Libsoup2.4 and PhpMyAdmin Packages for Debian 8 LTS

Debian 10713 Published by Philipp Esselbach 0

The following security updates has been released for Debian GNU/Linux 8 LTS:

DLA 1415-1: phpmyadmin security update

Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration interface, including SQL injection attacks, denial of service, arbitrary code execution, cross-site scripting, server-side request forgery, authentication bypass, and file system traversal.

DLA 1416-1: libsoup2.4 security update

It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

Mercurial, PHP7.0, Libsoup2.4 Updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1414-1: mercurial security update

Some security vulnerabilities were found in Mercurial which allow authenticated users to trigger arbitrary code execution and unauthorized data access in certain server configuration.

Debian GNU/Linux 9:
DSA 4240-1: php7.0 security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

DSA 4241-1: libsoup2.4 security update

It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

Cups, Exiv2, Gosa Updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1412-1: cups security update
Two vulnerabilities affecting the cups printing server were found which can lead to arbitrary IPP command execution and denial of service.

Debian GNU/Linux 9:
DSA 4238-1: exiv2 security update
Several vulnerabilites have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.

DSA 4239-1: gosa security update
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

Lame, Ming, Timcat7, Python-Pysaml2 Updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-11-1 lame security update
Multiple vulnerabilities have been discovered in lame: CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046

ELA-12-1 ming security update
Multiple vulnerabilities have been discovered in ming: CVE-2018-11226 CVE-2018-11225 CVE-2018-11100 CVE-2018-11095

Debian GNU/Linux 8 LTS:
DLA 1400-2: tomcat7 regression update
The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework.

DLA 1410-1: python-pysaml2 security update
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Libgcrypt20, Firefox, MariaDB, Simplesamlphp, Mosquitto Updates for Debian

Debian 10713 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1405-1: libgcrypt20 security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys

DLA 1406-1: firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure

DLA 1407-1: mariadb-10.0 security update
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35

DLA 1408-1: simplesamlphp security update
This address two security issues

DLA 1409-1: mosquitto security update
Fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client. In case all sockets/file descriptors are exhausted, this is a fix to avoid default config values after reloading configuration by SIGHUP signal

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...