[SECURITY] [DLA 1794-1] libspring-security-2.0-java security update
Package: libspring-security-2.0-java Version: 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance, resulting in insecure randomness. For Debian 8 "Jessie", this problem has been fixed in version 2.0.7.RELEASE-3+deb8u1. We recommend that you upgrade your libspring-security-2.0-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 1792-2] cups-filters regression update
Package: cups-filters Version: 1.0.61-5+deb8u4 Debian Bug : 926576 928936 928952 The update for ghostscript released as DLA-1792-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal "pdfdict" now hidden in the ghostscript update. Updated cups-filters packages are now available to correct this issue. For Debian 8 "Jessie", this problem has been fixed in version 1.0.61-5+deb8u4. We recommend that you upgrade your cups-filters packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 1793-1] dhcpcd5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dhcpcd5 Version: 6.0.5-2+deb8u1 CVE ID : CVE-2019-11579 Debian Bug : #928104 It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version 6.0.5-2+deb8u1. Thanks to Roy Marples . We recommend that you upgrade your dhcpcd5 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzhnJMACgkQHpU+J9Qx Hlj7MA/+O+aO20OghCbJMGHLL2BcEc0bqzX/IqdtwRWl4pu9nZjHmLYXpiae99NG seBAPWPoT1Nvu7LsADLhcj+XL0NclCDN9rIn/amBt86ubUBc1TjjWBmm4lH5un4P +y2Xa7RSU8GHoma4eY/yOXPLQ5Knna1KMWWlNwik2N2M5pgljspO/pBTOYOSy3Xv waPZjObQP0ZlcCAFomw0X82grF8sG+F5AiMhNWdRfypqDFb7ga+3CAcsvl2gZFZi N75zsqm0m9QfrZfEbr8rjfcPPhLaHJAVRAZEVbPP2B9x8YtlyjKgamE5LprtmJJX dzpaut/Z277a6g1bO1v0SYH3dv+bksyHp4GVAhFA5TZhRxUBNevyTs/NuMEoSIEf iDDE/9RrfOwReNIqDQcXBWK+3zKtH7kyqEb8OVYJ+mEPO5QqYHInR0XicC0J+bo2 GEo9QpTSm98FFghUjdrsEZQNpOF5/4dZpaNrtjPPRqcWLv3xUGS0RKu5bZyAjV/k /Putz+3sETyGcQzH+ELtm+/UQMy6f+qyg9hbk/ccsTSZ8a2drQ6/PODgdA+yJIOT CLunT88n9h0WNXfD4AvOn3enKOwPdHrmL7Y/DZGiKhXwH0Ex+AEbA004WEJfrKE9 t1+xOgaFDpMKvbRJSbOVzNt6PWBRYpuSIXz3LBw2X3t9V5Zsfyk= =at+f -END PGP SIGNATURE-
[SECURITY] [DLA 1792-1] ghostscript security update
Package: ghostscript Version: 9.26a~dfsg-0+deb8u3 CVE ID : CVE-2019-3839 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 "Jessie", this problem has been fixed in version 9.26a~dfsg-0+deb8u3. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 1791-1] faad2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: faad2 Version: 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362 Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to multiple heap based buffer overflow issues. These flaws might be leveraged by remote attackers to cause DoS. CVE-2018-20198 CVE-2018-20362 Insufficient user input validation in the sbr_hfadj module leads to stack-based buffer underflow issues. These flaws might be leveraged by remote attackers to cause DoS or any other unspecified impact. For Debian 8 "Jessie", these problems have been fixed in version 2.7-8+deb8u2. We recommend that you upgrade your faad2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzhXiYACgkQZYVUZx9w 0DSd7AgAnx+bcGQQ52QVsGN9pp7pNXewl2T2e0u9T9FnJtBEULdps/FOBcX7hD73 WXFuJ8KKB8fnYmvyaqEH4YBJfLK+oBZltafogg23Y8vU4X9b1w0RaMQUI0kfYVwy 7sxEX5j45I9N10gW0g0aBpHo0Clan2N8Yp7JaOyDgQ5oT/IHp0T9QH5n7B3sU0No xNCtJ4WpCC0BRUVKYiyN2eRNOFW+MZ1w8Z2JCuF1fxtMWNWJ5vLn0UbYgGbSNrqn PQbA92rFi/riY8oFGBhgoDaOIoygdAl0+0nagAmQEb0gn1A1GBfoIBzPKd81xrL4 Sd5hfA0xD2MBG6K3jr9pu9hNjIdVEw== =rojk -END PGP SIGNATURE-