Debian LTS Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two issues have been found in jbig2dec, a JBIG2 decoder library. One issue is related to an overflow with a crafted image file. The other is related to a NULL pointer dereference.
One security issue has been discovered in mosquitto: MQTT message broker. A null dereference vulnerability was found which could lead to crashes for applications using the library.
An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.
Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by
Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw
A regression was introduced in DLA-2768-1, where the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) interprets incorrect Apache configurations in a less forgiving way, causing existing setups to fail after upgrade.
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue.
Researchers at the United States of America National Security Agency (NSA) identified a denial of services vulnerability in strongSwan, an IKE/IPsec suite.
Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects.
DLA-2743-1 was issued for CVE-2017-5715, affecting amd64-microcode, processor microcode firmware for AMD CPUs. However, the binaries for the resulting upload weren't built and published, thereby preventing the users to upgrade to a fixed version.
Two security issue have been discovered in nghttp2: server, proxy and client implementing HTTP/2. CVE-2018-1000168
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Multiple vulnerabilites in ruby2.3, interpreter of object-oriented scripting language Ruby, were discovered. CVE-2021-31799
It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Two security issues were found in TIFF, a widely used format for storing image data, as follows: CVE-2020-19131
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and certain unintended API access.
Multiple security vulnerabilities have been discovered in fig2dev, utilities for converting XFig figure files. Buffer overflows, out-of-bounds reads and NULL pointer dereferences could lead to a denial-of-service or other unspecified impact.
Several vulnerabilities were discovered in the Apache HTTP server. An attacker could send proxied requests to arbitrary servers, corrupt memory in some setups involving third-party modules, and cause the server to crash.