Debian LTS Linux Distribution - Page 50.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerability have been fixed in libsdl2, the older version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
A vulnerability has been fixed in libsdl2, the newer version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects. CVE-2018-16062
Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or other unspecified impact.
An issue has been found in cups, the Common UNIX Printing System. Due to an input validation issue a malicious application might be allowed to read restricted memory.
This update includes the changes in tzdata 2021e for the Perl bindings. For the list of changes, see DLA-2797-1. For Debian 9 stretch, this problem has been fixed in version
This update includes the changes in tzdata 2021e. Notable changes are: - - Fiji suspends DST for the 2021/2022 season.
A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON inputs.
Two issues have been found in jbig2dec, a JBIG2 decoder library. One issue is related to an overflow with a crafted image file. The other is related to a NULL pointer dereference.
One security issue has been discovered in mosquitto: MQTT message broker. A null dereference vulnerability was found which could lead to crashes for applications using the library.
An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.
Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by
Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw
A regression was introduced in DLA-2768-1, where the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) interprets incorrect Apache configurations in a less forgiving way, causing existing setups to fail after upgrade.
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue.
Researchers at the United States of America National Security Agency (NSA) identified a denial of services vulnerability in strongSwan, an IKE/IPsec suite.
Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects.
DLA-2743-1 was issued for CVE-2017-5715, affecting amd64-microcode, processor microcode firmware for AMD CPUs. However, the binaries for the resulting upload weren't built and published, thereby preventing the users to upgrade to a fixed version.