Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks.
Two issues were found in GDAL, a geospatial library, that could lead to denial of service via application crash or possibly the execution of arbitrary code if maliciously crafted data was parsed.
thenify is a Promisify a callback-based function using any-promise. Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval
An issue has been found in tinyxml, a C++ XML parsing library. Crafted XML messages could lead to an infinite loop in TiXmlParsingData::Stamp(), which results in a denial of service.
The update for mariadb-10.3 released as DLA-3114 introduced a bug in the mariadb-server-10.3 package, that could cause installation failures when installing or updating plugin packages.
An issue has been found in libhttp-daemon-perl, a simple http server class. Due to insufficient Content-Length: handling in HTTP-header an attacker
An issue has been found in libsndfile, a library for reading/writing audio files.
Two issues have been found in libvncserver, a library to write one's own VNC server.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32886
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 91.x
Two security issues were discovered in dovecot: IMAP and POP3 email server. CVE-2021-33515
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.
Several security vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.
Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a
Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.
Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular expressions. For Debian 10 buster, this problem has been fixed in version
Maher Azzouzi found a local root escalation vulnerability in Enlightenment, an X11 window manager. For Debian 10 buster, this problem has been fixed in version
Multiple file parsing vulnerabilities have been fixed in libraw. They are concerned with the dng and x3f formats. CVE-2020-35530
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.3.36. Please see the MariaDB 10.3 Release Notes for further details: