Debian LTS Linux Distribution - Page 49
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041
Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs).
In rsync, a remote file-copying tool, remote attackers were able to bypass the argument-sanitization protection mechanism by passing additional --protect-args.
Several vulnerabilities were fixed in the OpenSC smart card utilities. CVE-2019-15945
Stack-based buffer over-reads for crafted NTLM requests were fixed in libntlm, a library that implements Microsoft's NTLM authentication. For Debian 9 stretch, this problem has been fixed in version
An infinite loop when --sparse is used with file shrinkage during read access was fixed in the GNU tar archiving utility. For Debian 9 stretch, this problem has been fixed in version
An out-of-bounds buffer read on truncated key frames in vp8_decode_frame has been fixed in libvpx, a popular library for the VP8 and VP9 video codecs. For Debian 9 stretch, this problem has been fixed in version
Several vulnerabilities were fixed in libvorbis, a popular library for the Vorbis audio codec. CVE-2017-14160
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.
Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, which could result in denial of service, information disclosure or side-channel attacks.
Two issues have been found in libmodbus, a library for the Modbus protocol. Both issues are related to out of bound reads, which could result in a
The security update of Salt, a remote execution manager, to fix CVE-2021-21996 introduced a regression in salt/fileclient.py which raised an unexpected exception and made file.managed states fail.
An authenticated remote attacker can execute arbitrary code in Firebird, a relational database based on InterBase 6.0, by executing a malformed SQL statement. The only known solution is to disable external UDF libraries from being loaded. In order to achieve this,
Jonathan Schlue discovered a vulnerability in Salt, a powerful remote execution manager. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
Two issues have been found in netkit-rsh, client and server programs for remote shell connections. Due to insufficient input validation in path names sent by server, a
An issue has been found in axis, a SOAP implementation in Java. The issue is related to a cross-site scripting (XSS) attack in the default servlet/services.
Two issues have been found in atftp, an advanced TFTP client. Both are related to sending crafted requests to the server and triggering a denial-of-service due to for example a buffer overflow.
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
Multiple issues have been discovered in ffmpeg - tools for transcoding, streaming and playing of multimedia files. CVE-2020-20445