Debian LTS Linux Distribution - Page 69.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
An issue has been found in bacula, a network backup service. By sending oversized digest strings a malicious client can cause a heap overflow in the director's memory which results in a denial of service.
The File Manager (gollem) module in Horde Groupware has allowed remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponded to the exact filename.
In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a "Calendar -> New Event" action. For Debian 9 stretch, this problem has been fixed in version
In Horde Groupware, there has been an XSS via the Name field during creation of a new Resource. This could have been leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol. CVE-2019-20839
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file.
The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections.
A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525
In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data.
Several vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine. CVE-2018-8740
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service.
Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language.
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications.
Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.