[SECURITY] [DSA 4586-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4586-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2037-1] spamassassin security update

Package : spamassassin Version : 3.4.2-0+deb8u2 CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an...

[SECURITY] [DLA 2036-1] thunderbird security update

Package : thunderbird Version : 1:68.3.0-2deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems hav...

[SECURITY] [DLA 2035-1] libpgf security update

Package : libpgf Version : 6.14.12-3+deb8u1 CVE ID : CVE-2015-6673 An issue has been found in libpgf, a library to handle Progressive Graphics File PGF. Due to lack of validation of ColorTableSize, a use-after-free issue might appear in Decoder.cpp For Debian 8 "Jessie", this problem has been fix...

[SECURITY] [DSA 4585-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4585-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2034-1] davical security update

Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DLA 2033-1] php-horde security update

Package : php-horde Version : 5.2.1+debian0-2+deb8u5 CVE ID : CVE-2019-12095 A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DSA 4565-2] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4565-2] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4583-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4583-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4582-1] davical security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2032-1] cacti security update

Package : cacti Version : 0.8.8b+dfsg-8+deb8u8 CVE ID : CVE-2019-17358 It was discovered that there was unsafe deserialisation issue in cacti, server monitoring system system. Unsafe deserialisation of objects which can lead to abuse of the application logic, deny service or even execute arbitrar...

[SECURITY] [DSA 4581-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4581-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2030-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u10 CVE ID : CVE-2019-17267 CVE-2019-17531 More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking mor...

[SECURITY] [DLA 2031-1] freeimage security update

Package : freeimage Version : 3.15.4-4.2+deb8u2 CVE ID : CVE-2019-12211 CVE-2019-12213 Debian Bug : 929597 It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211 Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw migh...

[SECURITY] [DLA 2028-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u9 CVE ID : CVE-2019-12526 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities. CVE-2019-12526 URN response handling in Squ...

[SECURITY] [DLA 2029-1] firefox-esr security update

Package : firefox-esr Version : 68.3.0esr-1deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8...

[SECURITY] [DLA 2027-1] jruby security update

Package : jruby Version : 1.5.6-9+deb8u2 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Several security vulnerabilities were found in Ruby that also affected Debians JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause...

[SECURITY] [DSA 4580-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4580-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2026-1] htmldoc security update

Package : htmldoc Version : 1.8.27-8+deb8u1 CVE ID : CVE-2019-19630 In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang. For Debian 8 "Jessie", this issue has been fixed in htmldoc version 1.8.27-8+deb8u1. We recommend...

[SECURITY] [DLA 2025-1] openslp-dfsg security update

Package : openslp-dfsg Version : 1.2.1-10+deb8u2 CVE IDs : CVE-2017-17833 CVE-2019-5544 The OpenSLP package had two open security issues: CVE-2017-17833 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-servic...

[SECURITY] [DLA 2024-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u7 CVE ID : CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 "Jessie", this issue has been fixed in phpmyadmin version...

[SECURITY] [DLA 2023-1] openjdk-7 security update

Package : openjdk-7 Version : 7u241-2.6.20-1deb8u1 CVE ID : CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Several...

[SECURITY] [DSA 4579-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4579-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2022-1] librabbitmq security update

Package : librabbitmq Version : 0.5.2-2+deb8u1 CVE ID : CVE-2019-18609 Debian Bug : 946005 It was discovered that there was an integer overflow vulnerability in librabbitmq, a library for robust messaging between applications and servers. For Debian 8 "Jessie", this issue has been fixed in...

[SECURITY] [DLA 2021-1] libav security update

Package : libav Version : 6:11.12-1deb8u9 CVE ID : CVE-2017-17127 CVE-2017-18245 CVE-2018-19128 CVE-2018-19130 CVE-2019-14443 CVE-2019-17542 Several security issues were fixed in libav, a multimedia library for processing audio and video files. CVE-2017-17127 The vc1decodeframe function in...

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...

[SECURITY] [DLA 2019-1] exiv2 security update

Package : exiv2 Version : 0.24-4.1+deb8u5 CVE ID : CVE-2019-17402 A corrupted or specially crafted CRW images might exceed the overall buffersize to cause a denial of service. For Debian 8 "Jessie", this problem has been fixed in version 0.24-4.1+deb8u5. We recommend that you upgrade your exiv2...

[SECURITY] [DLA 2017-2] asterisk regression update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u8 The backport of the CVE-2019-13161 fix caused a regression and has been reverted. For Debian 8 "Jessie", this problem has been fixed in version 1:11.13.1dfsg-2+deb8u8. We recommend that you upgrade your asterisk packages. Further information abo...

[SECURITY] [DLA 2018-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u5 CVE ID : CVE-2019-19269 In modtls a crash with empty CRL was fixed. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5. We recommend that you upgrade your proftpd-dfsg packages. Further information about...

[SECURITY] [DLA 2017-1] asterisk security update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u7 CVE ID : CVE-2019-13161 CVE-2019-18610 CVE-2019-18790 Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161 An attacker was able to crash Asterisk when handling an SDP answer to an outgoing T.38...

[SECURITY] [DLA 1698-2] file regression update

Package : file Version : 1:5.22+15-2+deb8u7 This update fixes a regression in introduced in 1:5.22+15-2+deb8u5 causing truncated output of the interpreter name, thanks to Christoph Biedl for reporting the problem and cause. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DLA 2005-1] tnef security update

Package : tnef Version : 1.4.9-1+deb8u4 CVE ID : CVE-2019-18849 Debian Bug : 944851 In tnef, an attacker may be able to write to the victims .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving...

[SECURITY] [DLA 2004-1] 389-ds-base security update

Package : 389-ds-base Version : 1.3.3.5-4+deb8u7 CVE ID : CVE-2019-14824 Debian Bug : 944150 A flaw was found in the deref plugin of 389-ds-base where it could use the search permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private...

[SECURITY] [DLA 2016-1] ssvnc security update

Package : ssvnc Version : 1.0.29-2+deb8u1 CVE ID : CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 Debian Bug : 945827 Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have...

[SECURITY] [DLA 2015-1] nss security update

Package : nss Version : 2:3.26-1+debu8u8 CVE ID : CVE-2019-17007 Debian Bug : Handling of Netscape Certificate Sequences in CERTDecodeCertPackage may haved crash with a NULL deref leading to a Denial-of-Service. For Debian 8 "Jessie", this problem has been fixed in version 2:3.26-1+debu8u8. We...

[SECURITY] [DLA 2014-1] vino security update

Package : vino Version : 3.14.0-2+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 Debian Bug : 945784 Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that...

[SECURITY] [DSA 4578-1] libvpx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4578-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4577-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4577-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4577-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4577-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2013-1] libvorbis security update

Package : libvorbis Version : 1.3.4-2+deb8u2 CVE ID : CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 Several issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. The fix for CVE-2017-14160 and CVE-2018-10393 improve the bound checking for very low sampl...

[SECURITY] [DLA 2012-1] libvpx security update

Package : libvpx Version : 1.3.0-3+deb8u2 CVE ID : CVE-2019-9232 CVE-2019-9433 Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232 There is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no addition...

[SECURITY] [DLA 2011-1] xmlrpc-epi security update

Package : xmlrpc-epi Version : 0.54.2-1.1+deb8u1 CVE ID : CVE-2016-6296 An issue in xmlrpc-epi, an XML-RPC request serialisation/deserialisation library, has been found. An integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi could be used for a heap based...

[SECURITY] [DLA 2010-1] bsdiff security update

Package : bsdiff Version : 4.3-15+deb8u1 CVE ID : CVE-2014-9862 An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found. Using a crafted patch file an integer signedness error in bspatch could be used for a heap based buffer overflow and possibly execution of...

[SECURITY] [DLA 2009-1] tiff security update

Package : tiff Version : 4.0.3-12.3+deb8u10 CVE ID : CVE-2017-17095 CVE-2018-12900 CVE-2018-18661 CVE-2019-6128 CVE-2019-17546 Several issues have been found in tiff, a Tag Image File Format library. CVE-2019-17546 The RGBA interface contains an integer overflow that might lead to heap buffer...

[SECURITY] [DLA 2008-1] nss security update

Package : nss Version : 2:3.26-1+debu8u7 CVE ID : CVE-2019-11745 A vulnerability has been discovered in nss, the Mozilla Network Security Service library. An out-of-bounds write can occur when passing an output buffer smaller than the block size to NSCEncryptUpdate. For Debian 8 "Jessie", this...