Debian LTS: DLA-3328-1: clamav security update
Two vulnerabilities have been found in the ClamAV antivirus toolkit, which could result in arbitrary code execution or information disclosure when parsing maliciously crafted HFS+ or DMG files.
Debian LTS: DLA-3327-1: nss security update
Multiple security vulnerabilities have been discovered in nss, the Network Security Service libraries. CVE-2020-6829
Debian LTS: DLA-3325-1: openssl security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure.
Debian LTS: DLA-3324-1: thunderbird security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Debian LTS: DLA-3323-1: c-ares security update
It was discovered that in c-ares, an asynchronous name resolver library, the config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service.
Debian LTS: DLA-3322-1: golang-github-opencontainers-selinux
runc, as used in Docker and other products, allows AppArmor and SELinux restriction bypass, and thus a malicious Docker image could breach isolation.
Debian LTS: DLA-3321-1: gnutls28 security update
Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library. For Debian 10 buster, this problem has been fixed in version
Debian LTS: DLA-3320-1: webkit2gtk security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-23529
Debian LTS: DLA-3319-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
