Debian LTS Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server.
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version
An issue has been found in libpgf, a library to handle Progressive Graphics File (PGF).
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server.
A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting.
It was discovered that there was unsafe deserialisation issue in cacti, server monitoring system system. Unsafe deserialisation of objects which can lead to abuse of the
More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.
It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211
It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Several security vulnerabilities were found in Ruby that also affected Debian's JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause a denial-of-service or inject input into HTTP response headers when using the WEBrick module.
In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang.
The OpenSLP package had two open security issues: CVE-2017-17833
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/display_git_revision.lib.php and libraries/Footer.class.php.
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code.
It was discovered that there was an integer overflow vulnerability in librabbitmq, a library for robust messaging between applications and servers.
Several security issues were fixed in libav, a multimedia library for processing audio and video files.
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring.
A corrupted or specially crafted CRW images might exceed the overall buffersize to cause a denial of service.