Debian LTS Linux Distribution - Page 134
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
There is an OS command injection vulnerability in Rake (a ruby make-like utility) < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend().
A vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow.
It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling
Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework:
Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework:
A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently
An denial of service via an algorithmic complexity attack on email address parsing have been identified in libemail-address-list-perl.
Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External Entity (XXE) injection.
an out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.
Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side.
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp, the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name. This issue is also mitigated by
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation.
A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user
An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 "Jessie", this problem has been fixed in version