Debian LTS Linux Distribution - Page 62.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was an issue in the gssproxy privilege separation caused by gssproxy not unlocking cond_mutex prior to calling pthread_exit.
It was discovered that csync2, a cluster synchronization tool, did not correctly check for the return value from GnuTLS security routines. It neglected to repeatedly call this function as required by the design of the API.
Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888
Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS#11 modules.
A flaw was found in hibernate-core. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Several security vulnerabilities were discovered in XStream, a Java library to serialize objects to XML and back again. CVE-2020-26258
An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange
This update includes the changes in tzdata 2020e for the Perl bindings. For the list of changes, see DLA-2510-1. For Debian 9 stretch, this problem has been fixed in version
This update includes the changes in tzdata 2020e. Notable changes are: - - Volgograd switched to Moscow time on 2020-12-27 at 02:00.
An issue was discovered in roundcube where in a cross-site scripting (XSS) via HTML or plain text messages with malicious content was possible.
The update for python-apt released as 2488-1 introduced a regression by causing a segmentation fault, which is now fixed with this update. For Debian 9 stretch, this problem has been fixed in version
It was found that spip, a website engine for publishing, did not correctly validate its input (couleur, display, display_navigation, display_outils, imessage, and spip_ecran) allowing authenticated users to execute arbitrary code.
It was discovered that Awstats, a web server log analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default
A few issues have been found in the OpenJDK 8u272 update, including LDAP connection failures and application crash. For Debian 9 stretch, this problem has been fixed in version
It was discovered that there was an issue in node-ini, a .ini format parser and serializer for Node.js, where an application could be exploited by a malicious input file.
A potential denial-of-service attack through malicious timestamp tags was fixed in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix.
An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics. By using a JWT token with an empty shared secret, one is able to bypass
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
Sympa, a modern mailing list manager, grants full SOAP API access by sending invalid string as the cookie value, if the SOAP endpoint was enabled. An attacker could manipulate the mailing lists, including subscribing e-mails or getting the list of subscribers.
The UK's National Cyber Security Centre (NCSC) discovered that Xerces-C, a validating XML parser library for C++, contains a use-after-free error triggered during the scanning of external DTDs. An attacker could cause a Denial of Service (DoS) and possibly
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.