 An improper control of parameters allows the...
[SECURITY] [DLA 2082-1] unzip security update
Package : unzip Version : 6.0-16+deb8u6 CVE ID : CVE-2018-1000035 An issue has been found in unzip, a de-archiver for .zip files. While processing a password protected archive, a heap-based buffer overflow could happen, that allows an attacker to perform a denial of service or to possibly achieve...
[SECURITY] [DLA 2081-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u9 CVE ID : CVE-2020-6851 OpenJPEG had a heap-based buffer overflow in opjt1clbldecodeprocessor in libopenjp2.so. For Debian 8 "Jessie", this problem has been fixed in version 2.1.0-2+deb8u9. We recommend that you upgrade your openjpeg2 packages. Further...
[SECURITY] [DLA 2077-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...
[SECURITY] [DLA 2080-1] iperf3 security update
Package : iperf3 Version : 3.0.7-1+deb8u1 CVE ID : CVE-2016-4303 Debian Bug : 827116 An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a denial of service crash or execution of arbitrary code by...
[SECURITY] [DLA 2076-1] slirp security update
Package : slirp Version : 1:1.0.17-7+deb8u1 CVE ID : CVE-2020-7039 Debian Bug : 949085 An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead t...
[SECURITY] [DLA 2075-1] jsoup security update
Package : jsoup Version : 1.8.1-1+deb8u1 CVE ID : CVE-2015-6748 An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DSA 4609-1] python-apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2074-1] python-apt security update
Package : python-apt Version : 0.9.3.13 CVE ID : CVE-2019-15795 CVE-2019-15796 Debian Bug : 944696 Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795 It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. I...
[SECURITY] [DLA 2059-1] git security update
Package : git Version : 1:2.1.4-2.1+deb8u8 CVE ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387 Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. CVE-2019-1348 It was reported that the --export-marks option of git...
[SECURITY] [DSA 4608-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4608-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2073-1] transfig security update
Package : transfig Version : 1:3.2.5.e-4+deb8u2 CVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555 Several issues have been found in transfig, a XFig figure files converter. CVE-2018-16140 Buffer underwrite vulnerability in getline allows an attacker to write prior to the beginning of the buff...
[SECURITY] [DSA 4607-1] openconnect security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4607-1] openconnect security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2072-1] gpac security update
Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u5 CVE ID : CVE-2018-21015 CVE-2018-21016 CVE-2019-13618 CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20171 CVE-2019-20208 Debian Bug : 940882 932242 Multiple issues were found in gpac, a multimedia framework...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2071-1] thunderbird security update
Package : thunderbird Version : 1:68.4.1-1deb8u1 CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure. For Debian 8...
[SECURITY] [DSA 4605-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4605-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4604-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4604-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre January 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2070-1] ruby-excon security update
Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests wou...
[SECURITY] [DLA 2069-1] cacti security update
Package : cacti Version : 0.8.8b+dfsg-8+deb8u9 CVE ID : CVE-2020-7106 It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We...
[SECURITY] [DLA 2068-1] linux security update
Package : linux Version : 3.16.81-1 CVE ID : CVE-2019-2215 CVE-2019-10220 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217 CVE-2019-15291 CVE-2019-15505 CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-1713...
[SECURITY] [DSA 4603-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4603-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2063-1] debian-lan-config security update
Package : debian-lan-config Version : 0.19+deb8u2 CVE ID : CVE-2019-3467 Debian Bug : 947459 In debian-lan-config 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 2060-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u8 CVE ID : CVE-2020-5504 Debian Bug : 948718 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. ...
[SECURITY] [DLA 2067-1] wordpress security update
Package : wordpress Version : 4.1.29+dfsg-0+deb8u1 CVE ID : CVE-2019-20041 Debian Bug : 946905 An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user. For Debian 8 "Jessie",...
[SECURITY] DLA-2066-1 gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326 A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...
[SECURITY] DLA-2066-1 gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326 A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...
[SECURITY] [DSA 4602-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4602-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 13, 2020 https://www.debian.org/security/faq -...