Debian LTS Linux Distribution - Page 47
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two vulnerabilities were fixed in monit, a utility for monitoring and managing Unix systems. CVE-2019-11454
Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure.
Invalid read for malformed DVI files was fixed in GNU libextractor, a library that extracts meta-data from files of arbitrary type. For Debian 9 stretch, this problem has been fixed in version
Improper PHB header length validation was fixed in libpcap, a library for capturing network traffic. For Debian 9 stretch, this problem has been fixed in version
Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2021-22207
Two issues have been discovered in libssh2, a client-side C library implementing the SSH2 protocol: CVE-2019-13115:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leaks.
A security issue was discovered in MediaWiki, a website engine for collaborative work: Missing validation in the mcrundo action may allow allow an attacker to leak page content from private wikis or to bypass edit restrictions.
An issue has been found in raptor2, a Raptor RDF parser and serializer library. Malformed input file can lead to a segfault.
An issue has been found in libsamplerate, an audio sample rate conversion library. Using a crafted audio file a buffer over-read might happen in calc_output_single() in src_sinc.c.
Artem Ivanov and Joshua Rogers found an XSS and a DOS issue, respectively, affecting src:privoxy, a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing
Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can
DLA-2836-1 was rolled out, fixing CVE-2021-43527 in nss, but that lead to a regression, preventing SSL connections in Chromium. The complete bug report could be found here: .
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks.
One security issue has been discovered in gerbv: a viewer for Gerber RS-274X files. It was discovered that an out-of-bounds write vulnerability exists in the drill format T-code tool. A specially-crafted drill file can lead to code execution.
Several vulnerabilities were discovered in LibreCAD, an application for computer aided design (CAD) in two dimensions. An attacker could trigger code execution through malicious .dwg and .dxf files.
One security issue has been discovered in gmp: GNU Multiple Precision Arithmetic Library. It was discovered that integer overflow is possible in mpz/inp_raw.c and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041
Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs).
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.