securitybreach Posted June 30, 2015 Share Posted June 30, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3298-1 security@debian.org https://www.debian.org/security/ Markus Koschany July 01, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackrabbit CVE ID : CVE-2015-1833 It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others. For the oldstable distribution (wheezy), this problem has been fixed in version 2.3.6-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.3.6-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 2.10.1-1. For the unstable distribution (sid), this problem has been fixed in version 2.10.1-1. We recommend that you upgrade your jackrabbit packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVkxndAAoJEBDCk7bDfE42wL4P/iw/LPaPCIu7eAmEpo3gZE94 Ev+kR1XPP/2jG1w/GwiedYUaYMAC1EouGSaRDPFt2E7yipLBpxEZSFclG54utzzU NoW5BwSjt1r9fwCvDNxFY4kuwFF61s95kCMV4lwKLDsNW+wTrWSZEw23NW4cyLfT P6kPEQp2n12YdC3PjoQ8U0Iwo1d+Z6KFQclEy1ADZcIhsryRCHR1V+oEHPvOOo6S fPHZDWfAeUdMtC8QVRU+KtQt2dyrJWW/i/lrsRACQZbrZdCEnwukRlrDoBqGNuGY mfyou8TW/bnrn8/AraTyUC+jq6V5xN6lE4Velv/IIN7BUwvBWJmaPlGF92lnp3IA K4k2zSJLc35AoxpGzdLWAsesgckrHm+sdp0N0RgqG34jcbdtb1leWMmxlQxO2o8Y zSFrfk8hwM+r3R9WMhyWb3hCKzSrZQy5N9zi1rIUTRZKbtqTy3S7deJqmmYbqKVC zC5gT+5b+nYpvEkyg/r3e1byNjQFyBb5KGjQ7feYWfvIcEswVFpC6g44UZpQ12uN i+lFiR4EY8XdTTis6inr/j4K2b+vfy4iRXj5iQLZBLxNFKfDMJOFTo2+q10UQO4/ ZbyFnByHRepYIf74Lh2oAg2Da8nUecdU1Q//4vGH8yIaOMqHMpvJN/PM3q1DRLJt W3aqLiUN9LCrWvUlFjpa =8rkS -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 2, 2015 Share Posted July 2, 2015 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : stunnel4 CVE ID : CVE-2015-3644 Debian Bug : 785352 Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then only the initial connection is redirected to the hosts specified with "redirect". This allows a remote attacker to bypass authentication. For the stable distribution (jessie), this problem has been fixed in version 3:5.06-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 3:5.18-1. For the unstable distribution (sid), this problem has been fixed in version 3:5.18-1. We recommend that you upgrade your stunnel4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVlVtTAAoJEAVMuPMTQ89Ez4wP/1HBhk0TceEkAqzpxWukyK5W i2L4/QNbh2xCAKAXn/6YcgiNjeec0CDkXx9xsXMKG8jiUEobxdXMISznOIt0OZTN a8QleldQYD+lTaLxCoXYkTZEefuvkDYEETQdLEql7D5T1QW6UQ5RTnDX+7BO7uNS uNsqeKye5FeoNRZznbndjfGkh/Xyk0CzPv9my5FreTzneq9XxrrnoMHsYDNCIeFB hxuaPDnaEejcXYaA2T0FtDW9nG3BVEcnlxl9/Ryj2js+LVRc03gIsiQFgP6hhgB8 Jx9bz9OErGs8uR272nQJuV60qCMGDMhtNhVngQtfc1JwwwQ4vmv1W0nsvT03LdNP VaLYTT+8NQRY8WVzOswJhC+6zVt6XF5aoOhxyW0Q1bFHi6Hb5rDM01DCkZLYnUvX 1McJel3NySZxf4ckZ8HGOCsYDcoMd+gczrmhfd29iGT0+M5Yx/vyY0Eb7XX8aCLA Maszd/pUBkY5BRyl8+flFwRVO0ma7zVi29z7f7679XZ9Hc+r77OROStbk8SJe/ec dzOPTG4SzzBvgpbdChtjX6B/nDJMl63H5vovG/dVkMxna+iE6eOjwFFZQ2dfP3UM 64tJvHHRn0v49kU2xDrZDxmoDcT4HhSB+9bABh24u9IR9JpaSIruxx3OZhluuYP4 /XxtShKrQNCApKgc7pjR =jN0q -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 3, 2015 Share Posted July 3, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3300-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability. For the oldstable distribution (wheezy), this problem has been fixed in version 31.8.0esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 31.8.0esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 38.1.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVlwcNAAoJEBDCk7bDfE423YUP/jMCjFkgYL0Ky89PzBZ48FLz C2hL8LuRYamhXO3ZbvcktEABX9hJxoRUfrcDRjjoSEGgThhmOEzqC/R1TTz/8ExW 2lX326be5sNc4VEfNs5B2Sm2e/jYmwgghvYQUFlRnS/dSUpXuiqdgRc3+eteeCBU CRmYreptEAvMf2QaXJJIb8g+jGd1NQiklkCXpUIWdQP4jm5K6xyM9+pxhFhMAVkM 0vw6fy566WJqMhjFyTQeXYR+fE32GVJ3wZmR5OSWrBQh5Rt1FrJ2mSA17HsGTCRG T3CgfTRVbPHg5w7C7k83GlQeXZbJUgHZp47t3+YZr17N6BeeSHHWTwap9eM/rHd4 qn0jDMhgWAjCK0Z975Z+1ZblP2hvyr/PJF1Zwm6dJbjWP3mMsfdrYBnoeXupI9Y7 xA+LbXjKUW//6fGkuEAbOHJO45XrTE+OrbZ5+jAS3BIpyk+JuWh7M6q/UggMe+v7 ZUZanLxM3aaw6dVca9TLhFzOs3cpe8vCqavPpQWm0S1dszkH23IkoaKT8zWRqwIt rxFhFoymGbtsJn6W481DO3cY/ujaJUVWWXteB4LYU8QboQ9BdVXFSqedF87jIsRy aqnhltYQZ23SsQX3elsbQY6OOmYMUXWyb4xRkAZ2xTtCDlHI8Fe5pQftldg3LNyP Cnr+4/67BJCGy4qYH9VU =7/pR -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 18, 2015 Share Posted July 18, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3308-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 Debian Bug : 792445 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html For the oldstable distribution (wheezy), these problems have been fixed in version 5.5.44-0+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 5.5.44-0+deb8u1. We recommend that you upgrade your mysql-5.5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVqhzSAAoJEAVMuPMTQ89EomAQAI1juPOJEuifOd68GP6QXgGp UQC9bn9+34p6lF6Zppz3QdHHD1GkTC2NBuLo8uESdJlb7FP6cvNR/tXxuq/1RAzf WYbzf9MzaA+HeRkyaH1PPz+RUVEw71na6UzbP+aRtOgQBWY66gIk08Nu+hQg7wlN YkF7SVRq7Iag3wxTa6PEu6tSvFgBnW7fAq3vX/S8vzd6LKYj0YR1DiLAjhGrrgXf Z3sqanyKxciqZJYDoIB/b+U32cVBg7SVupTUrLtj2xnKD/jAJ1M5uHvnmNeTswsf VdOlDTuIC+1z0roQ8utXZP2y2siPOOz/a/NNVIz4+mSZG2Q11Z8zJA5hR2BQidE2 ZZkCOdRg8G/3XMGQpw82mr1gY2gknlJUUhwgjZFJGLRD9B0EYQuYccogdoifwo8h /q/gYHXfBOEMtWPv01/OeQl9IISDjOgwcYXAaIqHJD655nVzBTSxhzrFEB1QRqan UHjDORz58995q5vEwHQy9ZV8R7teLE3VLYkuZB5hTAPfl7ifErAsfR9EnEp7O0Sn rhnhbn9Iy5pYWX4YIkJyAxuDVKKs1D4Msg6lvcSEYAHXhVpQREYqHEmqOhrYHOQh lPKOmlv1+DyCSsIu+VKZRJXAHY/LEP6XFd5XR3AvgW/eoOVV/5CHCf/IutBJAUJ0 CZi++pP2XBPba1b1J2OJ =TnIo -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 18, 2015 Share Posted July 18, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tidy CVE ID : CVE-2015-5522 CVE-2015-5523 Debian Bug : 792571 Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. Geoff McLane also discovered that a similar issue could trigger an integer overflow, leading to a memory allocation of 4GB. This could allow remote attackers to cause a denial of service by saturating the target's memory. For the oldstable distribution (wheezy), these problems have been fixed in version 20091223cvs-1.2+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 20091223cvs-1.4+deb8u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your tidy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVqojcAAoJEK+lG9bN5XPLn34P/3E7efokZezirY7p4eikB6ER CevFoVPDXpQNBKzr+0P21HyQva318/9sZasVmuPK+M3u/IMo+swUjRTph/FxSxiT vegTYRWxvPHgwF7AiwV6eyPzRaMQcUsXslAY/F2YjmYYfhTHW4Rv0Gk2H0B2woYx cjuMjC5uUXN32pU3Wpq24XayL2pcdT6r4L22TguXF1t1bydygiJLYMhANjCDNVf6 0s+NYTOIHBzH7Fkm6gkqBnkRmdg6yI48HrbD0TcjZR5BtwrbzcJmKk9e5wU5UNSa Ilx56N91VTq48F8mi5ZB57hqzdbWD4I5h+lZMDS7hy57isuTIvc4uDR/LF9e7E2U 6qIJ7IN0J6dsLOAQLIGpnkUTF/SLJJIgYUon4zkPEjIstGExRAn1Of+l/A5k1vaF I3ZPs5pWuvVTxkr1DzoDdELB3aRL20+j+zs1nxc8IucCt8/EHvpDI1iyb3e4w3i3 6rnTIes6h/vA6c310xJk2avMNzv3UhFtSVNPIl+yIZT/QF1tRldViALR5a5BXI5e FgucdM7/+zOT7yWW0uI2EnPCCYLnCumSS9Pjo50/Le/FYkbh0IIg2RrSADwdFq7y qLWaE8neaDxe8KaqIw6fkEHl1W2xwhwuLX3DfPEO04/nYY8whx4HPZF2xoQxU8jO On7mgKze4gCc4ozkDzDr =jhhR -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 19, 2015 Share Posted July 19, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3310-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freexl CVE ID : not yet available It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened. For the oldstable distribution (wheezy), this problem has been fixed in version 1.0.0b-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 1.0.0g-1+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 1.0.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.0.2-1. We recommend that you upgrade your freexl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVq+KDAAoJEBDCk7bDfE42fAIQAKfMu9ZBVUkmPsxKTf3J1ygS DuK7g2PP2hacV3D+igshEL7IxzNKkvdz/Eguz/6ZZUisCueWGginhXNcfvmdjISU bd90aHVZv9c0ZnGTnsY0Fbw8Q2bDyOL05ebSOc7QRLJyMqsdP43MgqjICFw7RgoV Pn3lIVKrfQ9qEE/OKJQa8j0Q+R3tPuwC34z4Gw06HTsB1srtmGLHh9QcfpY0uTeW 3MymXOTAVMOpc/VDAcE2HWcy66d1HtKt96pfBSU5koP4ZX3rF3MmPl3FBKfA+RyR Z8Kxr1PoNuttwldbXwHRMX65Swr655+qV+Y5Nj2qawEBTbcsrSIH3RLjgwoSbojc pzazg9qejxQOrN7E7b+x0tIu1F0Nq+gxc9/d9mWsuBGHV9SyiS+CP7FKYsQgir9b CeKgIu1lU3Rlk5wVpQyZteyLMkMN0zsaQD6DNeTHyRYF7rCaSXvt/9JSLsj2jagN JkPXWByxHitMtWeMMeg1cgQ77qIurk9Mm1tNeQ3lsM43pJqRKr5ggp2cVMtihSFX 8ptrETGzy7NR+If241sYMFTqUn4E8qKTS+0U0HlOPjg/yQ/3zY50/t5udMl5ToV2 b7MS1grueUWFSOKe2kfj2r0VFib3WYNXsm06UvjL5+2sGBtlqCSIFBZbnw+SZw8E UX4FIBx19in8mVfB1C5K =Crfh -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 20, 2015 Share Posted July 20, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ For the stable distribution (jessie), these problems have been fixed in version 10.0.20-0+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 10.0.20-1 or earlier versions. We recommend that you upgrade your mariadb-10.0 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVrIYBAAoJEAVMuPMTQ89EdIAQAJdlVgw+55A0llZY8DhqZg6D R8gNis9vRgbGDRx10fO18q4gprPfK64bh5GoEf7CCI+WOW0E+JyxgJzdPISOKjGz GTcgBZ2dzjv283vkHD5uWFJcdwIpLO0R3pyjqKZWCURm8UpjrF4e9gUG64ZuC1eV GvTkdFwgtj15STidIpDXx9lrHAdTsdnhUb4H2OVfvGlkgqxMipOsVldOYemJsUKE 1AqObB+Rqtkk++tf3xU5TnR6wWLMBKGjFsofVBcbhwGy58IH8o2m9sG0/0IBVmUP aoXzTEZVU2ou32hIhcoVoGMn4FfKxOfE9aU2YTLkAhzkv0AZKFNQnB0owXxOZLBe HV8LhDFPQTSzHqYspkOj1vD9DAifMayrPayBnbkkAcCh2cMp7Eciso6tKhiZyQFU 4Gts0Kh8n3Qh1yOrKhkP9yR0Kp2jJSIJ7TRm1YK0+Z4hFsms4hS6luI1nwwtKVrg rqTsYRvUucVFSi7yrvwnzuh6R875qvgNGhpN4pskJ1T+yafu1QRtloWEoD/ilG97 AYvKmi4JID4tswnxzRMAzIQ69114rBEpfh5mPe92ScfLlmdDch+HotQjv7yPZBAv iY5EUKBLATmPNf0gzbeZQxu4EhjqWEWI/v9E77xRfYPUPugx/Zs+TZJ3t1knaGCK jAGWX7MbCQGk0QrAWeo0 =f+xe -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 22, 2015 Share Posted July 22, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3312-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini July 22, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2015-4634 Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. For the oldstable distribution (wheezy), this problem has been fixed in version 0.8.8a+dfsg-5+deb7u6. For the stable distribution (jessie), this problem has been fixed in version 0.8.8b+dfsg-8+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 0.8.8e+ds1-1. For the unstable distribution (sid), this problem has been fixed in version 0.8.8e+ds1-1. We recommend that you upgrade your cacti packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVr2LGAAoJEK+lG9bN5XPLmCkP/0CZdwQviJrjPhUP6OP/gj/N DY4gKN2BfaXjw0wHqb6tpslJXw8jzXoBgRkOjtsVscnS/bCYlpQyXyi9PmUBNvEN r+s1ChWqneZ36iM7s5ZYaa7F9o2zIRjN26NQIpuY41WAe42RmNNKZkq5byVDjUke wYDJGGn4ufkxxXFEUcmGaKQR9nuFLvkGP8CahQNUo7NAp2O1P2mTm7pLu4/YAFDr MAw+hDWAg5e6sUqnrZgMI1qbJHbRWanTQO4JQunESV7fhoZTXvuLC7bOkJh0aE4F iQIjitw/dz7dKqn4sGb5QBf3USGTA8QzQk0gVbdYw7puc21kB+TYwXe+3Ws4qPPw 282f5hdXfC/P2qlIszwVhqfwgh/II0bsupeBJEUWKlo6fS23P6fupcSXf7GGylhH f0bl2JIkB7TfrpPkNKLcsb/c+g1jr54tcEgZlMU/SvPOBepTvAhH8mmTEyT4bfi3 b7mlsxCGf5eFogFbm3V4/CRQSrEZ+sLK+RpIT6REhJdGPOs+8wSm/6u9SyTMLEMP hjYR9HLWzOVt77EU/WHlqL6//MCiBoWKQCoGGJ/Plxry1DG5b4bj2YNnsXCsMpe6 OCuyr4MHNL1MYFCqgqFI5j496yl0fvqJE48USN5nT/i0uqXg9807um8qc6t7gZG7 9XiDnFFQO3x75b+pLV0J =eVij -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 23, 2015 Share Posted July 23, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-3290 CVE-2015-3291 CVE-2015-4167 CVE-2015-5157 CVE-2015-5364 CVE-2015-5366 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs. A local, unprivileged user could use this flaw for privilege escalation. CVE-2015-3291 Andy Lutomirski discovered that under certain conditions a malicious userspace program can cause the kernel to skip NMIs leading to a denial of service. CVE-2015-4167 Carl Henrik Lunde discovered that the UDF implementation is missing a necessary length check. A local user that can mount devices could use this flaw to crash the system. CVE-2015-5157 Petr Matousek and Andy Lutomirski discovered that an NMI that interrupts userspace and encounters an IRET fault is incorrectly handled. A local, unprivileged user could use this flaw for denial of service or possibly for privilege escalation. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 4.0.8-2 or earlier versions. We recommend that you upgrade your linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVsI3hAAoJEAVMuPMTQ89EqhcP/3/kR3DnbodC4GFblOYwidim LclDavSNCZGxJzLhlqDczTmEma/z0nr2UxSy1Y4E3QlIXzd+3KaYZBBH71Ktnk6L LJ79i3KKHtHogwvSUcjPNJD6++mbh5WS4uFKLepH9zO6ApF8BggThr7PFtl4r8Wn bPxUHYd0fhrfqksvvBSM3JDlDvZx2xTMl0/FG9Ka21zm5AjnU7TVa3VsQiU5Qirv hKTQSq5OyJ6URkfaOnB0ulmTWofCSy/A6QSN9meu8eHsB1qCkKw01DPBIs3LMaiv AzZZ3s/F9ovNI+BiQyWRvsJvqV6uYYHTrTsW/2LXdULsIR5nwohoi6OBHbtyA88L jOPgMMGZ0WwXTDGDgPjzWXInBhJh31j0hZr/yiW+owBhlqKrPoxgUoa3GDNgBvXS Pe/22MjxAne2XjIY0aWGJFokIDB10n4TJuLHYCtgqOUtAr2r5x/3p5nmU325QiqD f/9MMDwRS6AXabh6xFeW38b/NrYDuSm8wbYlFlzFh5plzNrb1pSSnW8QBAcapZuN u0XVrTSHpW0vabokKXs0KLlLhDGWIr0QnGCFt9DMEAISkyn13zLOYr65U8w+AXjB UFeDPcmZul83a4BlW86DxCBQmRPkGl1LeS/xRqYLMBS0OneE3xZx1Nv2FneVxwlr Cu+sM+Z7F1vlYKqRzhxw =4jts -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 24, 2015 Share Posted July 24, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3314-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src Upstream security support for Typo3 4.5.x ended three months ago and the same now applies to the Debian packages as well. Newer versions of Typo3 are no longer packaged in Debian, so the recommended alternative is to migrate to a custom installation of Typo3 6.2.x (the current long term branch). If you cannot migrate for some reason, commercial support for 4.5 is still available. Please see https://typo3.org/news/article/announcing-typo3-45-lts-regular-end-of-life-eol/ for additional information. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVsUpjAAoJEBDCk7bDfE42AXMQAKMNFzMt7GC8So1vnB7iw9HN Om4Rn+HiXfnxRyQJOwjxkw2BgEJR3/XWHvGB85LReqXWhUObZib5jkLEh4O/PNWj WWmzSebOyTYUJeieFb08vvwk6FriXOX4sPoUeycGKaOVtyDPWrRg2BcuRbBDr6JJ UuSEdYliVWfKgN0XG4L14dQy5gsEB/32K7rT11H/TOfyhBBIzn3vb+ar4mKFpcfK Dpt1E6RHQGVsUd0SE6DcIBoGUfPWsIFDe5fwmz7cE+xzZ1Da954cPz7Z4DbV5I/M yxd1wu1zfH6vy+yzpsNV7ro7tejjvJpN+P65FBkDpEbn+LNghXY4Go0UdD4F/0hQ tDZ2u/UxuI5JgzBOxzxlv4qsUneCNZiKQROtfrQH9gt+PR1EUDliwvj3WX97djFq 19gWgx81c+JG0N2mRLpMLNnFXSHwOtmNce9sCTAJ+Ebh3ARzQNxZDrj3cvPcdiqY OI1GV7Z+t+93zMalDp2iHQzcLiJF1gTwH/v61nIAQuB7LTTmQxW1U6AfMJSSxuus 89MZ8kA6cGNV/D1htQ9h1eHQg1BS0iqPJ8H9gSULvlxNC85EBvrPzRUYYM48v14D sxRac7yVe4qgPzF4oqj1yYN4nZH3xuk3ioLxC/IFzkckOKzbq3NjvO6Cz95k72YE A7NyAuYSI6Sw/RscTVy2 =X3ZI -----END PGP SIGNATURE---- Link to comment Share on other sites More sharing options...
securitybreach Posted July 24, 2015 Share Posted July 24, 2015 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 security@debian.org https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation. CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL. CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library. CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library. CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy. CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library. CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library. CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked. CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems. CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 javascript library. CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy. CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263). CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing. In addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention. For the stable distribution (jessie), these problems have been fixed in version 44.0.2403.89-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 44.0.2403.89-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJVsi9LAAoJELjWss0C1vRziN0gALQ34XXl/qN5BlJrTH+8xaUm ZUZYAqSJK+QgFOOVxXiMWDREsLV7OcQ8CgAbq/l+jumfaq2yY6uVo61xT+mlzIY5 aVT6t72NX3fUR9dVxiW31M0qnY3jfNFd0tBD2Q42Zuh7PvDspLYKKsytrcyz5oYJ GFbxrW2C7/8bUmhd+muzfYCQ5VHohNMaV+QgeEPy/XUrgFgjWJlEVDSFIS9UnGsZ y+bI4ssZjC3/+SeqkyIxBzeqUK7zbt3cDqpyEtEjI1e6KijkJRbazWh2Lc9qkWON VOzU0o0Sb/ftdCV0Rbkfakk2cj2F3WAoZh7nFzCMAdqRVzczfUZFzyOH4Ups30CZ qjHy2K+cqtmDg2egsuDKI7M7k8uWlSWo2J6hyLY1UKHei5QwP3nLkC6BQUaTXxCW gt1IlVF77eoBOXTnVOXj59OQdh1KKXsZ9IkQVi3c3JunKHeOgYRPey8jNEjTp0IV 7YNew1a8RnsIpf8GwTqCM8YaVUcxxQE7sv1ya7k2C0QTGQpqUlyT8FV/P1ZembDJ 6fpqn/IQWv98ztj3yuuJA6SwI5uDpE69u3JUuGCweGL8iMN+DU9cyWcxfIvvAewK CAEehgKVA1HKfBZoCmS1lky4QCJZrgHyxSe1c3CW0pDy/IfOvV54Xzr3Qn9Whx19 kq/tOP3UcrfGjyy2oRPTdKFEC9qUufrRoZw39d1yvVxsqtEzZp9ri6mND4WPuZYf i5mVplBPJsvXOC5RXJ/pnSu8IrsbC5Qz9CxSlWLcDx+DjktUuMza6lawJyKh3QUK GUOXMG4bC5CilN+r2Fm41ZHW9ZUMHLcqnE/jBkvNUMw+Z+0i6noQkgG6t1CeIki5 OeuEMuES3UU5joyRL24b4ejiUJxeIb9sik0WSrR4qelBeOLXFKyKNvpm243Nq/W5 BMoFvQkmiF37IZ9naVmPUTwPmicTeD35wEs9XerMSvvAoKUfJtXMWglN0aP2hxK5 2Dhr5ZAQ0jJTxIx/l6dV23hJNql0hCurFPF9tQxYZHDpl3WUS3YLs9Bj9mGz0AjH HAyuJrQWVMCT2gao//1I7T3O5JkrVTVXNVcY+1gg+HTE0iOxe20Uhiat0pd+TCW9 ops3rpYOjSDy2bpipdkxSblb5QNWN1SRmSywGuESESIPLKdmooeD3nyMBGA7bWVa FJukfJcBaDnGFfgMfQmEfckawvcGhErNQtXReqGQ3AYUn+/mYiV8gvVatn8x8dy9 qpRHWM1VwVD5DsgxkeUTRyimOi374RrkCPx1olMwCkbNQiQJ9VTSK5Ji7HoOZz9P FazeCSZ1csx1HTx47ch+DvRfsJMnSDwbBst2aRAmRaInUu7qSb/VJwXtjdI6HRo= =0awE -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 25, 2015 Share Posted July 25, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3316-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2014-8873 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. For the oldstable distribution (wheezy), these problems have been fixed in version 7u79-2.5.6-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 7u79-2.5.6-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7u79-2.5.6-1. We recommend that you upgrade your openjdk-7 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVs2DrAAoJEBDCk7bDfE42DG8QAJXbD/hks9A+ytcoVAQe0Aq0 2xoZwEuSn8QyKiC8uP49jMWreR7SQ8eRpoNZzQ13iZjQE0aRGPMEOd0rA20EEXk8 BPzuvpctAmSbfchFLd+1pAAuXX/a2VC3aw+zIFvRnH2GQPFpZjWm7KczxXrsLyGK jpowbTtSYJBcZCg6Cs1S1A3bFg/BKFxaJzrDqndYFPXQwW8tDQlT9I/Sx8tpigDH cqW0sbjmHvxJAr61pxcUIrd2WJ2PhjMsRXlucC57DwzjLULZ11WrATLgVLkQUhea shMXEp77uCRJJyf/TPJJVvMDqBdfUQY5LwllW+liAQylHCq0YW4XACvkUVDRdwS5 FHjtu90Sd7AOOF8LhwzQ6bSWZPXrtYpQYykAFSdqBCU+8wOlz1fFNq7Ne74B/n5f vjqeYWMuf3/Fg/tNNlrx4jJlZzIwnERuAbbT+R9EytcInTTJhsdUYdCWRQi1JXtD pkjDtKx6gauIxaR9J1z6vE3EBAebhQwZrkieXHtJyrt2Ywls+b7fsf0QvM/qXN26 7LabsuQHCphsE/xf9tv0xPoQK9Q0GfLWDC/l/S+0mzIru3o0eSn5/63xY1a/vuQt q4mF4AZnlvNeUG8liYzbfSEmQNQ+cCNZF2CRkBzU95pjTASKQIm+hCbno2Zk9ky9 solb6saRbLOtnTNRQYnL =aOkr -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 25, 2015 Share Posted July 25, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3317-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lxc CVE ID : CVE-2015-1331 CVE-2015-1334 Debian Bug : 793298 Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. CVE-2015-1334 Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A malicious container could create a fake proc filesystem and use this flaw to run programs inside the container that are not confined by AppArmor or SELinux. For the stable distribution (jessie), these problems have been fixed in version 1:1.0.6-6+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1:1.0.7-4. For the unstable distribution (sid), these problems have been fixed in version 1:1.0.7-4. We recommend that you upgrade your lxc packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVs6LAAAoJEAVMuPMTQ89EP8kP/iJUCwyKpqnqhKjfBhvHSVKX 4QsAubBAVLwmqLnT5DT1BghXHpeQFdQsl6CTfDas2H6SbwV5pJeZFWyItLVA1shf 6ocFssYQtKjM8q85zEYIPc1xiwuQpHsS270xh/hR75XSTYbBjpZ+wbCKrZGjqhQU QOBME9CIEeyhGfToaGxh4f1FDcxT/YStq49ISgqrJ+4qFeJiCMvBkOIHeXTwKkxs sKgXx7fJ90PVqSRDWCFggLQENpkTmftS4IAGF22VCRP8dO1Bnwz0TZVl5TzXe+22 r+L3BWie1W6jclMXTzphu5DyYOwo2mSylUmEhOkG7E8JIO3wc0AdK6hXqE/lNSGe eUx2DRVw3R4yFOKs+LDLAgntuBbMqRAR+lEeifNrr9i8RzxHnf27fm3qGDdKIohd mTt18f6L/hYdN372D4IpF/unA1uPMYmtnz9VCTK6Y5ppooOaxCkh3mPUe3vVZapa X/Gahw67/1z7TI8b0wt0Hx/fxdkoTmubMU28o/qeWWu5aheA7MU69+EqpXiU2xxl xpNy/7oCpdFswowcSpQ8DdzQBO8alLnu6j7s3d5vn87f7QIyZ2PIB61PEB61JBpC ssi7CQzdV9OrnUb+mAZ48V3YfT73duO2C8NI3fi3cVdWjFWyvC/QKHbKOOUYutiV pMFQTIT+IdFpU/c0fowx =mtWe -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 26, 2015 Share Posted July 26, 2015 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3318-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) July 26, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2015-1283 Debian Bug : 793484 Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed. For the oldstable distribution (wheezy), this problem has been fixed in version 2.1.0-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-6+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.1.0-7. We recommend that you upgrade your expat packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVtR53AAoJEBDCk7bDfE429xUP/iYH65ZkPj1OsUWAmTeTGboo QvUDZMA+TvtS4Wnnxx07ln30JwiaEqPBVUjwkHqSeJ+WpzXT961E+gLCnAN6QOdw Bilxx8HSytsQN2Gov7h0wSOxqQ9sbZRh3Cb6939WU7pp+XjwvPqXf2HxJN2uEz9S /tWQYOVn9yAkyaDC+LUVInmRnrF5OW4IY5mGOolOobfF/RdSRICHEdkKry8buTUQ mxtMuALwM2Yo1iEyTro2GLJWiCzqmzhMN+JbJ9DWv4+gbExMe1gXB3hSlfw8OIDb Em2rgEuwzUg3JZlEo7HIUO/IaL4ao5d/9Z7DyO9RLd385QZsF3iBfcp15U+6qJ3t f9Ftrl4N+fgmJt1DryYTZmX2Yg3+anCF25GMt+rHo4xWateKriG88eBNcoxnbjM5 Laitgvnih09b9FibnnnIihB6mOuYNdfvRtHncxdTaA9HiWGwlzeDXMX1pQVsDOxE k6hcrrE5p6ixzQLJI6FvPDVkRU5UdlAeFXOiKFfKp7ztx6KxgiAMceVH2zEfdl5x 7Vovd07/BJ0PFKWe1lUDJpvijb0X2RoZA5NsQWUN3QBONQPfpHjSl0sC8tiHhm2y ecwbdHMdOqpNlTZr4rZgfqD/M2sXqp8sK7Z3kjz59qTJ/hoE4Gj6eb8xx5MjsEti hqrriI8A4uSmvWjQl4XH =TfCY -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 30, 2015 Share Posted July 30, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3320-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond July 30, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openafs CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3284 CVE-2015-3285 CVE-2015-3287 It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic. For the oldstable distribution (wheezy), these problems have been fixed in version 1.6.1-3+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 1.6.9-2+deb8u3. We recommend that you upgrade your openafs packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCgAGBQJVug6sAAoJEBC+iYPz1Z1kz+kIAKTX5q9GSKOuTljGXoBREZo4 SXFNsKGUPFvSEzvcYEbQ0wYaS0DMv/LJYvwyac+KgoMKJPLSiAG1RybkjeIloE/4 wbXrlCS/r7F9M/qFYOaOlr076BNPxERS3YBhwNI5bNNfqimVrJiRF1TUY+og0qul cqED9sAazr4xE+vDo2tF0s0JRPiV1FnI9SMdXnoLgpXOLb3UrpJuhUSUI7gJ1PNr pqp0TenHQscrK6AyWIQYQUlxOl+gJhxpIOpJp+Z6UQlAy+Jz85FIya3BgTDYxB90 IlgZ3NG2UTUWH0Fg384vsR41mElEM+Wn987OiVPGdrffKNMg/URUfuU6V9X0TU4= =EAi5 -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 30, 2015 Share Posted July 30, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3321-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini July 30, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xmltooling CVE ID : CVE-2015-0851 Debian Bug : 793855 The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.2-5+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your xmltooling packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVuoLsAAoJEK+lG9bN5XPLpgUP/07/YpmqvpItmNLfLvnE5yRD lLBc5TgD1oOOcV9SWk8fMdwU+YQ/uWOaBOYWXLwmTgriSXZgLSTUVn3BhWp9o7AQ /7E0wCBGrRErx/cQ1FOrRXAaZhXPgimaL9+7RPs+wkruIUyjhzHcj+TR13CkdHIE GI6Ah1NwuMWmqADXZd+XM3nV7Lieg9JBoXxsn0ZSY/7/BwwZh/HSME81+JmEvmTW OL+knet01hwVH39XI7fGgnpfRqxqTNf1gqmAu4Q0lbHcVClLDYtZlPpUQ55/evks rNyFaN5QmzMhZiiAcy6yakVKKFx/fdrAKog9xtfTUicBmkxFREQfy+CjhY7GmY4o o1S4DcV52z5YC3emSHUyQxqlwrKUzJznfVzjCLb289kS7JaySuYRuPM64y33Wyom nqXFZfjzgPIjskBqdxrctabDIcTHy0Mk+97yyMC8R8Wkw/00pzhcu6AIhGczSkCO cyOGOvdaDKFSj0RDqgJWuFtuKiJVSaClMJZTYNJATlKXeHtVHFptSo5POQAFXOEt BBeMRlw+gYhykNIjZTewHhiv/R27bjGaoV1lIcc3MMo6vhbOGmp6rjnMfTUYLO85 eDiiGn406vBB/4C5vvfSBBLpdnm6cSLQHHfLXGpU7wdIh2O1YAIo24Qp6Y9Njo5p p0yQgYhONZ0+MuBclNES =Jzdd -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted July 31, 2015 Share Posted July 31, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3322-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 31, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-rack CVE ID : CVE-2015-3225 Debian Bug : 789311 Tomek Rabczak from the NCC Group discovered a flaw in the normalize_params() method in Rack, a modular Ruby webserver interface. A remote attacker can use this flaw via specially crafted requests to cause a `SystemStackError` and potentially cause a denial of service condition for the service. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.1-2.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.5.2-3+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.5.2-4. We recommend that you upgrade your ruby-rack packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVu9FfAAoJEAVMuPMTQ89EtasP/isRvloSrZg5M+yn5jwzXm9P s+EssK1s26BQIzEBoxqEsUBVdjVH7Jrf0BHfAiTZoqjOB8SGqun/CV8B0tQGe911 MGumBe1I6458y1a1EbydHfnFoWouUveMd8AyO9HBXpvUXyRLowUQ0FvwxVKh10z1 +63+ckR1BvuZj7HlipTSeyFTd59QgGX+Z84kIdJuy4da+0OWrG2EWwXS6cAFCyVA mBogkE/4/XydrYt1ia3MuGdsrfiAKCEVq+WOQxpURtqLREY0UFNs+8OUuigu5RS+ gxLFE1kZpGa0f9fn+1mf19h1VBGbaRMqR1/kFrBHWWXQbCtmdHU62IbluLrD7wNg tw16+9WZ4N+izNOWwT+F+ZvvEI2bg/pC6NmLzYwTqnK4WePrMsCQYncFKqxNq4MQ W4C2gr/aKYNkExMx9uVJm51T8ObFmtHdCeli48b8fnB987krT4lXDstWEJBMr1wg oE3UbxgeHyYmO3g+V+TceNLg47mKhgU/+8a28zHNCHBWVhKi+CyKIqWJ+GC6f1/F 6etfMsnD8jN6GOS7Xh5TlHpZ6BoGuLQNsvpeQceST4DtFn5Ap8XxXi25aIvpIqot Q/XBdetalH92qTMlRixNsK23w/MCDu9wC3nwMqqsoX4tmEUjuMTbRCpW4j7AZgZ1 YqOyA+8ehwEsiv2VR6F0 =jxhT -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 7, 2015 Share Posted August 7, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3329-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-1333 CVE-2015-3212 CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5706 CVE-2015-5707 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user can exploit this flaw to cause a denial of service due to memory exhaustion. CVE-2015-3212 Ji Jianwen of Red Hat Engineering discovered a flaw in the handling of the SCTPs automatic handling of dynamic multi-homed connections. A local attacker could use this flaw to cause a crash or potentially for privilege escalation. CVE-2015-4692 A NULL pointer dereference flaw was found in the kvm_apic_has_events function in the KVM subsystem. A unprivileged local user could exploit this flaw to crash the system kernel resulting in denial of service. CVE-2015-4700 Daniel Borkmann discovered a flaw in the Linux kernel implementation of the Berkeley Packet Filter which can be used by a local user to crash the system. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. CVE-2015-5706 An user triggerable use-after-free vulnerability in path lookup in the Linux kernel could potentially lead to privilege escalation. CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u3. CVE-2015-1333, CVE-2015-4692 and CVE-2015-5706 do not affect the wheezy distribution. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u3, except CVE-2015-5364 and CVE-2015-5366 which were fixed already in DSA-3313-1. For the unstable distribution (sid), these problems have been fixed in version 4.1.3-1 or earlier versions. We recommend that you upgrade your linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVxFhxAAoJEAVMuPMTQ89Ew5wQAJtibxM4B5zSP8svVyhcDOWy bmBlyxP5ibxgtq+mh5jPO8R9W18LnZE7Bz6z0lGkOfwcmWbfsIPBLES3mHhwskZq HK9r+h4rh82Ydn7OC3pKISayxCyWcHQ/9lCPQ5qsv3/ZZn9/G0hq+zYDubT6M7c9 QdppP0dg8+pF+8ZhWjy1Jpl3EY5IwdNojx6oXD4VyK7c8gZlpX2FGdaQ9Sc6v8Cm 0Nj5UJFSosrJqa8HEuV6XwrWmj27onIqjGsVuU9F8L2282uOZdA8fEe8u7mheeH1 n0cziRhkGVdmkdCHWrkZOHq3FrldRpMMUP7c4nLilmXECaJRiHmeXYJzYQTdebIB 9MkLT3qQI07c1LDTtugAiRMuuMOt9Y7P5o5adAtTfyKcfpy6pp7E8zhmKBAHFx90 hnjYIg/kM6Fd+Xmm18d1mQIVA8rRtI6sYfnpUPrsfhtLZibcHgyKTq9FiLBjZ70R TLq8jFGs9mWEh+0C0z4/C8sOMrE9uDujy6kOaBzxfNRvlaXjr9DuusOwCjl+Ygqy 8ylhgJ70+31FQst8xsnkOBOUYdZ3yWJ2winjRLiMLmII/haWGGNdhZeVdwNMUAHY 0OdVcqUBxsHpXr6tHU9s1fMzhPHzD92ApaCOupTbxroRGgm6wxnXUPZAPYkMFNQa 4ouuRAK0QohqIRquuebC =Ra/9 -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 8, 2015 Share Posted August 8, 2015 ----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3321-2 security@debian.org https://www.debian.org/security/ Alessandro Ghedini August 08, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : opensaml2 CVE ID : CVE-2015-0851 Debian Bug : 794851 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-1 update. For reference the original advisory text follows. The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data. For the oldstable distribution (wheezy), this problem has been fixed in version 2.4.3-4+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.5.3-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version $stretch_VERSION. For the unstable distribution (sid), this problem has been fixed in version $UNSTABLE_VERSION. We recommend that you upgrade your opensaml2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVxddYAAoJEK+lG9bN5XPLgl0P/jqYjaW7MRUFbyNzPgUqqOz5 OzA2dUrr4HpkoGl99EwROHdqhbRPZEmONxfwW3FSe1VpWar6gT2xkr7ovBuxFa6k fX38CSeWIO4olpHDhPBKWcEMYlRptOzWXsEz5e3VPVOyUSxUhYPC/MY7WiLdenwZ F7wmpOVhuGpy2DXneUHo2XT+pOmUaj8i2Lioc1qZVBMFpMqg2OkPCuxj0KbdGfNi q0AyUJ6otqFSB2GeTIyVGXn9DBDel6XL4B97lWAN8MqFKM1x4wDYO17OMhXLiQ85 srjJcM9bq79zWmyYPC72/E3+iHODkR4e31YySFkXnGONgQ0zzg+4D2SGJHgwJpJk jfPPXGdEeMwguo0jMQRxFeCMmoybjB8lKtIeKcq3ZVW4wIrKy1Qg6vnOlzfIsGfx 1i6FIb/dh17Yh+jvFFaYfM7Qv9tDuvTm3qAk+hyhktX6V3ddMZlWjAmsbToZZF5U HUGDmKx7/3gnaCvPJZz5aGdlJ3jtKY1DW1yj91J0LGqOH+LrlrBg5J2bPVyB+Hq/ bSU4s4k4OSmo3cSoWrCEX4dpyfvjJrN15w77Li9gWA7HXI5Vty0Ser1+nJy4c0Nj lcTcSAdqnzAwuwAlhbBrC/whNchJ5tU3huwbyDIzgaNlAGCVs2f4drrjC9XoCkKL 897k2igFbSLklsZSC/jY =rakm -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 10, 2015 Share Posted August 10, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 security@debian.org https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2015-3184 CVE-2015-3187 Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue does not affect the oldstable distribution (wheezy) because it only contains Apache httpd 2.2. CVE-2015-3187 Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path. For the oldstable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u10. For the stable distribution (jessie), these problems have been fixed in version 1.8.10-6+deb8u1. For the testing distribution (stretch), these problems will be fixed in version 1.9.0-1. For the unstable distribution (sid), these problems have been fixed in version 1.9.0-1. We recommend that you upgrade your subversion packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVcjqIsaHXzVBzv3gAQgK6g/9EWrcngyRZb/uqdTQ0RgeNBnCrf4Dhb3I pB0av6tArV7lYuAO3+cIj4/Q1tRrM/qNKZQyt2lSe+O3xptcxIFtVTc6ocPBk8Qg oSoSDPwrBJ7VDWsV+fto+u8lCEK7/Lxwx3QeaPgs3nJmRK0snx5lwSXRSEfBoOiq Z1GGXvKDm2+UjwTJTuVOt2xMLnss+TgoODheCaX7+rhP8Ot+Do3oB2PR9JJAHy28 VeJ4HxhB8Z8+rGVvauJK6XUAd5D+EczLoO9HHy6C/w6wSpZo4vZOsiVgqFzmv0gY ij8vaqGbsuvIZXudHxiDxE0AuJLBqs0K9FdfjL/5FOA9AdMpGh0IP/+lUowloqnJ Fz1bQPeKohik1kNzcPYlzmp5/czkdTNmTRYvzfRbVZJc7TNcyhfzsCAhAudcI9fU aUfgZTIFH33En5qIpC/YixC2WQ4rRx862etFICERQWp+cuByQZ4ZT8k9w1kV9oNA vjrjx10LAiaa7ZPYc9yHz8dsZ9Gviu1vzUzVjf8fIUTkUP+aev7dScXv45otpFcz /tR8bN4FFcJasFN77J6Yv51IshycVgx7V7TWDJzXZTI61LU4oKMVAX/l43+T1fWE 84KpkQVrrXdtsU01KvyMnrb+4XhKnbOxk3a5/GocQ63xeZQ+QEnvrsbryV7ojwss 4FnzRKNizm8= =4NJm -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 11, 2015 Share Posted August 11, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3332-1 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst August 11, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734 Debian Bug : 794548 794560 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. This is the corrected version of the patch that needed to be reverted in DSA 3328-2. CVE-2015-4730 A potential timing side-channel attack in widgets. CVE-2015-5731 An attacker could lock a post that was being edited. CVE-2015-5732 Cross site scripting in a widget title allows an attacker to steal sensitive information. CVE-2015-5734 Fix some broken links in the legacy theme preview. The issues were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u4. For the unstable distribution (sid), these problems have been fixed in version 4.2.4+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVylLuAAoJEFb2GnlAHawEYZcH+wYhmzviQqvT3UyFGW6YVg7R Xw0usIm12p1/bOPO+ReBycnfhjebD6/xyJpKGtPFzKTvH7C7aUStRuL12OCOOgsJ W6mP1N5mWH4+As9gTurLAyOogGvnyAzksjLboekAJ33bkEMdCSsmC/jSi44x677w Pw10qmvA/rocKvsn1KCBCJKYr9rcrZ0S80rpE88309xxKOG+xL+5PvXQEs0FhzLk uhcZXro2IMQ07/tiQVzcJTyZvYUjQ+UDPoUiDdtsfHz/d7HbO5iP3qkIa0y0cBSc OdeleqZ7cV8QuMZSEHwkNYXZGmndJb3m+ooCf96kGcTZq5BqsUrXjXbzTFy9xlM= =i7sr -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 12, 2015 Share Posted August 12, 2015 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3333-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-4473 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4492 CVE-2015-4493 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service. Debian follows the extended support releases (ESR) of Firefox. Support for the 31.x series has ended, so starting with this update we're now following the 38.x releases. For the oldstable distribution (wheezy), these problems have been fixed in version 38.2.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.2.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.2.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVyx6lAAoJEBDCk7bDfE42gyIP/2KJIusPESkAk6LONEz5aXZz Q4zyIIwlxux2g44iXRXZ/wStUW+0Q5B++S5DyXoczGYLfSoQ7Vsx7y2EEWxN/8kU IR4/ZCeLbTvkeT97DgOQxpcRAnElz87NIanjcPg8syrXRIlAVeDe8mfRVNTCUCff NBD2OOarA8kDvMqZE9J4/t3VmZwJx++O1DJfjOD9UEfda8Vm0or0+/xNVm79TV9m fZfIsSnbUlTZvizrMIQ/cx6FQYWB8UrO5MLCEADFiyLrBh/kWyInMCkBoL2Cj2l9 x7ePsHTdVFNmoLXVtnjwwRwhfysOpQ3mpbw79Xcmd5ODgpeuywiWFhx/HgKKwBGY BuWbZrmxj0k+DVN931eSiT0cYl2fsENK+x7Y+JZw4jCQupNBmfBjh+NnAbr2pIkG wcuxPKJ51H0UVcmrRs7oxvyaVRNBFM+jk99WuQ5+2CQqvf+6kOMG/KGssX2+4Kpy utt/lTkRpF82KwjdhVixncwgmZurLOVE+iBtBVTUwXdcfQXWWW5tPebD5/29KQ4G 3ZmF/jI3meVST6SX3hE0bt/2PYjkvFuXIvVgT+yXdkOr6XVWELivjiP0v/XmsNun bSaXu3N9ZQiTKzT7JZ/WR8FHmbZr/4tn7nE+1NBuMhYqAPz2/7VSX3elKJoIGdnS MSVHgssiBkMRn7KhXePD =v2Mz -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 12, 2015 Share Posted August 12, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3334-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls28 CVE ID : not yet available Debian Bug : 795068 Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service. For the stable distribution (jessie), this problem has been fixed in version 3.3.8-6+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 3.3.17-1. We recommend that you upgrade your gnutls28 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVy101AAoJEAVMuPMTQ89EfH4P/iSOwPmzlrfUTCdHJigU3YCs yhabtdQ8NMihsrDWr6TftoK8WrY2vSOb3wKY/mTxqCd0B95nObilsTnSMknJYkuw tADoaNgaStgIR7dv7WxAt9+2h4DvagPRwRLT3Dswxuf/z3Q8TS2FAe1zK9XYbSm/ swFTIYyLSw2YRGm8LqwD2AN634byvwDpTXqe5RGPIJjVQTx3MfF5wpCeU1zlH3LZ BO9DrGFg8ffGWQ/TYateHmnICjuiW0fTWZeuzgjTgAfEI8gG1YVpcknTQxEU6UBa 6XSb8Tz3OseCb1bf4zzP0T4rQH81tdIA2ttFRNHOWFS3Skn42QQD2nWIAWObpZ7n H/rWdOgZRDoe4M8MsBStDcwn4OHG/whRuF862Cj2sYo9kinc7kKVDmdjNQ/c/lB6 Cq7gR0Kih9epND6t7M9P38Ibq+dG3c2M72IqQIEL8jqw4XEfDKyK0vI7kJM812yd 9FUaQUPoGKscPMX25Q76ClE8Q8U1aJXmtSzBqY2np3ml0QSyRlNJ2NNLZ0+Z9xmI xeked1VIvQnkE5GFauXx6HOxPqMz3BQ+Qdevf0SNWysUcvc4vMgjn1Mo3z6ukUjY hcpc7DDi9HsEYQjrCKQpQdX9k4kawOXJI8KmECRKEujk7oFTsM3WAiHoEGYnDwxs FDDj1OJMUvgD49ihbaoO =j1MK -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 13, 2015 Share Posted August 13, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3335-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker4 CVE ID : CVE-2015-5475 It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages (CVE-2015-5475) and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject Javascript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability. For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.7-5+deb7u4. The oldstable distribution (wheezy) is only affected by CVE-2015-5475. For the stable distribution (jessie), these problems have been fixed in version 4.2.8-3+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 4.2.11-2. We recommend that you upgrade your request-tracker4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVzJhOAAoJEAVMuPMTQ89Exc8P/3jiiaHi58Qd7XKfXtrhiZ9F C151U/8ohyNmh1bPt2VaxJbKI+7/ILYqDzbuYNhrtDg8zgCcBN3O/kjpuJ7lEJo4 569osYurswsZTknZ3JND0BRazmkHUX4T4NFTMOB2DvsV/cpBy7tMvq4ZzHrMoned If+NfyuU8FEJKpielUixulzNzowXGOEwsPp9RTEitRhzWnh5GjM92e+9fyFa4d94 Iy9yIMZkKhB3uxJWX52dxA8sqVzn6Q4Pz7IWbKrgccrEb3p7VYoJ72ehWI5sNR/J FhRJhd09tn/kbl+c4BMG4awNZFLlRbGUsK6Dy0OWz5jdiUx4BF/7hyyJ6k3M/ZIT wktinMGRPXcteOXt5VFPhCBkGSqnEUwejTUwwFpTcimQ9RPyMjvaYrmOiqVpRIMB JaDhPVF9vXGvf6TwbLDio8TE1tdDvDupsf54jHYnJm6Xg/FuBJSn6Gu7A0FhWEsS Viq5ROODuMbmyPdU3KVK9wEh3XLFyWr4HUvKFCInIA2fvc8X+i7Ysopfwm2AmgUl LN0IYHsvoSTuvtAAUYzY9HaGXdJbRGZMNIje4jv66JqNNrWHr1aWgWXLQhjMZzF8 MNaRffl33jZQAA4Y2X1w0vou44PNxZjNhPp9MjnOkLpgy2CgiftO3jh2wv+kFWFu VEgGCo6aTDpXbU/3nUL0 =Aes9 -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 17, 2015 Share Posted August 17, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3336-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2015-2721 CVE-2015-2730 Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine. A man-in-the-middle attacker could exploit this flaw to skip the ServerKeyExchange message and remove the forward-secrecy property. CVE-2015-2730 Watson Ladd discovered that NSS does not properly perform Elliptical Curve Cryptography (ECC) multiplication, allowing a remote attacker to potentially spoof ECDSA signatures. For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.14.5-1+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 2:3.17.2-1.1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2:3.19.1-1. For the unstable distribution (sid), these problems have been fixed in version 2:3.19.1-1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV0jEdAAoJEAVMuPMTQ89EbcoP/2lAa4LK7T2Bn199scnMF+qB wUu3xnqCarNP2p9zGxmk5Hc4Gqdwh7uYMfxSYwFL71tSME78Hk3latLAlPm9Jjme CkKulWaYBZmZtincdkXUcnhXWUeVj43CALUsZQ02zpXBQcLW4Brl8AvoDqFFx9ZH aDBe4ETeQKKbm22RaLOvHY7jfLbKhB6h4xbgQ6qo7TOvth8TQTjsQNhaOfs7jkfv yvBRp721cDbSfJIZexEOok9i7GU3W7UkLQEIAK+wdArlssR6qmZwWBPSF660Q27C hPRC5N1grEgzPHCoB87C0sxJXC3qF1ti8P7TDyB2b4DdWO04GPb5xrOL73vZYzqH /UH5YQpMX9dnmZogyZBjmCSFXqAgypdgUNwg1UHCMHhGCw/Qxb6T02ok0YIHvBeH EIdyid4jAovvDQViSTpWhkTRjzGxPQcwckUzvi6iJ9ylT5cqEZKA9+3K8i64oJgZ j/wGj5X06+DSG8gYzHZyjGFJ1d4yldDHOxmSVfA0ynoSiW9MPbVT+PYMbwNGDHmP QNMZInUTxrO3haI84cA4AJYrLSJYNKL95Ps2WZJXR9pVm4WW8ceOAKSt8+06jeYL 5JlfSQcMugBmLDErnf0NfeBSDOvpS2XvWLpZeLFWvBsWz52armPLMYQ+x501wA5X CgaRR9tJehVdcDG2c07j =/Chx -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 18, 2015 Share Posted August 18, 2015 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3325-2 security@debian.org https://www.debian.org/security/ Stefan Fritsch August 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2015-3183 CVE-2015-3185 Debian Bug : 794383 The security update from DSA-3325-1 caused a regression for the oldstable distribution (wheezy). In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem. For reference, the text of the original advisory follows: Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. CVE-2015-3185 A design error in the "ap_some_auth_required" function renders the API unusuable in apache2 2.4.x. This could lead to modules using this API to allow access when they should otherwise not do so. The fix backports the new "ap_some_authn_required" API from 2.4.16. This issue does not affect the oldstable distribution (wheezy). In addition, the updated package for the oldstable distribution (wheezy) removes a limitation of the Diffie-Hellman (DH) parameters to 1024 bits. This limitation may potentially allow an attacker with very large computing resources, like a nation-state, to break DH key exchange by precomputation. The updated apache2 package also allows to configure custom DH parameters. More information is contained in the changelog.Debian.gz file. These improvements were already present in the stable, testing, and unstable distributions. For the oldstable distribution (wheezy), this problem has been fixed in version 2.2.22-13+deb7u6. The other distributions were not affected by the regression. We recommend that you upgrade your apache2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVdMXkMaHXzVBzv3gAQiHqw/8C0D7A3IyzFUpdCqkT9CWmRGxajuszUhI DaV5xI8oWQrQuDYRTHVh5e4jJfPoutSt3sGqwSwny+e2elefhrwlX53R0ysK1hDk JBklHjHFNOlJC+dekb5PHrbM+70Srvv0uKeP2Hx6L91L8Z3uvMLYxy4DXUlmpegz 08cl7tvx+oc4RunEejC2YhVs+zhm4pIwVajedpRn89uNKW1u5ZsoMNxGu+RyTmC1 C9+dO2p8xyKnrZrHrMyjuYCliURmskQwo+V44Q6WSvWfuSlazV9rVo8dG9CPDdTG p+tJdb5uRh3fAaiBL4YYsR2cUzNje6Teu3KWYB+lRPpuEMibERFYCqKTXu3JoBmb CEuui+mRq347cZoTQvH+fW+6dzC7vNpGaXacXdNB+WfR1C6LAFljYU9gYgHjNt1I TDLB9u8CYKNxR7rubQZ7lSzli1vvMQvC9hGPHU6YLQbVrMzCb5S+9lSB1QUYCUXJ 9RJBwys73O7TurMGF7UWndOwfk3lugiavyS1+N50M8ESSZSiMOfUhjCMFOoTVz/5 /B7700omPBLpKjrf+UFjYQmx/WR1STVG7egaCk81xNy4Ezx0cDzhsaNjo1B6WT0p R30zw+UrSKe+T6gyajslo10uKHWEh8AamJW1tqFhWEOOmk6fT8zMteWCxLYZ4b4X m/4aYl1nORs= =fY9Q -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 18, 2015 Share Posted August 18, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3337-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gdk-pixbuf CVE ID : CVE-2015-4491 Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened. For the oldstable distribution (wheezy), this problem has been fixed in version 2.26.1-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.31.1-2+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 2.31.5-1. For the unstable distribution (sid), this problem has been fixed in version 2.31.5-1. We recommend that you upgrade your gdk-pixbuf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV0zTdAAoJEBDCk7bDfE42zp8P/iflDoo1XfYo29Bgq7YDYs17 6WV9IO84Dl1WRt5YyL2EFDiUxO7p6PX5nGX0IWqM/3+uJwzyE9qwmgYj6up0MJhP zSiljadEHble9DLgR0C/sHWwN9HR1yMw4tjuK/2RByXdTwhvNnIOLTfTJp8S1HJq envBhDoX79jodw7ZlQCtSvG+SSK4JLz7uoLII0yUgriBdy05UmkLgwHnViYRHKGc TAcZZqrcMMvdPyE72f+syBFMiB+6LZNmk+V8zjAbAd5EYnWc/eq/5NpJG0B4hv/4 wb26biO2Nc38adjYZfXSmq8z2wDhQrkra+4zVhQ5eCvqG/geXQ1gNS9RR3xFwPsN R55e82eAX/Rg1mLHWNhzS6Ues5rfWUtUgHHz0AdHzvF+kGCyqA4WoPnPTBEtphnF nKOSJQhfx7pwXaFURj3hvrfG7b1ATM/lFLL7MNe6bhHH9Bm+birGGvw5JexgJPD5 r2aGIvq/UYjTMs1pFQ9BnMJ2UCMnMEj3mRagyXwqTY6E/pY6V1aFfqoRonpVr0Cf 1tH16pJcBWHR+j70sI6s2BN0WT3UONDBWcsJ8daXGtPc+p/cQAoDioKcCQWSQwNg 6R4iIMMqVMtwghdwisTQa4uiwwCXH8NbdA49tRyIlXvlO0/suBFqY+k3RMxdpAex 2OQ/e2/gaPiquitk7246 =Ezva -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 18, 2015 Share Posted August 18, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3338-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini August 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2015-5963 CVE-2015-5964 Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted. Additionally the contrib.sessions.backends.base.SessionBase.flush() and cache_db.SessionStore.flush() methods have been modified to avoid creating a new empty session as well. For the oldstable distribution (wheezy), these problems have been fixed in version 1.4.5-1+deb7u13. For the stable distribution (jessie), these problems have been fixed in version 1.7.7-1+deb8u2. For the unstable distribution (sid), these problems will be fixed shortly. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV03kkAAoJEK+lG9bN5XPLIJwP/3Pam6jrmKxI2zUJc8WJax6G NMH/7y26b1+XeaKnNIGs5RduicuRXenAnD8dnCOWceYkw0iFrqABxo4rJM/TX8z2 u+B/XkFTZcm+EhXCKgKKA3UkeNL5i4RhuwUk4AaIX2cztuDRZLuEp6X2pc8ZUoM+ 1XVRGdt1D6qQwgSqFCBepHNA0cD1kZXSNZsoOOIgUl09u5T0aBKZ2Nfqy0KStOlE fiDab7oxw5M8HwwKPpgGEMwx6MrDsHbT3mhQxYln/WjwDXmfHn5EGBWGoru2RIKH as1AMPMVJ+NSbxJfjeRCtuq+gfaBxkxT+0tPPF6+4AxUr7aYwEH0R99NPXPV2q14 FOfv1y8axaxnQS8YqyIxW8Gd7satHv7afQGnDSosu+98+rVE++GM7lJgouM95XhA uo3PYSUcWC/Jj6QwF7Tw9hdl7MQnRQSQJLuoe2HOjyaYpFh8lFy7nJkp7uzzaw5f jwbwOXOhUITa0omwjBVQAmTXh+QrrXc+LOm8POpE4Ox7BtyW27QjB0aPmrWCe4vJ /DhBcMcf5EqiktcJmMOwlXKP45j+37DWdwxBsj6VTVfOa7xKUGvfnKkPBkbf18YL 2LdlgZ/5/C8QjZYsB6THfwCH/m+iOpXGMIK1dhkOkzEMEW1CdVgTw5MLAWK8K3Q+ uiHd2ChEyhJajj/3L4Gn =y7rl -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 19, 2015 Share Posted August 19, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zendframework CVE ID : CVE-2015-5161 Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. For the oldstable distribution (wheezy), this problem has been fixed in version 1.11.13-1.1+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 1.12.9+dfsg-2+deb8u3. For the testing distribution (stretch), this problem has been fixed in version 1.12.14+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.12.14+dfsg-1. We recommend that you upgrade your zendframework packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV1PhuAAoJEK+lG9bN5XPLQjoP/07zcTekHwPyQi/BNw0wVwNt WvglZIiPwd4pvBaxeUalKlJfvGpCbahLKivPzOiaDcD/dIMXLGqwHnKQRVOcPWH2 uMFnJx8XhO2bWHbaG3NzVBXc8EtV3YpWNo48BCpPGnNhywYm59hVsocZr96rti4g 0GR5Rr63tlYG3b5JMklfYLj7KBgMD77HIakZTb7Uo+5efL3N5PIveAZdpD5h/xPq wR+84YSM3Zor4FTIYfT6IZv4LQPH76u9vpw/EMmHybQ06unx2TNKUHHn7XM344Lo yxGq8vuAFkIl60S88T6MiiwjVmoSYElJh/fdpXMfbPJigrQDWl0wTScOuPxja5KJ 1u1JLYn/NlhIsnDk4aH5zQDmET5W11CSQD3TENGeDAgVX6eXq0Ro12G8XjBcNHvE xewnkzJV9XtYj9dOfBShF1SZN/SxVkT1cPeZ/+w1lTMXDc9t0+nRxwqtAEAeUJ+U c7ONekrgV48bxE+KcNRo2GTnfT9c9fsDHJdQrgo8rsUdfZHO88VzWSRTTmBLMFux wpHwVQKs7qN0WrbXk3CdSKObXbgPfr0xQ1g3FWmcX+KENgrx9khTcRiE5mrG8+r+ fpEoupuJ7y+AR24gzZ8tyRwFpK4BJAZXh5j27lyBqoQ8quR+KER5wlNHq4y47eaI gKvVg66bMaOScsAZg0VU =Yn6b -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
securitybreach Posted August 20, 2015 Share Posted August 20, 2015 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3341-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 20, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : conntrack CVE ID : CVE-2015-6496 Debian Bug : 796103 It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets. For the oldstable distribution (wheezy), this problem has been fixed in version 1:1.2.1-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1:1.4.2-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.4.2-3. We recommend that you upgrade your conntrack packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV1b6tAAoJEAVMuPMTQ89E9acQAI9mJw2+XMAYv6o3b3LPoWEw blxUTwWaoEB8JzMthDL4vw54GbfYaAecIQ2/3Q81TQVHn+CUw4q3lgKIgRg4MHd5 Zi5WGD8tUFc0OLzX34E7FkHzMLgNDt2x1GfVCNZYJ2cLvEu1xMJTRKl0UxCfSUGU THHNEc6Ko9NgAtzJZgun2K3bxEpko61VuCNpoHW4ib4kGyeJ9aZE0E0CDh5s1CVm F6qSvoI5KOm4molOStf7AQU9dAubTi6ZNc8YaKKlHon6/uCySsXt52nBDfcygAlf HVK1lio+t5s0T24qzYjaJZxH6VqQ6dLLsc2YDdiBYuMkmylOgnAXlqW5kRjyrJEb kX3JCgLxI/lbdw9XHwsUELDcEppSXkrhor97K1Kmv4ef5qTLEp1IHUMppmn609Jk +P2sBlPco4+3fj/CSqhEdtnZADwKt/5ZuvEJr1J0ueZJvUrmuRi4v1tiwNUmnzlU 0Rwo0npZs0T/QarPtCtPgWutG2v8yS1XaOl5al8nqmE7+DtBql7Z22QbGYG9nD8t tHPTPMy8o9mctyrJ8bR7f3dQBbYjQwB3WJSNnC+1ceiU2+f4L6FuWUFbkU8rum31 8WpfUUA519b6vh8/SoiZrMaOwNcGtw23BkIYXko3GoEF3Docnb2dfXLRosZCIoH/ IC2ZqmuMiY41a0obKSdj =S6/f -----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
Recommended Posts