Debian LTS Linux Distribution - Page 60
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709
A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.
Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd
It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.
An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch.
Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail.
Several issues have been found in unrar-free, an unarchiver for .rar files. CVE-2017-14120
An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an
Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). An attacker could trigger a denial-of-service (DoS), information leak, and possibly execute arbitrary code with the privileges of the QEMU
Mechanize is an open-source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability.
Busybox, utility programs for small and embedded systems, was affected by several security vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues.
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.