Debian LTS Linux Distribution - Page 72.55
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Todd Carson discovered some integer overflows in libX11, which could lead to heap corruption when processing crafted messages from an input method.
In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language.
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in
rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could
The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service.
Several vulnerabilities were fixed in libjpeg-turbo, a widely used library for handling JPEG files. CVE-2018-1152
Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458
Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code.
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.
A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
Several issues have been found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server.
An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because __gc handler frame traversal is
A vulnerbailty was found in curl, a command line tool for transferring data with URL syntax.
Two issues have been found in salt, a remote manager to administer servers.
Several vulnerabilities were fixed in MilkyTracker, a music tracker for composing music in the MOD and XM module file formats. CVE-2019-14464
Several vulnerabilities have been fixed by upgrading FFmpeg, a widely used multimedia framework, from 3.2.14 to 3.2.15. CVE-2019-13390