Debian LTS Linux Distribution - Page 87
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root escalation in certain PAM setups.
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data.
Earlier versions of this package package were vulnerable to Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes.
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series
A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open Redirect
Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Tim Brown discovered a shared memory permissions vulnerability in the Mesa 3D graphics library. Some Mesa X11 drivers use shared-memory XImages to implement back buffers for improved performance, but Mesa
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
Several vulnerabilities were discovered in Ampache, a web-based audio file management system.
In haml, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service.
GDAL through 3.0.1 had a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold was exceeded.
It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues.
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.
Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2019-18601
Several vulnerabilities in wordpress, a web blogging tool, have been fixed.