14409 matches found
[SECURITY] [DSA 4594-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4594-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4593-1] freeimage security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4593-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre December 27, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4592-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4592-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4592-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2046-1] opensc security update
Package : opensc Version : 0.16.0-3+deb8u2 CVE ID : CVE-2019-19479 An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute. For Debian 8 "Jessie", this problem has been fixed in version 0.16.0-3+deb8u2. We...
[SECURITY] [DLA 2047-1] cups security update
Package : cups Version : 1.7.5-11+deb8u7 CVE ID : CVE-2019-2228 An issue has been found in cups, the Common UNIX Printing Systemtm. An incorrect bounds check could lead to a possible out-of-bounds read and local information disclosure in the printer spooler. For Debian 8 "Jessie", this problem ha...
[SECURITY] [DLA 2038-2] x2goclient regression update
Package : x2goclient Version : 4.0.3.1-4+deb8u1 Debian Bug : 947129 A change introduced in libssh 0.6.3-4+deb8u4 which got released as DLA 2038-1 has broken x2goclients way of scping session setup files from client to server, resulting in an error message shown in a GUI error dialog box during...
[SECURITY] [DLA 2045-1] tightvnc security update
Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC...
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2044-1] cyrus-sasl2 security update
Package : cyrus-sasl2 Version : 2.1.26.dfsg1-13+deb8u2 CVE ID : CVE-2019-19906 Debian Bug : 947043 There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an...
[SECURITY] [DLA 2043-2] gdk-pixbuf regression update
Package : gdk-pixbuf Version : 2.31.1-2+deb8u9 While preparing a fix for CVE-2017-6314 an unknown symbol guintcheckedmul was introduced. For Debian 8 "Jessie", this problem has been fixed in version 2.31.1-2+deb8u9. We recommend that you upgrade your gdk-pixbuf packages. Further information about...
[SECURITY] [DSA 4590-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4590-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2043-1] gdk-pixbuf security update
Package : gdk-pixbuf Version : 2.31.1-2+deb8u8 CVE ID : CVE-2016-6352 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Several issues in gdk-pixbuf, a library to handle pixbuf, have been found. CVE-2016-6352 fix for denial of service out-of-bounds write and crash via crafted dimensions in ...
[SECURITY] [DSA 4589-1] debian-edu-config security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2042-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...
[SECURITY] [DLA 2041-1] debian-edu-config security update
Package : debian-edu-config Version : 1.818+deb8u3 CVE ID : CVE-2019-3467 Debian Bug : 946797 It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu Skolelinux, contained an insecure configuration for kadmin, the Kerberos administration...
[SECURITY] [DLA 2040-1] harfbuzz security update
Package : harfbuzz Version : 0.9.35-2+deb8u1 CVE ID : CVE-2015-8947 An issue has been found in harfbuzz, an OpenType text shaping engine. Due to a buffer over-read, remote attackers are able to cause a denial of service or possibly have other impact via crafted data. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2039-1] libvorbis security update
Package : libvorbis Version : 1.3.4-2+deb8u3 CVE ID : CVE-2017-11333 CVE-2017-14633 Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function...
[SECURITY] [DSA 4588-1] python-ecdsa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4588-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4588-1] python-ecdsa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4588-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2038-1] libssh security update
Package : libssh Version : 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548 It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server...
[SECURITY] [DSA 4587-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4587-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4587-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4586-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4586-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2037-1] spamassassin security update
Package : spamassassin Version : 3.4.2-0+deb8u2 CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an...
[SECURITY] [DLA 2036-1] thunderbird security update
Package : thunderbird Version : 1:68.3.0-2deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems hav...
[SECURITY] [DLA 2035-1] libpgf security update
Package : libpgf Version : 6.14.12-3+deb8u1 CVE ID : CVE-2015-6673 An issue has been found in libpgf, a library to handle Progressive Graphics File PGF. Due to lack of validation of ColorTableSize, a use-after-free issue might appear in Decoder.cpp For Debian 8 "Jessie", this problem has been fix...
[SECURITY] [DSA 4585-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4585-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4584-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4584-1] spamassassin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2034-1] davical security update
Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...
[SECURITY] [DLA 2033-1] php-horde security update
Package : php-horde Version : 5.2.1+debian0-2+deb8u5 CVE ID : CVE-2019-12095 A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DSA 4565-2] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4565-2] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4583-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4583-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4582-1] davical security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2032-1] cacti security update
Package : cacti Version : 0.8.8b+dfsg-8+deb8u8 CVE ID : CVE-2019-17358 It was discovered that there was unsafe deserialisation issue in cacti, server monitoring system system. Unsafe deserialisation of objects which can lead to abuse of the application logic, deny service or even execute arbitrar...
[SECURITY] [DSA 4581-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4581-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4581-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2030-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u10 CVE ID : CVE-2019-17267 CVE-2019-17531 More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking mor...
[SECURITY] [DLA 2031-1] freeimage security update
Package : freeimage Version : 3.15.4-4.2+deb8u2 CVE ID : CVE-2019-12211 CVE-2019-12213 Debian Bug : 929597 It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211 Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw migh...
[SECURITY] [DLA 2028-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u9 CVE ID : CVE-2019-12526 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities. CVE-2019-12526 URN response handling in Squ...
[SECURITY] [DLA 2029-1] firefox-esr security update
Package : firefox-esr Version : 68.3.0esr-1deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8...
[SECURITY] [DLA 2027-1] jruby security update
Package : jruby Version : 1.5.6-9+deb8u2 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Several security vulnerabilities were found in Ruby that also affected Debians JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause...
[SECURITY] [DSA 4580-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4580-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2026-1] htmldoc security update
Package : htmldoc Version : 1.8.27-8+deb8u1 CVE ID : CVE-2019-19630 In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang. For Debian 8 "Jessie", this issue has been fixed in htmldoc version 1.8.27-8+deb8u1. We recommend...
[SECURITY] [DLA 2025-1] openslp-dfsg security update
Package : openslp-dfsg Version : 1.2.1-10+deb8u2 CVE IDs : CVE-2017-17833 CVE-2019-5544 The OpenSLP package had two open security issues: CVE-2017-17833 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-servic...
[SECURITY] [DLA 2024-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u7 CVE ID : CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 "Jessie", this issue has been fixed in phpmyadmin version...