Several security vulnerabilities were fixed in opensc, a set of libraries and utilities to access smart cards that support cryptographic operations.

Out-of-bounds reads, buffer overflows and double frees could be used by attackers able to supply crafted smart cards to cause a denial of service (application crash) or possibly have unspecified other impact.

For Debian 8 'Jessie', these problems have been fixed in version 0.16.0-3+deb8u1.

We recommend that you upgrade your opensc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in 'docker cp'could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the 'docker build' command.

Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service.

The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.

It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found at.

It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

For Debian 8 'Jessie', these problems have been fixed in version 9.26a~dfsg-0+deb8u5.

We recommend that you upgrade your ghostscript packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol (JNLP).

CVE-2019-10181

It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

CVE-2019-10182

It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

CVE-2019-10185

It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.

For Debian 8 'Jessie', these problems have been fixed in version 1.5.3-1+deb8u1.

We recommend that you upgrade your icedtea-web packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

'Zerons' and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

It was discovered that there was a stack-based buffer over-read in memcached, the in-memory object caching system.

For Debian 8 'Jessie', this issue has been fixed in memcached version 1.4.21-1.1+deb8u3.

We recommend that you upgrade your memcached packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a heap-based buffer overread vulnerability in expat, an XML parsing library.

A specially crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer overread.

For Debian 8 'Jessie', this issue has been fixed in expat version 2.1.0-6+deb8u6.

We recommend that you upgrade your expat packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

'Zerons' and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

For Debian 8 'Jessie', this problem has been fixed in version 4.84.2-2+deb8u6.

We recommend that you upgrade your exim4 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 60.9.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.

Several vulnerabilities have been discovered in the webkit2gtk web engine :

  - CVE-2019-8644     G. Geshev discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8649     Sergei Glazunov discovered an issue that may lead to     universal cross site scripting.

  - CVE-2019-8658     akayn discovered an issue that may lead to universal     cross site scripting.

  - CVE-2019-8666     Zongming Wang and Zhe Jin discovered memory corruption     issues that can lead to arbitrary code execution.

  - CVE-2019-8669     akayn discovered memory corruption issues that can lead     to arbitrary code execution.

  - CVE-2019-8671     Apple discovered memory corruption issues that can lead     to arbitrary code execution.

  - CVE-2019-8672     Samuel Gross discovered memory corruption issues that     can lead to arbitrary code execution.

  - CVE-2019-8673     Soyeon Park and Wen Xu discovered memory corruption     issues that can lead to arbitrary code execution.

  - CVE-2019-8676     Soyeon Park and Wen Xu discovered memory corruption     issues that can lead to arbitrary code execution.

  - CVE-2019-8677     Jihui Lu discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8678     An anonymous researcher, Anthony Lai, Ken Wong,     Jeonghoon Shin, Johnny Yu, Chris Chan, Phil Mok, Alan     Ho, and Byron Wai discovered memory corruption issues     that can lead to arbitrary code execution.

  - CVE-2019-8679     Jihui Lu discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8680     Jihui Lu discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8681     G. Geshev discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8683     lokihardt discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8684     lokihardt discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8686     G. Geshev discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8687     Apple discovered memory corruption issues that can lead     to arbitrary code execution.

  - CVE-2019-8688     Insu Yun discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8689     lokihardt discovered memory corruption issues that can     lead to arbitrary code execution.

  - CVE-2019-8690     Sergei Glazunov discovered an issue that may lead to     universal cross site scripting.

You can see more details on the WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004.

Alf-Andre Walla discovered a remotely triggerable assert in the Varnish web accelerator; sending a malformed HTTP request could result in denial of service.

The oldstable distribution (stretch) is not affected.

Several newly-referenced issues have been fixed in the FreeType 2 font engine.

CVE-2015-9381

heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c

CVE-2015-9382

buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation

CVE-2015-9383

a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c

For Debian 8 'Jessie', these problems have been fixed in version 2.5.2-3+deb8u4.

We recommend that you upgrade your freetype packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Stefan Metzmacher discovered a flaw in Samba, a SMB/CIFS file, print, and login server for Unix. Specific combinations of parameters and permissions can allow user to escape from the share path definition and see the complete '/' filesystem. Unix permission checks in the kernel are still enforced.

Details can be found in the upstream advisory at https://www.samba.org/samba/security/CVE-2019-10197.html

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service.

It was discovered that there was an arbitrary code execution vulnerability in the pump BOOTP and DHCP client.

When copying the body of the server response, the ethernet packet length could be forged leading to being able to overwrite up to 'ETH_FRAME_LEN - sizeof(*ipHdr) - sizeof(*udpHdr) - sizeof(*bresp)' bytes of stack memory.

Thanks to <ltspro2@secmail.pro> for the report and patch.

For Debian 8 'Jessie', this issue has been fixed in pump version 0.8.24-7+deb8u1.

We recommend that you upgrade your pump packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

CVE-2017-9987

In Libav, there was a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c. A crafted input could have lead to a remote denial of service attack.

CVE-2018-5766

In Libav there was an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.

CVE-2018-11102

A read access violation in the mov_probe function in libavformat/mov.c allowed remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

CVE-2019-14372

In Libav, there was an infinite loop in the function wv_read_block_header() in the file wvdec.c.

CVE-2019-14442

In mpc8_read_header in libavformat/mpc8.c, an input file could have resulted in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could have leveraged this vulnerability to cause a denial of service via a crafted file.

For Debian 8 'Jessie', these problems have been fixed in version 6:11.12-1~deb8u8.

We recommend that you upgrade your libav packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains

For Debian 8 'Jessie', this problem has been fixed in version 2.7.9-2+deb8u4.

We recommend that you upgrade your python2.7 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

GOsa&sup2; used unserialize to restore filter settings from a cookie.
Since this cookie was supplied by the client, authenticated users could have passed arbitrary content to unserialized, which opened GOsa&sup2; up to a potential PHP object injection.

For Debian 8 'Jessie', this problem has been fixed in version 2.7.4+reloaded2-1+deb8u5.

We recommend that you upgrade your gosa packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

jianglin found an issue in libextractor, a library that extracts meta-data from files of arbitrary type.

A crafted file could result in a heap-buffer-overflow vulnerability in function EXTRACTOR_dvi_extract_method in dvi_extractor.c.

For Debian 8 'Jessie', this problem has been fixed in version 1:1.3-2+deb8u5.

We recommend that you upgrade your libextractor packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2018-11782

Ace Olszowka reported that the Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer, leading to a denial of service.

CVE-2019-0203

Tomas Bortoli reported that the Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands.
If the server is configured with anonymous access enabled this could lead to a remote unauthenticated denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 1.8.10-6+deb8u7.

We recommend that you upgrade your subversion packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format.

The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop and an invalid read when working with crafted files as input.

For Debian 8 'Jessie', these problems have been fixed in version 3.5.25.4-4+deb8u1.

We recommend that you upgrade your djvulibre packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.

For Debian 8 'Jessie', this problem has been fixed in version 1:2.2.13-12~deb8u7.

We recommend that you upgrade your dovecot packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.

Two security vulnerabilities were found in the Apache HTTP server.

CVE-2019-10092

Matei 'Mal' Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page.

CVE-2019-10098

Yukitsugu Sasaki reported a potential open redirect vulnerability in the mod_rewrite module.

For Debian 8 'Jessie', these problems have been fixed in version 2.4.10-10+deb8u15.

We recommend that you upgrade your apache2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder :

CVE-2018-19502

Heap buffer overflow in the function excluded_channels (libfaad/syntax.c). This vulnerability might allow remote attackers to cause denial of service via crafted MPEG AAC data.

CVE-2018-20196

Stack buffer overflow in the function calculate_gain (libfaad/br_hfadj.c). This vulnerability might allow remote attackers to cause denial of service or any unspecified impact via crafted MPEG AAC data.

CVE-2018-20199 CVE-2018-20360

NULL pointer dereference in the function ifilter_bank (libfaad/filtbank.c). This vulnerability might allow remote attackers to cause denial of service via crafted MPEG AAC data.

CVE-2019-6956

Global buffer overflow in the function ps_mix_phase (libfaad/ps_dec.c). This vulnerability might allow remote attackers to cause denial of service or any other unspecified impact via crafted MPEG AAC data.

CVE-2019-15296

Buffer overflow in the function faad_resetbits (libfaad/bits.c). This vulnerability might allow remote attackers to cause denial of service via crafted MPEG AAC data.

For Debian 8 'Jessie', these problems have been fixed in version 2.7-8+deb8u3.

We recommend that you upgrade your faad2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been found in the Apache HTTPD server.

  - CVE-2019-9517     Jonathan Looney reported that a malicious client could     perform a denial of service attack (exhausting h2     workers) by flooding a connection with requests and     basically never reading responses on the TCP connection.

  - CVE-2019-10081     Craig Young reported that HTTP/2 PUSHes could lead to an     overwrite of memory in the pushing request's pool,     leading to crashes.

  - CVE-2019-10082     Craig Young reported that the HTTP/2 session handling     could be made to read memory after being freed, during     connection shutdown.

  - CVE-2019-10092     Matei 'Mal' Badanoiu reported a limited cross-site     scripting vulnerability in the mod_proxy error page.

  - CVE-2019-10097     Daniel McCarney reported that when mod_remoteip was     configured to use a trusted intermediary proxy server     using the 'PROXY' protocol, a specially crafted PROXY     header could trigger a stack buffer overflow or NULL     pointer deference. This vulnerability could only be     triggered by a trusted proxy and not by untrusted HTTP     clients. The issue does not affect the stretch release.

  - CVE-2019-10098     Yukitsugu Sasaki reported a potential open redirect     vulnerability in the mod_rewrite module.

Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service.

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

In addition this update fixes a regression which could cause NBD connections to hang.

Multiple vulnerabilities have been found in xymon, the network monitoring application. Remote attackers might leverage these vulnerabilities in the CGI parsing code (including buffer overflows and XSS) to cause denial of service, or any other unspecified impact.

For Debian 8 'Jessie', these problems have been fixed in version 4.3.17-6+deb8u2.

We recommend that you upgrade your xymon packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code.

Even Rouault found an issue in tiff, a library providing support for the Tag Image File Format. Wrong handling off integer overflow checks, that are based on undefined compiler behavior, might result in an application crash.

For Debian 8 'Jessie', this problem has been fixed in version 4.0.3-12.3+deb8u9.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code.

For Debian 8 'Jessie', this issue has been fixed in commons-beanutils version 1.9.2-1+deb8u1.

We recommend that you upgrade your commons-beanutils packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information.

For Debian 8 'Jessie', this problem has been fixed in version 0.5-1+deb8u4.

We recommend that you upgrade your libmspack packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll parameter as a string variable, thus might contain additional JavaScript code. This might result in Criss-Site Scripting (XSS).

For Debian 8 'Jessie', this problem has been fixed in version 1.6.0-1+deb8u1.

We recommend that you upgrade your libapache2-mod-auth-openidc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.

Two issues have been found in cups, the Common UNIX Printing System(tm).

Basically both CVEs (CVE-2019-8675 and CVE-2019-8696) are about stack-buffer-overflow in two functions of libcup. One happens in asn1_get_type() the other one in asn1_get_packed().

For Debian 8 'Jessie', these problems have been fixed in version 1.7.5-11+deb8u5.

We recommend that you upgrade your cups packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.

Flask, a micro web framework for Python contains a CWE-20: Improper Input Validation vulnerability that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding.

For Debian 8 'Jessie', this problem has been fixed in version 0.10.1-2+deb8u1.

We recommend that you upgrade your flask packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Three vulnerabilities have been discovered in the Go programming language; 'net/url' accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete.

Several security vulnerabilities were discovered in openldap, a server and tools to provide a standalone directory service.

CVE-2019-13057

When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control.
(It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

CVE-2019-13565

When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

For Debian 8 'Jessie', these problems have been fixed in version 2.4.40+dfsg-1+deb8u5.

We recommend that you upgrade your openldap packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could then be used to execute arbitrary code, e.g. a file manager trying to find out the icon for a file or any application using KConfig. Thus the entire feature of supporting shell commands in KConfig entries has been removed.

For Debian 8 'Jessie', this problem has been fixed in version 4:4.14.2-5+deb8u3.

We recommend that you upgrade your kde4libs packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains

For Debian 8 'Jessie', this problem has been fixed in version 3.4.2-1+deb8u6.

We recommend that you upgrade your python3.4 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been found in imagemagick, an image processing toolkit.

CVE-2019-12974

NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.

CVE-2019-13135

Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.

CVE-2019-13295, CVE-2019-13297

Multiple heap buffer over-reads in AdaptiveThresholdImage (magick/threshold.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.

CVE-2019-13304, CVE-2019-13305, CVE-2019-13306

Multiple stack-based buffer overflows in WritePNMImage (coders/pnm.c), leading to stack buffer over write up to ten bytes. Remote attackers might leverage these flaws to potentially perform code execution or denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u17.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Severity
128743	Debian DLA-1916-1 : opensc security update	High
128622	Debian DSA-4521-1 : docker.io - security update	High
128621	Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)	High
128620	Debian DSA-4519-1 : libreoffice - security update	High
128619	Debian DLA-1915-1 : ghostscript security update	High
128618	Debian DLA-1914-1 : icedtea-web security update	Medium
128560	Debian DSA-4518-1 : ghostscript - security update	High
128559	Debian DSA-4517-1 : exim4 - security update	Critical
128558	Debian DLA-1913-1 : memcached security update	Medium
128557	Debian DLA-1912-1 : expat security update	High
128556	Debian DLA-1911-1 : exim4 security update	Critical
128555	Debian DLA-1910-1 : firefox-esr security update	High
128534	Debian DSA-4516-1 : firefox-esr - security update	High
128511	Debian DSA-4515-1 : webkit2gtk - security update	High
128510	Debian DSA-4514-1 : varnish - security update	High
128509	Debian DLA-1909-1 : freetype security update	Medium
128479	Debian DSA-4513-1 : samba - security update	Medium
128430	Debian DSA-4512-1 : qemu - security update	Medium
128429	Debian DSA-4511-1 : nghttp2 - security update (Data Dribble) (Resource Loop)	High
128428	Debian DLA-1908-1 : pump security update	High
128427	Debian DLA-1907-1 : libav security update	High
128426	Debian DLA-1906-1 : python2.7 security update	Medium
128425	Debian DLA-1905-1 : gosa security update	High
128424	Debian DLA-1904-1 : libextractor security update	Medium
128395	Debian DLA-1903-1 : subversion security update	High
128394	Debian DLA-1902-1 : djvulibre security update	Medium
128393	Debian DLA-1901-1 : dovecot security update	High
128307	Debian DSA-4510-1 : dovecot - security update	High
128306	Debian DLA-1900-1 : apache2 security update	High
128305	Debian DLA-1899-1 : faad2 security update	Medium
128182	Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)	High
128181	Debian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)	High
128180	Debian DSA-4506-1 : qemu - security update	High
128179	Debian DLA-1898-1 : xymon security update	High
128125	Debian DSA-4507-1 : squid - security update	High
128124	Debian DLA-1897-1 : tiff security update	Medium
128123	Debian DLA-1896-1 : commons-beanutils security update	High
128122	Debian DLA-1895-1 : libmspack security update	Medium
128121	Debian DLA-1894-1 : libapache2-mod-auth-openidc security	Medium
128083	Debian DSA-4505-1 : nginx - security update (0-Length Headers Leak) (Data Dribble) (Resource Loop)	High
128082	Debian DLA-1893-1 : cups security update	High
128066	Debian DSA-4504-1 : vlc - security update	High
128038	Debian DLA-1892-1 : flask security update	Medium
127930	Debian DSA-4503-1 : golang-1.11 - security update (Ping Flood) (Reset Flood)	High
127929	Debian DSA-4502-1 : ffmpeg - security update	High
127928	Debian DSA-4501-1 : libreoffice - security update	High
127927	Debian DLA-1891-1 : openldap security update	Medium
127926	Debian DLA-1890-1 : kde4libs security update	Medium
127925	Debian DLA-1889-1 : python3.4 security update	Medium
127924	Debian DLA-1888-1 : imagemagick security update	Medium

Debian Local Security Checks Family for Nessus