14409 matches found
[SECURITY] [DSA 4569-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4568-1] postgresql-common security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4568-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1990-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.189-3+deb9u2deb8u1 CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It was discovere...
[SECURITY] [DLA 1991-1] libssh2 security update
Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server m...
[SECURITY] [DSA 4565-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4565-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4565-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4565-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4566-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4566-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4567-1] dpdk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4567-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4563-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4563-1 [email protected] https://www.debian.org/security/ Alberto Garcia November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1989-1] linux security update
Package : linux Version : 3.16.76-1 CVE ID : CVE-2019-0154 CVE-2019-11135 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-0154 Intel discovered that on their 8th and 9th generation GPUs,...
[SECURITY] [DSA 4564-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 [email protected] https://www.debian.org/security/ Ben Hutchings November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4564-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 [email protected] https://www.debian.org/security/ Ben Hutchings November 12, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1988-1] ampache security update
Package : ampache Version : 3.6-rzb2752+dfsg-5+deb8u1 CVE ID : CVE-2019-12385 CVE-2019-12386 Several vulnerabilities were discovered in Ampache, a web-based audio file management system. CVE-2019-12385 A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected...
[SECURITY] [DSA 4562-1] chromium security update
-------------------------------------------------------------------------- Debian Security Advisory DSA-4562-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 10, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1986-1] ruby-haml security update
Package : ruby-haml Version : 4.0.5-2+deb8u1 CVE ID : CVE-2017-1002201 In haml, when using user input to perform tasks on the server, characters like " must be escaped properly. In this case, the character was missed. An attacker can manipulate the input to introduce additional attributes,...
[SECURITY] [DLA 1987-1] firefox-esr security update
Package : firefox-esr Version : 68.2.0esr-1deb8u1 CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the...
[SECURITY] [DLA 1984-1] gdal security update
Package : gdal Version : 1.10.1+dfsg-8+deb8u1 CVE ID : CVE-2019-17545 GDAL through 3.0.1 had a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold was exceeded. For Debian 8 "Jessie", this problem has been fixed in version 1.10.1+dfsg-8+deb8u1. We recommend that...
[SECURITY] [DLA 1985-1] djvulibre security update
Package : djvulibre Version : 3.5.25.4-4+deb8u2 CVE ID : CVE-2019-18804 It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues. For Debian 8 "Jessie", this issue has been fixed in...
[SECURITY] [DSA 4561-1] fribidi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4561-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4561-1] fribidi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4561-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1983-1] simplesamlphp security update
Package : simplesamlphp Version : 1.13.1-2+deb8u3 CVE ID : CVE-2019-3465 Debian Bug : 944107 It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 "Jessie", this problem has been...
[SECURITY] [DSA 4560-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4560-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst November 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1982-1] openafs security update
Package : openafs Version : 1.6.9-2+deb8u9 CVE ID : CVE-2019-18601 CVE-2019-18602 CVE-2019-18603 Debian Bug : 943587 Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2019-18601 OpenAFS is prone to denial of service from unserialized data access because...
[SECURITY] [DSA 4559-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4559-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1981-1] cpio security update
Package : cpio Version : 2.11+dfsg-4.1+deb8u2 CVE ID : CVE-2019-14866 Debian Bug : 941412 A vulnerability was discovered in the cpio package. CVE-2019-14866 It is possible for an attacker to create a file so when backed up with cpio can generate arbitrary files in the resulting tar archive. When...
[SECURITY] [DLA 1980-1] wordpress security update
Package : wordpress Version : 4.1.28+dfsg-0+deb8u1 CVE ID : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671 CVE-2019-17675 Debian Bug : 942459 Several vulnerabilities in wordpress, a web blogging tool, have been fixed. CVE-2019-17669 Server Side Request Forgery SSRF vulnerability because URL...
[SECURITY] [DSA 4558-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4558-1 [email protected] https://www.debian.org/security/ Alberto Garcia November 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4557-1] libarchive security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4557-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4556-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4556-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1979-1] italc security update
Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307 CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023...
[SECURITY] [DLA 1978-1] python-ecdsa security update
Package : python-ecdsa Version : 0.11-1+deb8u1 CVE ID : CVE-2019-14853 CVE-2019-14859 It was discovered that python-ecdsa, a cryptographic signature library for Python, did not correctly verify DER encoded signatures. Malformed signatures could lead to unexpected exceptions and in some cases did...
[SECURITY] [DLA 1977-1] libvncserver security update
Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u6 CVE ID : CVE-2019-15681 Debian Bug : 943793 LibVNC contained a memory leak CWE-655 in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. For Debian 8 "Jessie", this problem has bee...
[SECURITY] [DLA 1976-1] imapfilter security update
Package : imapfilter Version : 1:2.5.2-2+deb8u1 CVE ID : CVE-2016-10937 Debian Bug : 939702 The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support. For Debian 8 "Jessie", this problem has been fixed in version...
[SECURITY] [DSA 4555-1] pam-python security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4555-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4554-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4554-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1975-1] spip security update
Package : spip Version : 3.0.17-2+deb8u5 CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394 It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries...
[SECURITY] [DSA 4553-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4553-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4552-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4552-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1973-1] libxslt security update
Package : libxslt Version : 1.1.28-2+deb8u6 CVE ID : CVE-2019-18197 Debian Bug : 942646 A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C. In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memo...
[SECURITY] [DLA 1974-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u4 CVE ID : CVE-2019-18217 An issue has been found in proftp-dfsg, a versatile, virtual-hosting FTP daemon. Due to incorrect handling of overly long commands, a remote unauthenticated user could trigger a denial-of-service by reaching an endles...
[SECURITY] [DLA 1972-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u4 CVE ID : CVE-2017-7655 CVE-2018-12550 CVE-2018-12551 CVE-2019-11779 Several issues have been found in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker. CVE-2017-7655 A Null dereference vulnerability in the Mosquitto library could lead to...
[SECURITY] [DLA 1971-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u8 CVE ID : CVE-2019-18408 An issue has been found in libarchive, a multi-format archive and compression library. In case of a crafted archive containing several parts and one part being corrupt, there would be an use-after-free for the next part of the...
[SECURITY] [DLA 1970-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u7 CVE ID : CVE-2019-11043 Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in...
[SECURITY] [DSA 4551-1] golang-1.11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4551-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4550-1] file security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4550-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4549-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4549-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1969-1] file security update
Package : file Version : 1:5.22+15-2+deb8u6 CVE ID : CVE-2019-18218 An issue has been found in file, a tool to determine file types by using magic numbers. The number of CDFVECTOR elements had to be restricted in order to prevent a heap-based buffer overflow 4-byte out-of-bounds write. For Debian...
[SECURITY] [DSA 4548-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4548-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4547-1] tcpdump security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4547-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2019 https://www.debian.org/security/faq -...