Debian LTS Linux Distribution - Page 62.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities were fixed in Wireshark, a network sniffer. CVE-2019-13619
CVE-2020-8695 Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to
CVE-2020-8020 An improper neutralization of input during web page generation vulnerability in open-build-service allows remote attackers to
Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via
This update includes the changes in tzdata 2021a for the Perl bindings. For the list of changes, see DLA-2542-1. For Debian 9 stretch, this problem has been fixed in version
This update includes the changes in tzdata 2021a. Notable changes are: - South Sudan changed from +03 to +02 on 2021-02-01.
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 "Stretch", this problem has been fixed in version
Two vulnerabilities were fixed by upgrading the MariaDB database server packages to the latest version on the 10.1 branch. For Debian 9 stretch, these problems have been fixed in version
It was discovered that CVE-2020-26159 in the Oniguruma regular expressions library, notably used in PHP mbstring, was a false-positive. In consequence the patch for CVE-2020-26159 was reverted. For reference, the original advisory text follows.
Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or
CVE-2017-7481 Ansible fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject
The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security to mark the end of life of the reel package. See https://lists.debian.org/debian-lts/2021/01/msg00016.html for further
The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when