Debian LTS Linux Distribution - Page 63.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The update for python-apt released as 2488-1 introduced a regression by causing a segmentation fault, which is now fixed with this update. For Debian 9 stretch, this problem has been fixed in version
It was found that spip, a website engine for publishing, did not correctly validate its input (couleur, display, display_navigation, display_outils, imessage, and spip_ecran) allowing authenticated users to execute arbitrary code.
It was discovered that Awstats, a web server log analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default
A few issues have been found in the OpenJDK 8u272 update, including LDAP connection failures and application crash. For Debian 9 stretch, this problem has been fixed in version
It was discovered that there was an issue in node-ini, a .ini format parser and serializer for Node.js, where an application could be exploited by a malicious input file.
A potential denial-of-service attack through malicious timestamp tags was fixed in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix.
An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics. By using a JWT token with an empty shared secret, one is able to bypass
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
Sympa, a modern mailing list manager, grants full SOAP API access by sending invalid string as the cookie value, if the SOAP endpoint was enabled. An attacker could manipulate the mailing lists, including subscribing e-mails or getting the list of subscribers.
The UK's National Cyber Security Centre (NCSC) discovered that Xerces-C, a validating XML parser library for C++, contains a use-after-free error triggered during the scanning of external DTDs. An attacker could cause a Denial of Service (DoS) and possibly
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.
It was discovered that Apache Tomcat from 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an
David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version
David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version
Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP
The update of sqlite3 released as DLA-2340-1 contained an incomplete fix for CVE-2019-20218. Updated sqlite3 packages are now available to correct this issue.
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
Various memory and file descriptor leaks were discovered in the Python interface to the APT package management runtime library, which could result in denial of service.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.