Letzte Aktivitäten

  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : openssl
    Debian Bug : 941987

    The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.

    For the stable…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : openssh
    Debian Bug : 941663

    A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : jackson-databind
    CVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335
    CVE-2019-16942 CVE-2019-16943
    Debian Bug : 941530 940498 933393 930750

    It was discovered that jackson-databind, a Java library used to…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : libapreq2
    CVE ID : CVE-2019-12412
    Debian Bug : 939937

    Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : subversion
    Debian Bug : 936034

    The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.

    For the oldstable distribution…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : openssl1.0
    CVE ID : CVE-2019-1547 CVE-2019-1563

    Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().

    For the oldstable…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : openssl
    CVE ID : CVE-2019-1547 CVE-2019-1549 CVE-2019-1563

    Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : wpa
    CVE ID : CVE-2019-13377 CVE-2019-16275
    Debian Bug : 934180 940080

    Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).

    CVE-2019-13377

    A…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : file-roller
    CVE ID : CVE-2019-16680

    It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : exim4
    CVE ID : CVE-2019-16928

    A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : e2fsprogs
    CVE ID : CVE-2019-5094
    Debian Bug : 941139

    Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities.
    Running e2fsck on a malformed file…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : golang-1.11
    CVE ID : CVE-2019-16276

    It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : lemonldap-ng
    CVE ID : CVE-2019-15941

    It was discovered that the Lemonldap::NG web SSO system did not restrict OIDC authorization codes to the relying party.

    For the stable distribution (buster), this problem has been fixed in…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : spip
    CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394

    It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database,…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : linux
    CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118
    CVE-2019-15902

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : expat
    CVE ID : CVE-2019-15903
    Debian Bug : 939394

    It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : php7.0
    CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038
    CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042

    Multiple security issues were found in PHP, a widely-used open source general purpose…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : bird
    CVE ID : CVE-2019-16159

    Daniel McCarney discovered that the BIRD internet routing daemon incorrectly validated RFC 8203 messages in it's BGP daemon, resulting in a stack buffer overflow.

    For the stable distribution…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : php7.3
    CVE ID : CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041
    CVE-2019-11042

    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF…
  • Micha

    Hat eine Antwort im Thema Debian Security Advisory verfasst.
    Beitrag
    Package : opendmarc
    CVE ID : CVE-2019-16378
    Debian Bug : 940081

    It was discovered that OpenDMARC, a milter implementation of DMARC, is prone to a signature-bypass vulnerability with multiple From: addresses.

    For the oldstable…