Libsoup2.4 and PhpMyAdmin Packages for Debian 8 LTS

Debian 10962 Published by Philipp Esselbach 0

The following security updates has been released for Debian GNU/Linux 8 LTS:

DLA 1415-1: phpmyadmin security update

Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration interface, including SQL injection attacks, denial of service, arbitrary code execution, cross-site scripting, server-side request forgery, authentication bypass, and file system traversal.

DLA 1416-1: libsoup2.4 security update

It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

Mercurial, PHP7.0, Libsoup2.4 Updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1414-1: mercurial security update

Some security vulnerabilities were found in Mercurial which allow authenticated users to trigger arbitrary code execution and unauthorized data access in certain server configuration.

Debian GNU/Linux 9:
DSA 4240-1: php7.0 security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

DSA 4241-1: libsoup2.4 security update

It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

Cups, Exiv2, Gosa Updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1412-1: cups security update
Two vulnerabilities affecting the cups printing server were found which can lead to arbitrary IPP command execution and denial of service.

Debian GNU/Linux 9:
DSA 4238-1: exiv2 security update
Several vulnerabilites have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.

DSA 4239-1: gosa security update
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

Lame, Ming, Timcat7, Python-Pysaml2 Updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-11-1 lame security update
Multiple vulnerabilities have been discovered in lame: CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046

ELA-12-1 ming security update
Multiple vulnerabilities have been discovered in ming: CVE-2018-11226 CVE-2018-11225 CVE-2018-11100 CVE-2018-11095

Debian GNU/Linux 8 LTS:
DLA 1400-2: tomcat7 regression update
The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework.

DLA 1410-1: python-pysaml2 security update
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Libgcrypt20, Firefox, MariaDB, Simplesamlphp, Mosquitto Updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1405-1: libgcrypt20 security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys

DLA 1406-1: firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure

DLA 1407-1: mariadb-10.0 security update
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35

DLA 1408-1: simplesamlphp security update
This address two security issues

DLA 1409-1: mosquitto security update
Fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client. In case all sockets/file descriptors are exhausted, this is a fix to avoid default config values after reloading configuration by SIGHUP signal

PHP-Horde-Crypt, Passenger, Tomcat7 and more updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-10-1 exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 8 LTS:
DLA 1398-1: php-horde-crypt security update
It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email.

DLA 1399-1: ruby-passenger security update
Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible.

DLA 1400-1: tomcat7 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

DLA 1401-1: graphicsmagick security update
Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

DLA 1402-1: exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 9:
DSA 4235-1: firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

DSA 4236-1: xen security update
Multiple vulnerabilities have been discovered in the Xen hypervisor

Imagemagick, PHP5, Plexus-Archiver Updates for Debian

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-9-1 plexus-archiver security update
An arbitrary file write vulnerability was discovered in plexus-archiver, the archiver plugin for the Plexus modular compiler system.

Debian GNU/Linux 8 LTS:
DLA 1394-1: imagemagick security update
Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash) or out of bounds memory access via crafted SUN, BMP, or DIB image files.

DLA 1397-1: php5 security update
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

OpenSSL, GnuGP, Ghostscript, and Perl Updates for Debian 7 Extended LTS

Debian 10962 Published by Philipp Esselbach 0

4 security updates has been released for Debian GUN/Linux 7 Extended LTS:

ELA-4-1 openssl security update
Possible DoS by a malicious server that sends a very large prime value to the client during TLS handshake.

ELA-5-1 gnupg security update
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

ELA-6-1 ghostscript security update
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the potential information disclosure about files for which read permissions are not available.

ELA-7-1 perl security update
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

Bouncycastle and Lava-Server Updates for Debian 9

Debian 10962 Published by Philipp Esselbach 0

The following updates has been released for Debian GNU/Linux 9:

DSA 4233-1: bouncycastle security update
It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.

DSA 4234-1: lava-server security update
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...