14407 matches found
[SECURITY] [DSA 4624-1] evince security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4624-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2103-1] debian-security-support update: libqb and mysql-5.5 end
Package : debian-security-support Version : 2019.12.12deb8u2 debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently reported vulnerability against libqb which allows users to...
[SECURITY] [DSA 4623-1] postgresql-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4623-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4622-1] postgresql-9.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4622-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2102-1] firefox-esr security update
Package : firefox-esr Version : 68.5.0esr-1deb8u1 CVE ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixe...
[SECURITY] [DSA 4621-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4621-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4620-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4620-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2101-1] libemail-address-list-perl security update
Package : libemail-address-list-perl Version : 0.05-1+deb8u1 CVE ID : CVE-2018-18898 An denial of service via an algorithmic complexity attack on email address parsing have been identified in libemail-address-list-perl. For Debian 8 "Jessie", this problem has been fixed in version 0.05-1+deb8u1. ...
[SECURITY] [DLA 2099-1] checkstyle security update
Package : checkstyle Version : 5.9-1+deb8u2 CVE ID : CVE-2019-10782 Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External...
[SECURITY] [DLA 2100-1] libexif security update
Package : libexif Version : 0.6.21-2+deb8u1 CVE ID : CVE-2019-9278 Debian Bug : 945948 an out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentiall...
[SECURITY] [DLA 2098-1] ipmitool security update
Package : ipmitool Version : 1.8.14-4+deb8u1 CVE ID : CVE-2020-5208 Debian Bug : 950761 Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on t...
[SECURITY] [DLA 2097-1] ppp security update
Package : ppp Version : 2.4.6-3.1+deb8u1 CVE ID : CVE-2020-8597 Debian Bug : 950618 Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp, the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array b...
[SECURITY] [DSA 4619-1] libxmlrpc3-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4619-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4619-1] libxmlrpc3-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4619-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4618-1] libexif security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4618-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4618-1] libexif security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4618-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
Package : ruby-rack-cors Version : 0.2.9-1+deb8u1 CVE ID : CVE-2019-18978 This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2095-1] storebackup security update
Package : storebackup Version : 3.2.1-1+deb8u1 CVE ID : CVE-2020-7040 Debian Bug : 949393 storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named...
[SECURITY] [DSA 4617-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4617-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4616-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2094-1] sudo security update
Package : sudo Version : 1.8.10p3-1+deb8u7 CVE ID : CVE-2019-18634 A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take...
[SECURITY] [DSA 4615-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4615-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4615-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4615-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4614-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4614-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4613-1] libidn2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4613-1] libidn2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2093-1] firefox-esr security update
Package : firefox-esr Version : 68.4.1esr-1deb8u1 CVE ID : CVE-2019-17026 An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version 68.4.1esr-1deb8u1. We recommend...
[SECURITY] [DLA 2092-1] qtbase-opensource-src security update
Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u4 CVE ID : CVE-2020-0569 In Qt5s plugin loader code as found in qtbase-opensource-src, it was possible to side-load plugins from "the" local folder in addition to a system-widely defined library path. For Debian 8 "Jessie", this problem...
[SECURITY] [DSA 4612-1] prosody-modules security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4612-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2091-1] libjackson-json-java security update
Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...
[SECURITY] [DLA 2090-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u13 CVE ID : CVE-2020-7039 Debian Bug : 949085 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based buffer overflow or other out-of-bounds acces s whi...
[SECURITY] [DLA 2089-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u10 CVE ID : CVE-2020-8112 Debian Bug : 950184 opjt1clbldecodeprocessor in openjp2/t1.c of OpenJPEG had a heap-based buffer overflow in the qmfbid==1 case, a similar but different issue than CVE-2020-6851. For Debian 8 "Jessie", this problem has been fixe...
[SECURITY] [DLA 2088-1] libsolv security update
Package : libsolv Version : 0.6.5-1+deb8u1 CVE ID : CVE-2019-20387 Debian Bug : 949611 repodataschema2id in repodata.c in libsolv, a dependency solver library, had a heap-based buffer over-read via a last schema whose length could be less than the length of the input schema. For Debian 8 "Jessie"...
[SECURITY] [DLA 2078-1] libxmlrpc3-java security update
Package : libxmlrpc3-java Version : 3.1.3-7+deb8u1 CVE ID : CVE-2019-17570 Debian Bug : 949089 An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC...
[SECURITY] [DLA 2087-1] suricata security update
Package : suricata Version : 2.0.7-2+deb8u5 CVE ID : CVE-2019-18625 CVE-2019-18792 Two vulnerabilities have recently been discovered in the stream-tcp code of the intrusion detection and prevention tool Suricata. CVE-2019-18625 It was possible to bypass/evade any tcp based signature by faking a...
[SECURITY] [DSA 4611-1] opensmtpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4611-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2086-1] wget security update
Package : wget Version : 1.16-1+deb8u7 CVE ID : CVE-2016-7098 An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection. For Debian 8 "Jessie", this problem ha...
[SECURITY] [DLA 2085-1] zlib security update
Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointe...
[SECURITY] [DLA 2084-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u8 CVE ID : CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 Three issues have been found in graphicsmagick, a collection of image processing tools. They are basically a heap-based buffer over-read, heap-based buffer overflow and a use-after-free in...
[SECURITY] [DSA 4610-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4610-1 [email protected] https://www.debian.org/security/ Alberto Garcia January 29, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2083-1] hiredis security update
Package : hiredis Version : 0.11.0-4+deb8u1 CVE ID : CVE-2020-7105 Debian Bug : 949995 It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 "Jessie", these iss...
[SECURITY] [DLA 2079-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u13 CVE ID : CVE-2020-1765 CVE-2020-1766 CVE-2020-1767 Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing. CVE-2020-1765 An improper control of parameters allows the...
[SECURITY] [DLA 2082-1] unzip security update
Package : unzip Version : 6.0-16+deb8u6 CVE ID : CVE-2018-1000035 An issue has been found in unzip, a de-archiver for .zip files. While processing a password protected archive, a heap-based buffer overflow could happen, that allows an attacker to perform a denial of service or to possibly achieve...
[SECURITY] [DLA 2081-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u9 CVE ID : CVE-2020-6851 OpenJPEG had a heap-based buffer overflow in opjt1clbldecodeprocessor in libopenjp2.so. For Debian 8 "Jessie", this problem has been fixed in version 2.1.0-2+deb8u9. We recommend that you upgrade your openjpeg2 packages. Further...
[SECURITY] [DLA 2077-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...
[SECURITY] [DLA 2080-1] iperf3 security update
Package : iperf3 Version : 3.0.7-1+deb8u1 CVE ID : CVE-2016-4303 Debian Bug : 827116 An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a denial of service crash or execution of arbitrary code by...
[SECURITY] [DLA 2076-1] slirp security update
Package : slirp Version : 1:1.0.17-7+deb8u1 CVE ID : CVE-2020-7039 Debian Bug : 949085 An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other out-of-bounds access could happen, which can lead t...
[SECURITY] [DLA 2075-1] jsoup security update
Package : jsoup Version : 1.8.1-1+deb8u1 CVE ID : CVE-2015-6748 An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DSA 4609-1] python-apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2020 https://www.debian.org/security/faq -...