Debian LTS Linux Distribution - Page 90
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was a remotely-exploitable null pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 "Jessie", this issue has been fixed in libapreq2 version
More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource, commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve
Netty mishandled whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which lead to HTTP request smuggling.
The update of apache2 released as DLA-1900-1 contained an incomplete fix for CVE-2019-10092, a limited cross-site scripting issue affecting the mod_proxy error page. The old patch rather introduced a new CSRF protection which also caused a regression, an inability to dynamically
Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control,
An issue has been found in cups, the Common UNIX Printing System(tm). While generating a session cookie for the CUPS web interface, a
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of
Several issues have been found in cimg, a powerful image processing library.
A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. For Debian 8 "Jessie", this problem has been fixed in version
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
An update has been made to php5, a server-side, HTML-embedded scripting language. Specficially, as reported in #805222, the ability to build extensions in certain older versions of PHP within Debian has been
A vulnerability has been discovered in php-pecl-http, the pecl_http module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the merge_param() function allows attackers to crash PHP and possibly
Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization).
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.