14409 matches found
[SECURITY] [DLA 2075-1] jsoup security update
Package : jsoup Version : 1.8.1-1+deb8u1 CVE ID : CVE-2015-6748 An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DSA 4609-1] python-apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2074-1] python-apt security update
Package : python-apt Version : 0.9.3.13 CVE ID : CVE-2019-15795 CVE-2019-15796 Debian Bug : 944696 Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795 It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. I...
[SECURITY] [DLA 2059-1] git security update
Package : git Version : 1:2.1.4-2.1+deb8u8 CVE ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387 Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. CVE-2019-1348 It was reported that the --export-marks option of git...
[SECURITY] [DSA 4608-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4608-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2073-1] transfig security update
Package : transfig Version : 1:3.2.5.e-4+deb8u2 CVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555 Several issues have been found in transfig, a XFig figure files converter. CVE-2018-16140 Buffer underwrite vulnerability in getline allows an attacker to write prior to the beginning of the buff...
[SECURITY] [DSA 4607-1] openconnect security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4607-1] openconnect security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2072-1] gpac security update
Package : gpac Version : 0.5.0+svn5324dfsg1-1+deb8u5 CVE ID : CVE-2018-21015 CVE-2018-21016 CVE-2019-13618 CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20171 CVE-2019-20208 Debian Bug : 940882 932242 Multiple issues were found in gpac, a multimedia framework...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2071-1] thunderbird security update
Package : thunderbird Version : 1:68.4.1-1deb8u1 CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure. For Debian 8...
[SECURITY] [DSA 4605-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4605-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4604-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4604-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre January 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2070-1] ruby-excon security update
Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests wou...
[SECURITY] [DLA 2069-1] cacti security update
Package : cacti Version : 0.8.8b+dfsg-8+deb8u9 CVE ID : CVE-2020-7106 It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We...
[SECURITY] [DLA 2068-1] linux security update
Package : linux Version : 3.16.81-1 CVE ID : CVE-2019-2215 CVE-2019-10220 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217 CVE-2019-15291 CVE-2019-15505 CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-1713...
[SECURITY] [DSA 4603-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4603-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2063-1] debian-lan-config security update
Package : debian-lan-config Version : 0.19+deb8u2 CVE ID : CVE-2019-3467 Debian Bug : 947459 In debian-lan-config 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DLA 2060-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u8 CVE ID : CVE-2020-5504 Debian Bug : 948718 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. ...
[SECURITY] [DLA 2067-1] wordpress security update
Package : wordpress Version : 4.1.29+dfsg-0+deb8u1 CVE ID : CVE-2019-20041 Debian Bug : 946905 An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user. For Debian 8 "Jessie",...
[SECURITY] DLA-2066-1 gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326 A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...
[SECURITY] DLA-2066-1 gthumb security update
Package : gthumb Version : 3:3.3.1-2.1+deb8u2 CVE ID : CVE-2019-20326 A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...
[SECURITY] [DSA 4602-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4602-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 13, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
Package : apache-log4j1.2 Version : 1.2.17-5+deb8u1 CVE ID : CVE-2019-17571 Debian Bug : 947124 Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combine...
[SECURITY] [DLA 2064-1] ldm security update
Package : ldm Version : 2:2.2.15-2+deb8u1 CVE ID : CVE-2019-20373 Debian Bug : 948538 It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For...
[SECURITY] [DSA 4601-1] ldm security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4601-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2062-1] sa-exim security update
Package : sa-exim Version : 4.2.1-14+deb8u1 CVE ID : CVE-2019-19920 Debian Bug : 946829 It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, whic...
[SECURITY] [DLA 2061-1] firefox-esr security update
Package : firefox-esr Version : 68.4.0esr-1deb8u1 CVE ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration o...
[SECURITY] [DSA 4600-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4600-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2058-1] nss security update
Package : nss Version : 2:3.26-1+debu8u10 CVE ID : CVE-2019-17006 It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2057-1] pillow security update
Package : pillow Version : 2.6.1-2+deb8u4 CVE IDs : CVE-2019-19911 CVE-2020-5312 CVE-2020-5313 Debian Bug : 948224 It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: CVE-2019-19911: Prevent a denial-of-service vulnerability...
[SECURITY] [DSA 4597-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4597-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2056-1] waitress security update
Package : waitress Version : 0.8.9-2+deb8u1 Debian Bug : 765126 It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end a...
[SECURITY] [DLA 1931-2] libgcrypt20 regression update
Package : libgcrypt20 Version : 1.6.3-2+deb8u8 CVE ID : CVE-2019-13627 It was discovered that the fix to address an ECDSA timing attack in the libgcrypt20 cryptographic library was incomplete. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version 1.6.3-2+deb8u8. Thanks to Albert...
[SECURITY] [DLA 2053-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u12 CVE ID : CVE-2019-18179 Debian Bug : 945251 An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DLA 2055-1] igraph security update
Package : igraph Version : 0.7.1-2+deb8u1 CVE ID : CVE-2018-20349 An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in igraphistrdiff. For Debian 8 "Jessie", this problem has been fixed in version 0.7.1-2+deb8u...
[SECURITY] [DLA 2054-1] jhead security update
Package : jhead Version : 1:2.97-1+deb8u2 CVE ID : CVE-2018-16554 CVE-2018-17088 CVE-2019-1010301 CVE-2019-1010302 Debian Bug : 907925 908176 932145 932146 Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files. For Debian 8...
[SECURITY] [DLA 2052-1] libbsd security update
Package : libbsd Version : 0.7.0-2+deb8u1 CVE ID : CVE-2016-2090 An issues has been found in libbsd, a package containing utility functions from BSD systems. In function fgetwln an off-by-one error could triggers a heap buffer overflow. For Debian 8 "Jessie", this problem has been fixed in versio...
[SECURITY] [DLA 2051-1] intel-microcode security update
Package : intel-microcode Version : 3.20191115.2deb8u1 CVE ID : CVE-2019-11135 CVE-2019-11139 This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA TSX Asynchronous Abort vulnerability. For affected CPUs, to fully mitigate the...
[SECURITY] [DLA 2050-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u8 CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenam...
[SECURITY] [DLA 2049-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u19 CVE ID : CVE-2019-19948 CVE-2019-19949 Debian Bug : 947309 947308 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-19948 Heap-buffer-overflow in WriteSGIImage coders/sgi.c caused by insufficient...
[SECURITY] [DLA 2048-1] libxml2 security update
Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u8 CVE ID : CVE-2019-19956 It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 "Jessie", this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8. We recommend...
[SECURITY] [DSA 4596-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4596-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4595-1] debian-lan-config security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4595-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...