Debian: DSA-5017-1: xen security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
Debian: DSA-5016-1: nss security update
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
Debian: DSA-5015-1: samba security update
Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way. This could allow a user in an AD domain to potentially become root on domain members.
Debian: DSA-5014-1: icu security update
Rongxin Wu discovered a use-after-free vulnerability in the International Components for Unicode (ICU) library which could result in denial of service or potentially the execution of arbitrary code.
Debian: DSA-5013-1: roundcube security update
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks.
Debian: DSA-5012-1: openjdk-17 security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
Debian: DSA-5011-1: salt security update
Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL
Debian: DSA-5010-1: libxml-security-java security update
Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Debian: DSA-5009-1: tomcat9 security update
Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
