Debian LTS: DLA-2992-1: openvpn security update
Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins.
Find the information you need for your favorite open source distribution .
Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins.
The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.
It was discovered that the implementation of UntypedObjectDeserializer in jackson-databind, a fast and powerful JSON library for Java, was prone to a denial of service attack when deeply nested object and array values were processed.
A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file
An issue has been found in tinyxml, a C++ XML parsing library. Crafted XML messages could lead to an infinite loop in
Three issues have been found in libarchive, a multi-format archive and compression library.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Jaime Frey discovered a flaw in HTCondor, a distributed workload management system. An attacker need only have READ-level authorization to a vulnerable daemon using the CLAIMTOBE authentication method. This means they are able to run tools like condor_q or condor_status. Many pools do not restrict who can