Debian LTS Linux Distribution - Page 76.25
Find the information you need for your favorite open source distribution .
Debian LTS: DLA-2227-1: bind9 security update
Several vulnerabilities were discovered in BIND, a DNS server implementation.
Debian LTS: DLA-2226-1: gst-plugins-ugly0.10 security update
Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file.
Debian LTS: DLA-2225-1: gst-plugins-good0.10 security update
Two memory handling issues were found in gst-plugins-good0.10, a collection of GStreamer plugins from the "good" set:
Debian LTS: DLA-2224-1: dosfstools security update
It was discovered that there was both an invalid memory and heap overflow vulnerability in dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems.
Debian LTS: DLA-2223-1: salt security update
Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software.
Debian LTS: DLA-2209-1: tomcat8 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Debian LTS: DLA-2222-1: libexif security update
Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files.
Debian LTS: DLA-2221-1: sqlite3
An integer overflow vulnerability was found in the sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from
Debian LTS: DLA-2220-1: cracklib2 security update
It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library.
Debian LTS: DLA-2219-1: feh security update
Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message.
Debian LTS: DLA-2218-1: transmission security update
Tom Richards reported that by using a crafted torrent file one could cause a use-after-free, which might result in a denial of service (crash) or possible execution of arbitrary code.
Debian LTS: DLA-2216-1: ruby-rack security update
There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack.
Debian LTS: DLA-2215-1: clamav security update
The following CVE(s) were found in src:clamav package. CVE-2020-3327
Debian LTS: DLA-2213-1: exim4 security update
It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default.
Debian LTS: DLA-2214-1: libexif security update
Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files.
Debian LTS: DLA-2212-1: openconnect security update
OpenConnect, a VPN software, had a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
Debian LTS: DLA-2210-1: apt security update
When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not
Debian LTS: DLA-2176-1: inetutils security update
NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new version of
Debian LTS: DLA-2208-1: wordpress security update
Multiple CVE(s) were discovered in the src:wordpress package. CVE-2020-11026
Debian LTS: DLA-2207-1: libntlm security update
It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
