Debian LTS Linux Distribution - Page 50
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two SQL injection vulnerabilities were discovered in SQLAlchemy, a SQL toolkit and Object Relational Mapper for Python, when the order_by or group_by parameters can be controlled by an attacker.
There were a couple of vulnerabilites found in src:python3.5, the Python interpreter v3.5, and are as follows: CVE-2021-3733
Stefan Walter found that udisks2, a service to access and manipulate storage devices, could cause denial of service via system crash if a corrupted or specially crafted ext2/3/4 device or image was mounted, which could happen automatically on certain environments.
CVE-2021-25219 Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to
Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial-of-service or the execution of arbitrary code.
Opening a crafted chm file could result in a buffer overflow in libmspack, a library for Microsoft compression formats. For Debian 9 stretch, this problem has been fixed in version
Several vulnerability have been fixed in libsdl2, the older version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
A vulnerability has been fixed in libsdl2, the newer version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects. CVE-2018-16062
Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or other unspecified impact.
An issue has been found in cups, the Common UNIX Printing System. Due to an input validation issue a malicious application might be allowed to read restricted memory.
This update includes the changes in tzdata 2021e for the Perl bindings. For the list of changes, see DLA-2797-1. For Debian 9 stretch, this problem has been fixed in version
This update includes the changes in tzdata 2021e. Notable changes are: - - Fiji suspends DST for the 2021/2022 season.
A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON inputs.
Two issues have been found in jbig2dec, a JBIG2 decoder library. One issue is related to an overflow with a crafted image file. The other is related to a NULL pointer dereference.
One security issue has been discovered in mosquitto: MQTT message broker. A null dereference vulnerability was found which could lead to crashes for applications using the library.
An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.
Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by
Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This