Package: erlang
Version: 15.b.1-dfsg-4+deb7u2
CVE ID : CVE-2017-1000385
An erlang TLS server configured with cipher suites using RSA key exchange,
may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA
Bleichenbacher attack) against RSA, which when exploited, may
Package: simplesamlphp
Version: 1.9.2-1+deb7u1
CVE ID : CVE-2017-12867 CVE-2017-12868 CVE-2017-12869 CVE-2017-12872
CVE-2017-12873 CVE-2017-12874
The simplesamlphp package in wheezy is vulnerable to multiple attacks
on authentication-related code, leading
ian: https://debian-handbook.info/get/
-BEGIN PGP SIGNATURE-
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyFMkACgkQA4gdq+vC
mrmRmQf/R3pDU+VnZFfaWgOcGRBfwDo/WxgnhfKwvwmcihnvTp2Yt5ojwnhXS83+
BGawVQhw0w66xlkDouHV2nHBUojD2UGlIwGS7XkTaiOz4GB7wO7HNQ
Debian: https://debian-handbook.info/get/
-BEGIN PGP SIGNATURE-
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyCsEACgkQA4gdq+vC
mrlNNAf/YvyHZO1VnF28HRGDM4YQqS8bw1oOYBn4jQpvS2eAGdVjhhNgk696zWiD
CvVBxdls2cd40I0xA5jbXyCRljuCGztRc6aRwd2yBqjD3COBBHt7NcBq1McznR6i
html
Learn to master Debian: https://debian-handbook.info/get/
-BEGIN PGP SIGNATURE-
Comment: Signed by Raphael Hertzog
iQEyBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyB54ACgkQA4gdq+vC
mrmk1Af3YmnqEQ6UnQ1msJuq1Wv4floBLSIo7/eQ36uoIwZAOX8uMBjkEjXDO1k3
sfdfYTKbyHQK6tY5dV+8OT
Package: vorbis-tools
Version: 1.4.0-1+deb7u1
CVE ID : CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749
Debian Bug : 797461 776086 771363
vorbis-tools is vulnerable to multiple issues that can result in denial
of service.
CVE-2014-9638
Divide by zero error
Package: tiff
Version: 4.0.2-6+deb7u14
CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404
Debian Bug : 863185 850316
tiff was affected by multiple memory leaks (CVE-2017-9403, CVE-2017-9404)
that could result in denial of service. Furthermore, while the
Package: tiff3
Version: 3.9.6-11+deb7u6
CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404
tiff3 was affected by multiple memory leaks (CVE-2017-9403, CVE-2017-9404)
that could result in denial of service. Furthermore, while the current
version in Debian was
Package: nss
Version: 2:3.26-1+debu7u3
CVE ID : CVE-2017-5461 CVE-2017-5462
Debian Bug : 862958
The NSS library is vulnerable to two security issues:
CVE-2017-5461
Out-of-bounds write in Base64 encoding. This can trigger a crash
(denial of service) and might
Package: openvpn
Version: 2.2.1-8+deb7u4
CVE ID : CVE-2017-7479
Denial of Service due to Exhaustion of Packet-ID counter
An authenticated client can cause the server's the packet-id counter to
roll over, which would lead the server process to hit an ASSERT() and
stop
Package: slurm-llnl
Version: 2.3.4-2+deb7u1
CVE ID : CVE-2016-10030
Debian Bug : 850491
With this vulnerability arbitrary files can be overwritten on nodes
running jobs provided that the user can run a job that is able to
trigger a failure of a Prolog script.
For
Package: ghostscript
Version: 9.05~dfsg-6.3+deb7u5
CVE ID : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951
ghostscript is vulnerable to multiple issues that can lead
to denial of service when processing untrusted content.
CVE-2016-10219
Application crash with division
Package: tiff
Version: 4.0.2-6+deb7u11
CVE ID : CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269
libtiff is vulnerable to multiple buffer overflows and integer overflows
that can lead to application crashes (denial of service) or worse.
CVE-2016-10266
Package: libxslt
Version: 1.1.26-14.1+deb7u3
CVE ID : CVE-2017-5029
Debian Bug : 858546
libxslt is vulnerable to an integer overflow in the xsltAddTextString
function that can be exploited to trigger an out of bounds write on 64-bit
systems.
For Debian 7 "Wheezy",
Package: tiff
Version: 4.0.2-6+deb7u10
Debian Bug : 852610
Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff
being unable to write out tiff files when the compression scheme
in use relies on codec-specific TIFF tags embedded in the image.
This problem
Package: tiff3
Version: 3.9.6-11+deb7u3
Debian Bug : 852610
Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that
resulted in libtiff writing out invalid tiff files when the compression
scheme in use relies on codec-specific TIFF tags embedded in the image.
For
Package: nss
Version: 2:3.26-1+debu7u2
CVE ID : CVE-2016-9074
Franziskus Kiefer reported that the existing mitigations for
some timing side-channel attacks were insufficient:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
For Debian 7
Package: unzip
Version: 6.0-8+deb7u6
CVE ID : CVE-2014-9913 CVE-2016-9844
Debian Bug : 847485 847486
"unzip -l" (CVE-2014-9913) and "zipinfo" (CVE-2016-9844) were vulnerable
to buffer overflows when provided malformed or maliciously-crafted ZIP
files.
For Debian 7
Package: libgc
Version: 1:7.1-9.1+deb7u1
CVE ID : CVE-2016-9427
Debian Bug : 844771
libgc is vulnerable to integer overflows in multiple places. In some cases,
when asked to allocate a huge quantity of memory, instead of failing the
request, it will return a pointer to
Package: tiff
Version: 4.0.2-6+deb7u8
CVE ID : CVE-2016-9273 CVE-2016-9297 CVE-2016-9532
Debian Bug : 844013 844226 844057
Multiple memory corruption issues have been identified in libtiff
and its associated tools.
CVE-2016-9273
Heap buffer overflow in
Package: tiff
Version: 4.0.2-6+deb7u7
CVE ID : CVE-2014-8128 CVE-2015-7554 CVE-2015-8668 CVE-2016-3186
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3631
CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-5102
Package: virtualbox-ose
Oracle stopped supporting version 3.2 of VirtualBox last June. They also
do not disclose enough information about vulnerabilities discovered
and fixed in newer versions so that it is impossible for us to
verify whether the vulnerability also applies to 3.2 and to
Package: foomatic-filters
Version: 4.0.5-6+squeeze2+deb6u12
CVE ID : CVE-2015-8560
Debian Bug : 807993
Adam Chester discovered that there was an injection vulnerability in
foomatic-filters which is used by printer spoolers to convert
incoming PostScript data into the
Package: arts
Version: 1.5.9-3+deb6u1
CVE ID : CVE-2015-7543
It has been reported that arts uses the insecure mktemp() function
to create the temporary directory it uses to host user-specific sockets.
It is thus possible for another user to hijack this temporary directory
Package: kdelibs
Version: 3.5.10.dfsg.1-5+deb6u1
CVE ID : CVE-2015-7543
It has been reported that kdelibs uses the insecure mktemp() function
to create the temporary directory it uses to host user-specific sockets.
It is thus possible for another user to hijack this
Package: bouncycastle
Version: 1.44+dfsg-2+deb6u1
CVE ID : CVE-2015-7940
Debian Bug : 802671
The Bouncy Castle Java library before 1.51 does not validate that a point
is within the elliptic curve, which makes it easier for remote attackers
to obtain private keys via a
Package: imagemagick
Version: 8:6.6.0.4-3+squeeze7
Debian Bug : 806441
Submitting specially crafted icons (.ico) or .pict images to ImageMagick
can trigger integer overflows that can lead to buffer overflows and
memory allocations issues. Depending on the case, this can lead
Package: eglibc
Version: 2.11.3-4+deb6u8
CVE ID : not assigned yet
Debian Bug : 803927
The strxfrm() function is vulnerable to integer overflows when computing
memory allocation sizes (similar to CVE-2012-4412). Furthermore since
it fallbacks to use alloca() when
Package: libhtml-scrubber-perl
Version: 0.08-4+deb6u1
CVE ID : CVE-2015-5667
Debian bug : 803943
HTML::Scrubber is vulnerable to a cross-site scripting (XSS) vulnerability
when the comment feature is enabled. It allows remote attackers to inject
arbitrary web script or
Package: unzip
Version: 6.0-4+deb6u3
CVE ID : CVE-2015-7696 CVE-2015-7697
Debian Bug : 802160 802162
Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a
heap overflow and to a denial of service with specially crafted
password-protected ZIP archives.
Package: squid3
Version: 3.1.6-1.2+squeeze5
CVE ID : CVE-2015-5400
Debian Bug : 793128
Alex Rousskov discovered that Squid configured with cache_peer and
operating on explicit proxy traffic does not correctly handle CONNECT
method peer responses. In some
Package: python-django
Version: 1.2.3-3+squeeze13
CVE ID : CVE-2015-2317 CVE-2015-5143 CVE-2015-5144
Several vulnerabilities were discovered in Django, a high-level Python web
development framework:
CVE-2015-2317
Daniel Chatfield discovered that python-django, a
Package: aptdaemon
Version: 0.31+bzr413-1.1+deb6u1
CVE ID : CVE-2015-1323
Debian Bug : 789162
Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate
dbus method. A local attacker could use this issue to possibly expose
sensitive information, or
Package: libapache-mod-jk
Version: 1:1.2.30-1squeeze2
CVE ID : CVE-2014-8111
Debian Bug : 783233
An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web
Package: qt4-x11
Version: 4:4.6.3-4+squeeze3
CVE ID : CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859
CVE-2015-1860
Debian Bug : 779550 783133
This update fixes multiple security issues in the Qt library.
CVE-2013-0254
The QSharedMemory
Package: python-django
Version: 1.2.3-3+squeeze12
CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221
Multiple security issues have been found in Django:
https://www.djangoproject.com/weblog/2015/jan/13/security/
For Debian 6 Squeeeze, they have been fixed in version
Package: bsd-mailx
Version: 8.1.2-0.20100314cvs-1+deb6u1
CVE ID : CVE-2014-7844
It was discovered that bsd-mailx, an implementation of the mail
command, had an undocumented feature which treats syntactically valid
email addresses as shell commands to execute.
Users who
Package: heirloom-mailx
Version: 12.4-2+deb6u1
CVE ID : CVE-2004-2771 CVE-2014-7844
Two security vulnerabilities were discovered in Heirloom mailx, an
implementation of the mail command:
CVE-2004-2771
mailx interprets interprets shell meta-characters in certain email
Package: getmail4
Version: 4.46.0-1~deb6u1
CVE ID : CVE-2014-7273 CVE-2014-7274 CVE-2014-7275
Debian Bug : 766670
Several vulnerabilities have been discovered in getmail4, a mail retriever
with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle
Package: apache2
Version: 2.2.16-6+squeeze14
CVE ID : CVE-2013-5704 CVE-2014-3581
This update fixes two security issues with apache2.
CVE-2013-5704
Disable the possibility to replace HTTP headers with HTTP trailers
as this could be used to circumvent earlier
40 matches
Mail list logo