Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple vulnerabilities were discovered in squid, a Web Proxy cache CVE-2022-41317
A command injection vulnerability was found in Rexical, a lexical scanner generator for the Ruby programming language. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
Multiple vulnerabilities were discovered in Nokogiri, an HTML/XML/SAX/Reader parser for the Ruby programming language, leading to command injection, XML external entity injection (XXE), and denial-of-service (DoS).
Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. CVE-2022-41765
It was discovered that there was a potential arbitrary file read vulnerability in twig, a PHP templating library. It was caused by insufficient validation of template names in 'source' and 'include' statements.
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. CVE-2022-2928
Several security vulnerabilities have been discovered in Git, a fast, scalable, distributed revision control system, which may affect multi-user systems. CVE-2021-21300
Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.
It was discovered that there was a potential denial of service vulnerability in strongswan, an IPsec VPN solution. Strongswan could have queried URLs with untrusted certificates, and
Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a simple interprocess messaging system, which may result in denial of service by an authenticated user.
Several security vulnerabilities were discovered in Wordpress, a popular content management framework. Server Side Request Forgery and cross-site scripting (XSS) attacks may facilitate the bypass of access controls or the injection of client-side scripts.
It was discovered that there was a potential SQL injection vulnerability in libpgjava, a Java library for connecting to PostgreSQL databases.
It was discovered that there was a potential remote denial-of-service vulnerability in the knot-resolver DNSSEC-validating DNS resolver. Remote attackers could have caused a denial of service via CPU
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795
Multiple vulnerabilities were discovered in Node.js, a JavaScript runtime environment, which could result in memory corruption, invalid certificate validation, prototype pollution or command injection.
It was found that Barbican, a service for secret management and storage, was vulnerable to access bypass via query string injection. For Debian 10 buster, this problem has been fixed in version
This update includes the changes in tzdata 2022d for the Perl bindings. For the list of changes, see DLA-3134-1. For Debian 10 buster, this problem has been fixed in version
This update includes the changes in tzdata 2022d. Notable changes are: - - Palestine now switches back to standard time on October 29.
An invalid HTTP request (websocket handshake) may cause a NULL pointer dereference in the wstunnel module. For Debian 10 buster, this problem has been fixed in version
Several security vulnerabilities have been discovered in SnakeYaml, a YAML parser for Java, which could facilitate a denial of service attack whenever maliciously crafted input files are processed by SnakeYaml.