Debian LTS Linux Distribution - Page 14.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP
The update of sqlite3 released as DLA-2340-1 contained an incomplete fix for CVE-2019-20218. Updated sqlite3 packages are now available to correct this issue.
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
Various memory and file descriptor leaks were discovered in the Python interface to the APT package management runtime library, which could result in denial of service.
It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files.
Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation.
The http2 server support in this package was vulnerable to certain types of DOS attacks. CVE-2019-9512
Let's Encrypt's ACMEv1 API is deprecated and in the process of being shut down. Beginning with brownouts in January 2021, and ending with a total shutdown in June 2021, the Let's Encrypt APIs will become unavailable. To prevent users having disruptions to their certificate
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these
Several vulnerabilities were discovered in salt. CVE-2020-16846
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security. This marks the end of life of the mongodb package in stretch due to
Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.
Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694
It was found that XStream is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Users who rely on blocklists are affected (the default in Debian). We strongly recommend to use the
Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the
The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or
In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version
In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks.
Some issues have been found in qemu, a fast processor emulator. All issues are related to assertion failures, out-of-bounds access