14409 matches found
[SECURITY] [DLA 2023-1] openjdk-7 security update
Package : openjdk-7 Version : 7u241-2.6.20-1deb8u1 CVE ID : CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Several...
[SECURITY] [DSA 4579-1] nss security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4579-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2022-1] librabbitmq security update
Package : librabbitmq Version : 0.5.2-2+deb8u1 CVE ID : CVE-2019-18609 Debian Bug : 946005 It was discovered that there was an integer overflow vulnerability in librabbitmq, a library for robust messaging between applications and servers. For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DLA 2021-1] libav security update
Package : libav Version : 6:11.12-1deb8u9 CVE ID : CVE-2017-17127 CVE-2017-18245 CVE-2018-19128 CVE-2018-19130 CVE-2019-14443 CVE-2019-17542 Several security issues were fixed in libav, a multimedia library for processing audio and video files. CVE-2017-17127 The vc1decodeframe function in...
[SECURITY] [DLA 2020-1] libonig security update
Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...
[SECURITY] [DLA 2019-1] exiv2 security update
Package : exiv2 Version : 0.24-4.1+deb8u5 CVE ID : CVE-2019-17402 A corrupted or specially crafted CRW images might exceed the overall buffersize to cause a denial of service. For Debian 8 "Jessie", this problem has been fixed in version 0.24-4.1+deb8u5. We recommend that you upgrade your exiv2...
[SECURITY] [DLA 2017-2] asterisk regression update
Package : asterisk Version : 1:11.13.1dfsg-2+deb8u8 The backport of the CVE-2019-13161 fix caused a regression and has been reverted. For Debian 8 "Jessie", this problem has been fixed in version 1:11.13.1dfsg-2+deb8u8. We recommend that you upgrade your asterisk packages. Further information abo...
[SECURITY] [DLA 2018-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u5 CVE ID : CVE-2019-19269 In modtls a crash with empty CRL was fixed. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5. We recommend that you upgrade your proftpd-dfsg packages. Further information about...
[SECURITY] [DLA 2017-1] asterisk security update
Package : asterisk Version : 1:11.13.1dfsg-2+deb8u7 CVE ID : CVE-2019-13161 CVE-2019-18610 CVE-2019-18790 Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161 An attacker was able to crash Asterisk when handling an SDP answer to an outgoing T.38...
[SECURITY] [DLA 1698-2] file regression update
Package : file Version : 1:5.22+15-2+deb8u7 This update fixes a regression in introduced in 1:5.22+15-2+deb8u5 causing truncated output of the interpreter name, thanks to Christoph Biedl for reporting the problem and cause. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2005-1] tnef security update
Package : tnef Version : 1.4.9-1+deb8u4 CVE ID : CVE-2019-18849 Debian Bug : 944851 In tnef, an attacker may be able to write to the victims .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving...
[SECURITY] [DLA 2004-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u7 CVE ID : CVE-2019-14824 Debian Bug : 944150 A flaw was found in the deref plugin of 389-ds-base where it could use the search permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private...
[SECURITY] [DLA 2016-1] ssvnc security update
Package : ssvnc Version : 1.0.29-2+deb8u1 CVE ID : CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 Debian Bug : 945827 Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have...
[SECURITY] [DLA 2015-1] nss security update
Package : nss Version : 2:3.26-1+debu8u8 CVE ID : CVE-2019-17007 Debian Bug : Handling of Netscape Certificate Sequences in CERTDecodeCertPackage may haved crash with a NULL deref leading to a Denial-of-Service. For Debian 8 "Jessie", this problem has been fixed in version 2:3.26-1+debu8u8. We...
[SECURITY] [DLA 2014-1] vino security update
Package : vino Version : 3.14.0-2+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 Debian Bug : 945784 Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that...
[SECURITY] [DSA 4578-1] libvpx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4578-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4577-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4577-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4577-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4577-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2013-1] libvorbis security update
Package : libvorbis Version : 1.3.4-2+deb8u2 CVE ID : CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 Several issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. The fix for CVE-2017-14160 and CVE-2018-10393 improve the bound checking for very low sampl...
[SECURITY] [DLA 2012-1] libvpx security update
Package : libvpx Version : 1.3.0-3+deb8u2 CVE ID : CVE-2019-9232 CVE-2019-9433 Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232 There is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no addition...
[SECURITY] [DLA 2011-1] xmlrpc-epi security update
Package : xmlrpc-epi Version : 0.54.2-1.1+deb8u1 CVE ID : CVE-2016-6296 An issue in xmlrpc-epi, an XML-RPC request serialisation/deserialisation library, has been found. An integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi could be used for a heap based...
[SECURITY] [DLA 2010-1] bsdiff security update
Package : bsdiff Version : 4.3-15+deb8u1 CVE ID : CVE-2014-9862 An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found. Using a crafted patch file an integer signedness error in bspatch could be used for a heap based buffer overflow and possibly execution of...
[SECURITY] [DLA 2009-1] tiff security update
Package : tiff Version : 4.0.3-12.3+deb8u10 CVE ID : CVE-2017-17095 CVE-2018-12900 CVE-2018-18661 CVE-2019-6128 CVE-2019-17546 Several issues have been found in tiff, a Tag Image File Format library. CVE-2019-17546 The RGBA interface contains an integer overflow that might lead to heap buffer...
[SECURITY] [DLA 2008-1] nss security update
Package : nss Version : 2:3.26-1+debu8u7 CVE ID : CVE-2019-11745 A vulnerability has been discovered in nss, the Mozilla Network Security Service library. An out-of-bounds write can occur when passing an output buffer smaller than the block size to NSCEncryptUpdate. For Debian 8 "Jessie", this...
[SECURITY] [DLA 2007-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u8 CVE ID : CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Several flaws have been found in ruby2.1, an interpreter of an object-oriented scripting language. CVE-2019-15845 Path matching might pass in File.fnmatch and File.fnmatch? due to a NUL...
[SECURITY] [DLA 2006-1] libxdmcp security update
Package : libxdmcp Version : 1:1.1.1-1+deb8u1 CVE ID : CVE-2017-2625 It has been found, that libxdmcp, an X11 Display Manager Control Protocol library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 "Jessie", this problem has been fixed in...
[SECURITY] [DSA 4576-1] php-imagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4576-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4576-1] php-imagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4576-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4575-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4575-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4575-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4575-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4571-2] enigmail update
------------------------------------------------------------------------- Debian Security Advisory DSA-4571-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2003-1] isc-dhcp security update
Package : isc-dhcp Version : 4.3.1-6+deb8u4 CVE ID : CVE-2016-2774 An issue has been found in isc-dhcp, a server for automatic IP address assignment. The number of simultaneous open TCP connections to OMAPI port of the server has to be limited to 200 in order to avoid a denial of service. For...
[SECURITY] [DLA 2002-1] libice security update
Package : libice Version : 2:1.0.9-1+deb8u1 CVE ID : CVE-2017-2626 It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2001-1] libofx security update
Package : libofx Version : 1:0.9.10-1+deb8u2 CVE ID : CVE-2019-9656 Debian Bug : 924350 There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DLA 2000-1] pam-python security update
Package : pam-python Version : 1.0.4-1.1+deb8u1 CVE ID : CVE-2019-16729 Debian Bug : 942514 It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root...
[SECURITY] [DSA 4574-1] redmine security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4574-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 19, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1999-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...
[SECURITY] [DSA 4573-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4572-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1998-1] python-psutil security update
Package : python-psutil Version : 2.1.1-1+deb8u1 CVE ID : CVE-2019-18874 Debian Bug : 944605 It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data. This was caused by incorrect...
[SECURITY] [DLA 1997-1] thunderbird security update
Package : thunderbird Version : 1:68.2.2-1deb8u1 CVE ID : CVE-2019-11755 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in Thunderbird which could potentially result in the execution ...
[SECURITY] [DLA 1996-1] libapache2-mod-auth-openidc security update
Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u2 CVE ID : CVE-2019-14857 Debian Bug : 942165 A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open...
[SECURITY] [DLA 1995-1] angular.js security update
Package : angular.js Version : 1.2.26-1+deb8u1 CVE ID : CVE-2019-14863 Earlier versions of this package package were vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. For Debian 8 "Jessie", this problem has been fixed in version 1.2.26-1+deb8u1. We...
[SECURITY] [DSA 4571-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4571-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4570-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4570-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA-1994-1] postgresql-common security update
Package : postgresql-common Version : 165+deb8u4 CVE ID : CVE-2019-3466 Rich Mirch discovered that the pgctlcluster script didnt drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. For the oldoldstable distribution jessie, this...
[SECURITY] [DLA 1993-1] mesa security update
Package : mesa Version : 10.3.2-1+deb8u2 CVE ID : CVE-2019-5068 Debian Bug : 944298 Tim Brown discovered a shared memory permissions vulnerability in the Mesa 3D graphics library. Some Mesa X11 drivers use shared-memory XImages to implement back buffers for improved performance, but Mesa creates...
[SECURITY] [DLA 1992-1] ghostscript security update
Package : ghostscript Version : 9.26adfsg-0+deb8u6 CVE ID : CVE-2019-14869 Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions...
[SECURITY] [DSA 4569-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...