Debian LTS Linux Distribution - Page 71.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain `CREATE EXTENSION' statements.
Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742
In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version
A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data
Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-12100
In HtmlUnit, a GUI-Less browser for Java programs, malicious JavaScript code was able to execute arbitrary Java code on the application. For Debian 9 stretch, this problem has been fixed in version
The update of squid3 released as DLA-2278-1 contained an incomplete fix for CVE-2019-12523 that prevented services which rely on the icap or ecap protocol to function properly. Updated squid3 packages are now available to correct this issue.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure.
Linux 4.19 has been packaged for Debian 9 as linux-4.19. This provides a supported upgrade path for systems that currently use kernel packages from the "stretch-backports" suite.
Linux 4.19 has been packaged for Debian 9 as linux-4.19. This provides a supported upgrade path for systems that currently use kernel packages from the "stretch-backports" suite.
The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later,
A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
xrdp-sesman service in xrdp can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them
ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is
The following CVE(s) have been reported against src:wpa. CVE-2019-10064
It was noticed that in Pillow before 7.1.0, there are multiple out-of-bounds reads in libImaging/FliDecode.c. For Debian 9 stretch, this problem has been fixed in version
Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass
Several vulnerabilities have been found in the ClamAV antivirus toolkit: CVE-2020-3327
Todd Carson discovered some integer overflows in libX11, which could lead to heap corruption when processing crafted messages from an input method.
In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version