[SECURITY] [DLA 2007-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u8 CVE ID : CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Several flaws have been found in ruby2.1, an interpreter of an object-oriented scripting language. CVE-2019-15845 Path matching might pass in File.fnmatch and File.fnmatch? due to a NUL...

[SECURITY] [DLA 2006-1] libxdmcp security update

Package : libxdmcp Version : 1:1.1.1-1+deb8u1 CVE ID : CVE-2017-2625 It has been found, that libxdmcp, an X11 Display Manager Control Protocol library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 "Jessie", this problem has been fixed in...

[SECURITY] [DSA 4576-1] php-imagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4576-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4576-1] php-imagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4576-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4575-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4575-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4575-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4575-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4571-2] enigmail update

------------------------------------------------------------------------- Debian Security Advisory DSA-4571-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 24, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 2003-1] isc-dhcp security update

Package : isc-dhcp Version : 4.3.1-6+deb8u4 CVE ID : CVE-2016-2774 An issue has been found in isc-dhcp, a server for automatic IP address assignment. The number of simultaneous open TCP connections to OMAPI port of the server has to be limited to 200 in order to avoid a denial of service. For...

[SECURITY] [DLA 2002-1] libice security update

Package : libice Version : 2:1.0.9-1+deb8u1 CVE ID : CVE-2017-2626 It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DLA 2001-1] libofx security update

Package : libofx Version : 1:0.9.10-1+deb8u2 CVE ID : CVE-2019-9656 Debian Bug : 924350 There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump. For Debian 8 "Jessie", this problem has been fixed in version...

[SECURITY] [DLA 2000-1] pam-python security update

Package : pam-python Version : 1.0.4-1.1+deb8u1 CVE ID : CVE-2019-16729 Debian Bug : 942514 It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root...

[SECURITY] [DSA 4574-1] redmine security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4574-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 19, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

[SECURITY] [DSA 4573-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4572-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1998-1] python-psutil security update

Package : python-psutil Version : 2.1.1-1+deb8u1 CVE ID : CVE-2019-18874 Debian Bug : 944605 It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data. This was caused by incorrect...

[SECURITY] [DLA 1997-1] thunderbird security update

Package : thunderbird Version : 1:68.2.2-1deb8u1 CVE ID : CVE-2019-11755 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in Thunderbird which could potentially result in the execution ...

[SECURITY] [DLA 1996-1] libapache2-mod-auth-openidc security update

Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u2 CVE ID : CVE-2019-14857 Debian Bug : 942165 A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open...

[SECURITY] [DLA 1995-1] angular.js security update

Package : angular.js Version : 1.2.26-1+deb8u1 CVE ID : CVE-2019-14863 Earlier versions of this package package were vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. For Debian 8 "Jessie", this problem has been fixed in version 1.2.26-1+deb8u1. We...

[SECURITY] [DSA 4571-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4571-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4570-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4570-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA-1994-1] postgresql-common security update

Package : postgresql-common Version : 165+deb8u4 CVE ID : CVE-2019-3466 Rich Mirch discovered that the pgctlcluster script didnt drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. For the oldoldstable distribution jessie, this...

[SECURITY] [DLA 1993-1] mesa security update

Package : mesa Version : 10.3.2-1+deb8u2 CVE ID : CVE-2019-5068 Debian Bug : 944298 Tim Brown discovered a shared memory permissions vulnerability in the Mesa 3D graphics library. Some Mesa X11 drivers use shared-memory XImages to implement back buffers for improved performance, but Mesa creates...

[SECURITY] [DLA 1992-1] ghostscript security update

Package : ghostscript Version : 9.26adfsg-0+deb8u6 CVE ID : CVE-2019-14869 Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions...

[SECURITY] [DSA 4569-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4569-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4568-1] postgresql-common security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4568-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1990-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.189-3+deb9u2deb8u1 CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It was discovere...

[SECURITY] [DLA 1991-1] libssh2 security update

Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server m...

[SECURITY] [DSA 4565-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4565-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4565-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4565-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4566-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4566-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4567-1] dpdk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4567-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4563-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4563-1 [email protected] https://www.debian.org/security/ Alberto Garcia November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1989-1] linux security update

Package : linux Version : 3.16.76-1 CVE ID : CVE-2019-0154 CVE-2019-11135 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-0154 Intel discovered that on their 8th and 9th generation GPUs,...

[SECURITY] [DSA 4564-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 [email protected] https://www.debian.org/security/ Ben Hutchings November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4564-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 [email protected] https://www.debian.org/security/ Ben Hutchings November 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1988-1] ampache security update

Package : ampache Version : 3.6-rzb2752+dfsg-5+deb8u1 CVE ID : CVE-2019-12385 CVE-2019-12386 Several vulnerabilities were discovered in Ampache, a web-based audio file management system. CVE-2019-12385 A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected...

[SECURITY] [DSA 4562-1] chromium security update

-------------------------------------------------------------------------- Debian Security Advisory DSA-4562-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 10, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1986-1] ruby-haml security update

Package : ruby-haml Version : 4.0.5-2+deb8u1 CVE ID : CVE-2017-1002201 In haml, when using user input to perform tasks on the server, characters like " must be escaped properly. In this case, the character was missed. An attacker can manipulate the input to introduce additional attributes,...

[SECURITY] [DLA 1987-1] firefox-esr security update

Package : firefox-esr Version : 68.2.0esr-1deb8u1 CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the...

[SECURITY] [DLA 1984-1] gdal security update

Package : gdal Version : 1.10.1+dfsg-8+deb8u1 CVE ID : CVE-2019-17545 GDAL through 3.0.1 had a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold was exceeded. For Debian 8 "Jessie", this problem has been fixed in version 1.10.1+dfsg-8+deb8u1. We recommend that...

[SECURITY] [DLA 1985-1] djvulibre security update

Package : djvulibre Version : 3.5.25.4-4+deb8u2 CVE ID : CVE-2019-18804 It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues. For Debian 8 "Jessie", this issue has been fixed in...

[SECURITY] [DSA 4561-1] fribidi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4561-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4561-1] fribidi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4561-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1983-1] simplesamlphp security update

Package : simplesamlphp Version : 1.13.1-2+deb8u3 CVE ID : CVE-2019-3465 Debian Bug : 944107 It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 "Jessie", this problem has been...

[SECURITY] [DSA 4560-1] simplesamlphp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4560-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst November 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1982-1] openafs security update

Package : openafs Version : 1.6.9-2+deb8u9 CVE ID : CVE-2019-18601 CVE-2019-18602 CVE-2019-18603 Debian Bug : 943587 Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2019-18601 OpenAFS is prone to denial of service from unserialized data access because...