Debian LTS Linux Distribution - Page 77
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
An issue has been found in yodl, a pre-document language. Hanno Bock discovered that there was a buffer over-read vulnerability.
Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program (a compression program for large files) when uncompressing maliciously crafted files.
Three issues have been found in php5, a server-side, HTML-embedded scripting language.
Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
It has been discovered a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service.
It was discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause
It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol.
It was discovered that there was a null pointer deference exploit in libgsf, a I/O abstraction library for GNOME.
It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the
Following CVEs were reported against the jackson-databind source package :
Following CVEs were reported against the awl source package: CVE-2020-11728
Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to
A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the
A remote code execution vulnerability was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data.
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage
It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system. For Debian 8 "Jessie", this issue has been fixed in ceph version
libmtp is a library for communicating with MTP aware devices. The Media Transfer Protocol (commonly referred to as MTP) is a devised set of custom extensions to support the transfer of music files on USB digital audio players
libplist is a library for reading and writing the Apple binary and XML property lists format. It's part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad ...).
The krb5 PAM module (pam_krb5.so) had a buffer overflow that might have caused remote code execution in situations involving supplemental prompting by a Kerberos library.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.