Debian LTS Linux Distribution - Page 63
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security to mark the end of life of the reel package. See https://lists.debian.org/debian-lts/2021/01/msg00016.html for further
The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when
Multiple vulnerabilites in wavpack were found, like OOB read (which could potentially lead to a DOS attack), unexpected control flow, crashes, integer overflow, and segfaults.
Several vulnerabilities were discovered in spice-vdagent, a spice guest agent for enchancing SPICE integeration and experience. CVE-2017-15108
Several security vulnerabilities were found in ImageMagick, a suite of image manipulation programs. An attacker could cause denial of service and execution of arbitrary code when a crafted image file is processed.
There was an integer overflow vulnerability concerning the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
Several security vulnerabilities were addressed in pacemaker, a cluster resource manager. CVE-2018-16877
LibreOffice slideshow aborts with stack smashing in cairo’s composite_boxes. For Debian 9 stretch, this problem has been fixed in version
It was discovered that there was an issue in the gssproxy privilege separation caused by gssproxy not unlocking cond_mutex prior to calling pthread_exit.
It was discovered that csync2, a cluster synchronization tool, did not correctly check for the return value from GnuTLS security routines. It neglected to repeatedly call this function as required by the design of the API.
Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888
Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS#11 modules.
A flaw was found in hibernate-core. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Several security vulnerabilities were discovered in XStream, a Java library to serialize objects to XML and back again. CVE-2020-26258
An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange
This update includes the changes in tzdata 2020e for the Perl bindings. For the list of changes, see DLA-2510-1. For Debian 9 stretch, this problem has been fixed in version