Debian LTS Linux Distribution - Page 4.15
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.
It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow.
It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: * CVE-2019-19911: Prevent a denial-of-service vulnerability caused
It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request
It was discovered that the fix to address an ECDSA timing attack in the libgcrypt20 cryptographic library was incomplete. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20
An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions.
Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files. For Debian 8 "Jessie", these problems have been fixed in version
An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in
An issues has been found in libbsd, a package containing utility functions from BSD systems.
This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in
Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-19948
It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 "Jessie", this issue has been fixed in libxml2 version
An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute.
An issue has been found in cups, the Common UNIX Printing System(tm). An incorrect bounds check could lead to a possible out-of-bounds read and
A change introduced in libssh 0.6.3-4+deb8u4 (which got released as DLA 2038-1) has broken x2goclient's way of scp'ing session setup files from client to server, resulting in an error message shown in a GUI error dialog box during session startup (and session resuming).
Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix.