Debian LTS Linux Distribution - Page 54
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Philipp Jeitner and Haya Shulman discovered a stack-based buffer overflow in libspf2, a library for validating mail senders with SPF, which could result in denial of service, or potentially execution of arbitrary code when processing a specially crafted SPF record.
Several vulnerabilities were discovered in Ceph, a distributed storage and file system. CVE-2018-14662
An issue has been found in c-ares, an asynchronous name resolver. Missing input validation of host names returned by Domain Name Servers can lead to output of wrong hostnames.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions, incorrect validation of signed Jars or information disclosure.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-30640
Several vulnerabilities were discovered in OpenEXR, a library and tools for the OpenEXR high dynamic-range (HDR) image format. An attacker could cause a denial of service (DoS) through application crash, and possibly execute code.
One security issue affects WordPress, a weblog manager, versions between 3.7 and 5.7. This update fixes the following security issues: Object injection in PHPMailer (CVE-2020-36326 and CVE-2018-19296).
It was discovered that there was an issue in libpam-tacplus (a security module for using the TACACS+ authentication service) where shared secrets such as private server keys were being added in the clear to various logs.
Several security vulnerabilities have been discovered in lrzip, a compression program. Heap-based and stack buffer overflows, use-after-free and infinite loops would allow attackers to cause a denial of service or possibly other unspecified impact via a crafted file.
HTCondor, a distributed workload management system, has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to
An issue has been found in libsndfile, a library for reading/writing audio files. A crafted WAV file can trigger a heap buffer overflow and might allow exectution of arbitrary code.
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation in combination with VT-d and various side channel attacks.
Two issue have been found in aspell, the GNU Aspell spell-checker. One issue is related to a stack-based buffer over-read via an isolated \
It was discovered that the previous upload of the package rabbitmq-server versioned 3.6.6-1+deb9u1 introduced a regression in function fmt_strip_tags. Big thanks to Christoph Haas for the reporting an issue and for testing the update.
ooooooo_q discovered that the actionpack_page-caching Ruby gem, a static page caching module for Rails, allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
Several vulnerabilities have been discovered in pillow (Python Imaging Library - PIL). Affected binary packages:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.