Debian LTS Linux Distribution - Page 61.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 "Stretch", this problem has been fixed in version
Two vulnerabilities were fixed by upgrading the MariaDB database server packages to the latest version on the 10.1 branch. For Debian 9 stretch, these problems have been fixed in version
It was discovered that CVE-2020-26159 in the Oniguruma regular expressions library, notably used in PHP mbstring, was a false-positive. In consequence the patch for CVE-2020-26159 was reverted. For reference, the original advisory text follows.
Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or
CVE-2017-7481 Ansible fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject
The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security to mark the end of life of the reel package. See https://lists.debian.org/debian-lts/2021/01/msg00016.html for further
The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when
Multiple vulnerabilites in wavpack were found, like OOB read (which could potentially lead to a DOS attack), unexpected control flow, crashes, integer overflow, and segfaults.
Several vulnerabilities were discovered in spice-vdagent, a spice guest agent for enchancing SPICE integeration and experience. CVE-2017-15108
Several security vulnerabilities were found in ImageMagick, a suite of image manipulation programs. An attacker could cause denial of service and execution of arbitrary code when a crafted image file is processed.
There was an integer overflow vulnerability concerning the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
Several security vulnerabilities were addressed in pacemaker, a cluster resource manager. CVE-2018-16877
LibreOffice slideshow aborts with stack smashing in cairo’s composite_boxes. For Debian 9 stretch, this problem has been fixed in version
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.