Debian LTS Linux Distribution - Page 52
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary
It was discovered that the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) can read above the allocated memory when processing a request with a carefully crafted uri-path. An attacker may cause the server to crash (DoS).
Apache Santuario, XML Security for Java, is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
An issue has been found in openssl, a Secure Sockets Layer toolkit. Ingo Schwarze reported a buffer overrun flaw when processing ASN.1 strings, which can result in denial of service.
Multiple issues have been discovered in mupdf. CVE-2016-10246
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
A security vulnerability has been found in Kaminari, a pagination engine plugin for Rails 3+ and other modern frameworks, that would allow an attacker to inject arbitrary code into pages with pagination links.
An issue has been found in grilo, a framework for discovering and browsing media. Due to missing TLS certificate verification, users are vulnerable to network MITM attacks.
The legacy 1.0 version of OpenSSL, a cryptography library for secure communication, fails to validate alternate trust chains in some conditions. In particular this breaks connecting to servers that use Let's Encrypt certificates, starting 2021-10-01.
Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures.
GnuTLS, a portable cryptography library, fails to validate alternate trust chains in some conditions. In particular this breaks connecting to servers that use Let's Encrypt certificates, starting 2021-10-01.
One security issue has been discovered in sssd. The sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version
It was found that the patch for CVE-2021-3592 introduced a regression which prevented ssh connections to the host system. Since there is no imminent solution for the problem, the patch for CVE-2021-3592 has been reverted. Updated qemu packages are now available to correct this issue.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
An issue has been found in btrbk, a backup tool for btrfs subvolumes. Due to mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys an arbitrary code execution would
An XML external entity (XXE) injection in pywps allows an attacker to view files on the application server filesystem by assigning a path to the entity.
Several security vulnerabilities have been found in Qemu, a fast processor emulator. CVE-2021-3713
An issue has been found in squashfs-tools, a tool to create and append to squashfs filesystems. As unsquashfs did not validate all filepaths, it would allow writing
PostgreSQL 9.6.23 fixes this security issue: Disallow SSL renegotiation more completely (Michael Paquier)