Debian LTS Linux Distribution - Page 64.45
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these
Several vulnerabilities were discovered in salt. CVE-2020-16846
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security. This marks the end of life of the mongodb package in stretch due to
Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.
Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694
It was found that XStream is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Users who rely on blocklists are affected (the default in Debian). We strongly recommend to use the
Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the
The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or
In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version
In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks.
Some issues have been found in qemu, a fast processor emulator. All issues are related to assertion failures, out-of-bounds access
An issue has been found in tcpflow, a TCP flow recorder. Due to an overflow vulnerability in function handle_80211, an
Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives.
CVE-2018-19787 It was discovered that there was a XSS injection vulnerability in
Multiple heap buffer overflows have been fixed in CImg, a C++ toolkit to load, save, process and display images. For Debian 9 stretch, this problem has been fixed in version
Multiple vulnerabilities were discovered in Zabbix, a network monitoring solution. An attacker may remotely execute code on the zabbix server, and redirect to external links through the zabbix web frontend.
Three issues have been found in golang-1.8, a Go programming language compiler version 1.8
Two issues have been found in golang-1.7, a Go programming language compiler version 1.7
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. CVE-2020-13666
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.