Debian LTS Linux Distribution - Page 60.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
The patch to address CVE-2019-5086 and CVE-2019-5087 was not portable and did not work on 32 bit processor architectures. This update fixes the problem. For reference, the original advisory text follows.
libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709
A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks, access sensitive information, or execute arbitrary code.
Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd
It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.
An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch.
Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail.
Several issues have been found in unrar-free, an unarchiver for .rar files. CVE-2017-14120
An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an
Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). An attacker could trigger a denial-of-service (DoS), information leak, and possibly execute arbitrary code with the privileges of the QEMU