Debian LTS Linux Distribution - Page 70
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol. CVE-2019-20839
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file.
The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections.
A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525
In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data.
Several vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine. CVE-2018-8740
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service.
Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language.
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications.
Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files.
Several security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code
Kevin Backhouse discovered multiple vulnerabilies in the epson2 and epsonds backends of SANE, a library for scanners. A malicious remote device could exploit these to trigger information disclosure, denial of service and possibly remote code execution.
Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain `CREATE EXTENSION' statements.
Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742
In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.