Debian LTS Linux Distribution - Page 38
Find the information you need for your favorite open source distribution .
Debian LTS: DLA-3084-1: ndpi security update
Two security issues have been discovered in ndpi: deep packet inspection library.
Debian LTS: DLA-3083-1: puma security update
Multiple security issues have been found in puma, a web server for ruby/rack applications. CVE-2021-29509
Debian LTS: DLA-3082-1: exim4 security update
It was discovered that in Exim, a mail transport agent, handling an e-mail can cause a heap-based buffer overflow in some situations. An attacker can cause a denial-of-service (DoS) and possibly execute arbitrary code.
Debian LTS: DLA-3081-1: open-vm-tools security update
open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Debian LTS: DLA-3079-1: jetty9 security update
Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047
Debian LTS: DLA-3078-1: kicad security update
KiCad is a suite of programs for the creation of printed circuit boards. It includes a schematic editor, a PCB layout tool, support tools and a 3D viewer to display a finished & fully populated PCB.
Debian LTS: DLA-3076-1: freecad security update
A command injection vulnerability was found in FreeCAD, a parametric 3D modeler, when importing DWG files with crafted filenames. For Debian 10 buster, this problem has been fixed in version
Debian LTS: DLA-3075-1: schroot security update
Julian Gilbey discovered that schroot, a tool allowing users to execute commands in a chroot environment, had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
Debian LTS: DLA-3074-1: epiphany-browser security update
Several issues were discovered in Epiphany, the GNOME web browser, allowing XSS attacks by malicious websites, or memory corruption and application crash by a page with a very long title.
Debian LTS: DLA-3073-1: webkit2gtk security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32792
Debian LTS: DLA-3072-1: postgresql-11 security update
Sven Klemm found that some extensions in the PostgreSQL database system could replace objects not belonging to the extension. An attacker could leverage this to run arbitrary commands as another user.
Debian LTS: DLA-3071-1: libtirpc security update
It was discovered that libtirpc, a transport-independent RPC library, does not properly handle idle TCP connections. A remote attacker can take advantage of this flaw to cause a denial of service.
Debian LTS: DLA-3070-1: gnutls28 security update
Two issues were found in GnuTLS, a library implementing the TLS and SSL protocols. A remote attacker could take advantage of these flaws to cause an application using the GnuTLS library to crash (denial of service), or potentially, to execute arbitrary code.
Debian LTS: DLA-3069-1: gst-plugins-good1.0 security update
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Debian LTS: DLA-3068-1: xorg-server security update
Jan-Niklas Sohn discovered two out of bound memory writes in X.Org Server's ProcXkbSetGeometry and ProcXkbSetDeviceInfo Xkb extensions. These issues could be exploited by an attacker to cause denial of service, privilege escalation or arbitrary code execution.
Debian LTS: DLA-3066-1: isync security update
Several security vulnerabilities have been discovered in isync, an IMAP and MailDir mailbox synchronizer. An malicious attacker who can control an IMAP server may exploit these flaws for remote code execution.
Debian LTS: DLA-3065-1: linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian LTS: DLA-3064-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
Debian LTS: DLA-3063-1: systemd security update
A heap use-after-free vulnerability was found in systemd, a system and service manager, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate
Debian LTS: DLA-3062-1: ublock-origin security update
uBlock, a Firefox add-on and efficient ads, malware and trackers blocker, supported an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
