Debian LTS Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
This update fixes a problem that caused Firefox to fail to build on the arm64 and armhf architectures. For Debian 9 stretch, this problem has been fixed in version
Various vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2018-12404
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting or spoofing the origin of a download.
Several vulnerabilities were discovered in the Perl5 Database Interface (DBI). An attacker could trigger a denial-of-service (DoS) and possibly execute arbitrary code.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518
Several vulnerabilities were fixed in the Qt toolkit. CVE-2018-19872
Two issues have been found in yaws, a high performance HTTP 1.1 webserver written in Erlang.
Two issues have been found in nfdump, a netflow capture daemon. Both issues are related to either a buffer overflow or an integer overflow, which could result in a denial of service or a local code
An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination
Two security issues were discovered in the modules of the InspIRCd IRC daemon, which could result in denial of service. CVE-2019-20917
The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code. CVE-2020-1711
Multiple vulnerabilities were discovered in Wordpress, a popular content management framework. CVE-2019-17670
Several security vulnerabilities were corrected in libxml2, the GNOME XML library. CVE-2017-8872
It was discovered that there was a arbitrary code execution vulnerability in grunt, a Javascript task runner. This was possible due to the unsafe loading of YAML documents.
Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548
lemonldap-ng community fixed a vulnerability in the Nginx default configuration files (CVE-2020-24660). Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version.
The update of squid3 released as DLA-2278-2 introduced a regression due to the updated fix for CVE-2019-12529. The new Kerberos authentication code prevented base64 token negotiation. Updated squid3 packages are now
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service.