14407 matches found
[SECURITY] [DLA 2134-1] pdfresurrect security update
Package : pdfresurrect Version : 0.12-5+deb8u1 CVE ID : CVE-2020-9549 Debian Bug : 952948 It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents. For Debian 8 "Jessie", this issue has been fixed ...
[SECURITY] [DLA 2133-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.100-1 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was...
[SECURITY] [DLA 2132-1] libzypp security update
Package : libzypp Version : 14.29.1-2+deb8u1 CVE ID : CVE-2019-18900 It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials. For Debian 8 "Jessie", this issue has been fixed in libzypp...
[SECURITY] [DLA 2117-1] zsh security update
Package : zsh Version : 5.0.7-5+deb8u1 CVE ID : CVE-2019-20044 Debian Bug : 951458 A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted. For Debia...
[SECURITY] [DLA 2131-2] rrdtool regression update
Package : rrdtool Version : 1.4.8-1.2+deb8u2 CVE ID : CVE-2014-6262 Debian Bug : 952958 It was discovered that there was a regression in a previous fix, which resulted in the following error: ERROR: cannot compile regular expression: Error while compiling regular expression ^?:^%+|%%%+-...
[SECURITY] [DLA 2115-2] proftpd-dfsg regression update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u7 CVE ID : CVE-2020-9273 It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling could have...
[SECURITY] [DLA 2114-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.210-1deb8u1 CVE ID : CVE-2018-13093 CVE-2018-13094 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-2215 CVE-2019-10220 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098...
[SECURITY] [DLA 2131-1] rrdtool security update
Package : rrdtool Version : 1.4.8-1.2+deb8u1 CVE ID : CVE-2014-6262 Multiple format string vulnerabilities in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argume...
[SECURITY] [DLA 2130-1] libapache2-mod-auth-openidc security
Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u3 CVE ID : CVE-2019-20479 An issue has been found in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. Due to insufficient validatation of URLs an Open Redirect vulnerability for URLs beginning with a slas...
[SECURITY] [DLA 2129-1] firebird2.5 security update
Package : firebird2.5 Version : 2.5.3.26778.ds4-5+deb8u2 CVE ID : CVE-2017-11509 An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution as user firebird, UDFs have been disabled in the default configuration which wil...
[SECURITY] [DLA 2128-1] openjdk-7 security update
Package : openjdk-7 Version : 7u251-2.6.21-1deb8u1 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of...
[SECURITY] [DLA 2127-1] dojo security update
Package : dojo Version : 1.10.2+dfsg-1+deb8u2 CVE ID : CVE-2019-10785 Debian Bug : 952771 dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
Package : gst-plugins-base0.10 Version : 0.10.36-2+deb8u2 CVE ID : CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an...
[SECURITY] [DLA 2125-1] collabtive security update
Package : collabtive Version : 2.0+dfsg-5+deb8u1 CVE ID : CVE-2015-0258 An issue has been found in collabtive, a web-based project management software. Due to missing checks an attacker could upload scripts, which would execute code on the server by accessing for example avatar images. For Debian...
[SECURITY] [DLA 2124-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u9 CVE ID : CVE-2020-7059 CVE-2020-7060 Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure...
[SECURITY] [DSA 4636-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4636-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4636-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4636-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2123-1] pure-ftpd security update
Package : pure-ftpd Version : 1.0.36-3.2+deb8u1 CVE ID : CVE-2020-9274 Debian Bug : 925666 An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure. For Debian 8...
[SECURITY] [DLA 2122-1] libusbmuxd security update
Package : libusbmuxd Version : 1.0.9-1+deb8u1 CVE ID : CVE-2016-5104 Debian Bug : 825554 It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 "Jessie", this proble...
[SECURITY] [DLA 2121-1] libimobiledevice security update
Package : libimobiledevice Version : 1.1.6+dfsg-3.1+deb8u1 CVE ID : CVE-2016-5104 Debian Bug : 825553 It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8...
[SECURITY] [DSA 4635-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4635-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4634-1] opensmtpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4634-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 26, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2120-1] rake security update
Package : rake Version : 10.3.2-2+deb8u1 CVE ID : CVE-2020-8130 There is an OS command injection vulnerability in Rake a ruby make-like utility 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2119-1] python-pysaml2 security update
Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verificatio...
[SECURITY] [DSA 4633-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4633-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini February 22, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2118-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u14 CVE ID : CVE-2019-11358 Debian Bug : 927385 It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 2116-1] libpam-radius-auth security update
Package : libpam-radius-auth Version : 1.3.16-4.4+deb8u1 CVE ID : CVE-2015-9542 Debian Bug : 951396 A vulnerability was found in pamradius: the password length check was done incorrectly in the addpassword function in pamradiusauth.c, resulting in a stack based buffer overflow. This could be used...
[SECURITY] [DSA 4632-1] ppp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4632-1] ppp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2115-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u6 CVE ID : CVE-2020-9273 It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling could have allowed a remote attacker to execute...
[SECURITY] [DSA 4631-1] pillow security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4631-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4630-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2113-1] cloud-init security update
Package : cloud-init Version : 0.7.6bzr976-2+deb8u1 CVE ID : CVE-2020-8631 CVE-2020-8632 Debian Bug : 951362 951363 CVE-2020-8631 In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls t...
[SECURITY] [DLA 2111-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u11 CVE ID : CVE-2019-20330 CVE-2020-8840 It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper validation, allowing a maliciously client to perform remote code execution...
[SECURITY] [DLA 2112-1] python-reportlab security update
Package : python-reportlab Version : 3.1.8-3+deb8u2 CVE ID : CVE-2019-17626 Debian Bug : 942763 It was found that ReportLab, a Python library to create PDF documents, did not properly parse color strings, allowing an attacker to execute arbitrary code through a crafted input document. For Debian ...
[SECURITY] [DLA 2110-1] netty-3.9 security update
Package : netty-3.9 Version : 3.9.0.Final-1+deb8u1 CVE ID : CVE-2014-0193 CVE-2014-3488 CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 746639 941266 950966 950967 Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework: CVE-2014-0193...
[SECURITY] [DLA 2109-1] netty security update
Package : netty Version : 1:3.2.6.Final-2+deb8u2 CVE ID : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 950966 950967 Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework: CVE-2019-20444 HttpObjectDecoder.java allows an...
[SECURITY] [DSA 4629-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4629-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4629-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4629-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4628-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4628-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2108-1] clamav security update
Package : clamav Version : 0.101.5+dfsg-0+deb8u1 CVE ID : CVE-2019-15961 Debian Bug : 945265 It was found that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via inefficient MIME parsing of especially crafted email files. For Debian 8 "Jessie...
[SECURITY] [DLA 2107-1] spamassassin security update
Package : spamassassin Version : 3.4.2-0+deb8u3 CVE ID : CVE-2020-1930 CVE-2020-1931 Debian Bug : 950258 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could...
[SECURITY] [DLA 2106-1] libgd2 security update
Package : libgd2 Version : 2.1.0-5+deb8u14 CVE ID : CVE-2018-14553 Debian Bug : 951287 A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application usin...
[SECURITY] [DSA 4627-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4626-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4626-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2105-1] postgresql-9.4 security update
Package : postgresql-9.4 Version : 9.4.26-0+deb8u1 CVE ID : CVE-2020-1720 Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version 9.4.26-0+deb8u1. We...
[SECURITY] [DLA 2104-1] thunderbird security update
Package : thunderbird Version : 1:68.5.0-1deb8u1 CVE ID : CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", the...
[SECURITY] [DSA 4625-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4625-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 15, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4624-1] evince security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4624-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2020 https://www.debian.org/security/faq -...