Debian LTS Linux Distribution - Page 76.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities were discovered in BIND, a DNS server implementation.
Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file.
Two memory handling issues were found in gst-plugins-good0.10, a collection of GStreamer plugins from the "good" set:
It was discovered that there was both an invalid memory and heap overflow vulnerability in dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems.
Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files.
An integer overflow vulnerability was found in the sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from
It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library.
Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message.
Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service (crash) or possible execution of arbitrary code.
There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack.
The following CVE(s) were found in src:clamav package. CVE-2020-3327
It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default.
Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files.
OpenConnect, a VPN software, had a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not
NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new version of
Multiple CVE(s) were discovered in the src:wordpress package. CVE-2020-11026
It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse