14335 matches found
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
Package : apache-log4j1.2 Version : 1.2.17-5+deb8u1 CVE ID : CVE-2019-17571 Debian Bug : 947124 Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combine...
[SECURITY] [DLA 2064-1] ldm security update
Package : ldm Version : 2:2.2.15-2+deb8u1 CVE ID : CVE-2019-20373 Debian Bug : 948538 It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For...
[SECURITY] [DSA 4601-1] ldm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4601-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2062-1] sa-exim security update
Package : sa-exim Version : 4.2.1-14+deb8u1 CVE ID : CVE-2019-19920 Debian Bug : 946829 It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, whic...
[SECURITY] [DLA 2061-1] firefox-esr security update
Package : firefox-esr Version : 68.4.0esr-1deb8u1 CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration o...
[SECURITY] [DSA 4600-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4600-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2058-1] nss security update
Package : nss Version : 2:3.26-1+debu8u10 CVE ID : CVE-2019-17006 It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2057-1] pillow security update
Package : pillow Version : 2.6.1-2+deb8u4 CVE IDs : CVE-2019-19911 CVE-2020-5312 CVE-2020-5313 Debian Bug : 948224 It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: CVE-2019-19911: Prevent a denial-of-service vulnerability...
[SECURITY] [DSA 4597-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4597-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2056-1] waitress security update
Package : waitress Version : 0.8.9-2+deb8u1 Debian Bug : 765126 It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end a...
[SECURITY] [DLA 1931-2] libgcrypt20 regression update
Package : libgcrypt20 Version : 1.6.3-2+deb8u8 CVE ID : CVE-2019-13627 It was discovered that the fix to address an ECDSA timing attack in the libgcrypt20 cryptographic library was incomplete. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version 1.6.3-2+deb8u8. Thanks to Albert...
[SECURITY] [DLA 2053-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u12 CVE ID : CVE-2019-18179 Debian Bug : 945251 An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DLA 2055-1] igraph security update
Package : igraph Version : 0.7.1-2+deb8u1 CVE ID : CVE-2018-20349 An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in igraphistrdiff. For Debian 8 "Jessie", this problem has been fixed in version 0.7.1-2+deb8u...
[SECURITY] [DLA 2054-1] jhead security update
Package : jhead Version : 1:2.97-1+deb8u2 CVE ID : CVE-2018-16554 CVE-2018-17088 CVE-2019-1010301 CVE-2019-1010302 Debian Bug : 907925 908176 932145 932146 Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files. For Debian 8...
[SECURITY] [DLA 2052-1] libbsd security update
Package : libbsd Version : 0.7.0-2+deb8u1 CVE ID : CVE-2016-2090 An issues has been found in libbsd, a package containing utility functions from BSD systems. In function fgetwln an off-by-one error could triggers a heap buffer overflow. For Debian 8 "Jessie", this problem has been fixed in versio...
[SECURITY] [DLA 2051-1] intel-microcode security update
Package : intel-microcode Version : 3.20191115.2deb8u1 CVE ID : CVE-2019-11135 CVE-2019-11139 This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA TSX Asynchronous Abort vulnerability. For affected CPUs, to fully mitigate the...
[SECURITY] [DLA 2050-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u8 CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenam...
[SECURITY] [DLA 2049-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u19 CVE ID : CVE-2019-19948 CVE-2019-19949 Debian Bug : 947309 947308 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-19948 Heap-buffer-overflow in WriteSGIImage coders/sgi.c caused by insufficient...
[SECURITY] [DLA 2048-1] libxml2 security update
Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u8 CVE ID : CVE-2019-19956 It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 "Jessie", this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8. We recommend...
[SECURITY] [DSA 4596-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4596-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4595-1] debian-lan-config security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4595-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4594-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4594-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4593-1] freeimage security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4593-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4592-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4592-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2046-1] opensc security update
Package : opensc Version : 0.16.0-3+deb8u2 CVE ID : CVE-2019-19479 An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute. For Debian 8 "Jessie", this problem has been fixed in version 0.16.0-3+deb8u2. We...
[SECURITY] [DLA 2047-1] cups security update
Package : cups Version : 1.7.5-11+deb8u7 CVE ID : CVE-2019-2228 An issue has been found in cups, the Common UNIX Printing Systemtm. An incorrect bounds check could lead to a possible out-of-bounds read and local information disclosure in the printer spooler. For Debian 8 "Jessie", this problem ha...
[SECURITY] [DLA 2038-2] x2goclient regression update
Package : x2goclient Version : 4.0.3.1-4+deb8u1 Debian Bug : 947129 A change introduced in libssh 0.6.3-4+deb8u4 which got released as DLA 2038-1 has broken x2goclients way of scping session setup files from client to server, resulting in an error message shown in a GUI error dialog box during...
[SECURITY] [DLA 2045-1] tightvnc security update
Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC...
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2044-1] cyrus-sasl2 security update
Package : cyrus-sasl2 Version : 2.1.26.dfsg1-13+deb8u2 CVE ID : CVE-2019-19906 Debian Bug : 947043 There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an...
[SECURITY] [DLA 2043-2] gdk-pixbuf regression update
Package : gdk-pixbuf Version : 2.31.1-2+deb8u9 While preparing a fix for CVE-2017-6314 an unknown symbol guintcheckedmul was introduced. For Debian 8 "Jessie", this problem has been fixed in version 2.31.1-2+deb8u9. We recommend that you upgrade your gdk-pixbuf packages. Further information about...
[SECURITY] [DSA 4590-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4590-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2043-1] gdk-pixbuf security update
Package : gdk-pixbuf Version : 2.31.1-2+deb8u8 CVE ID : CVE-2016-6352 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Several issues in gdk-pixbuf, a library to handle pixbuf, have been found. CVE-2016-6352 fix for denial of service out-of-bounds write and crash via crafted dimensions in ...
[SECURITY] [DSA 4589-1] debian-edu-config security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2042-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...
[SECURITY] [DLA 2041-1] debian-edu-config security update
Package : debian-edu-config Version : 1.818+deb8u3 CVE ID : CVE-2019-3467 Debian Bug : 946797 It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu Skolelinux, contained an insecure configuration for kadmin, the Kerberos administration...
[SECURITY] [DLA 2040-1] harfbuzz security update
Package : harfbuzz Version : 0.9.35-2+deb8u1 CVE ID : CVE-2015-8947 An issue has been found in harfbuzz, an OpenType text shaping engine. Due to a buffer over-read, remote attackers are able to cause a denial of service or possibly have other impact via crafted data. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2039-1] libvorbis security update
Package : libvorbis Version : 1.3.4-2+deb8u3 CVE ID : CVE-2017-11333 CVE-2017-14633 Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function...
[SECURITY] [DSA 4588-1] python-ecdsa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4588-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4588-1] python-ecdsa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4588-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2038-1] libssh security update
Package : libssh Version : 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548 It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server...
[SECURITY] [DSA 4587-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4587-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...