Debian Security

Message

Failed loading XML...

Debian: DSA-4990-1: ffmpeg security update
LinuxSecurity Advisories Oct 19, 2021 | 14:51 pm
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Read more...
Debian: DSA-4989-1: strongswan security update
LinuxSecurity Advisories Oct 18, 2021 | 17:17 pm
Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite.
Read more...
Debian: DSA-4988-1: libreoffice security update
LinuxSecurity Advisories Oct 16, 2021 | 15:23 pm
Two security issues have been discovered in LibreOffice's support for digital signatures in ODF documents, which could result in incorrect signature indicators/timestamps being presented.
Read more...
Debian: DSA-4987-1: squashfs-tools security update
LinuxSecurity Advisories Oct 15, 2021 | 08:58 am
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem[…]
Read more...
Debian: DSA-4984-1: tomcat9 security update
LinuxSecurity Advisories Oct 14, 2021 | 16:33 pm
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service. For the oldstable distribution (buster), these problems have been fixed
Read more...
Debian: DSA-4985-1: wordpress security update
LinuxSecurity Advisories Oct 14, 2021 | 10:46 am
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users.
Read more...
Debian: DSA-4984-1: flatpak security update
LinuxSecurity Advisories Oct 12, 2021 | 17:27 pm
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by[…]
Read more...
Debian: DSA-4983-1: neutron security update
LinuxSecurity Advisories Oct 10, 2021 | 14:06 pm
Pavel Toporkov discovered a vulnerability in Neutron, the OpenStack virtual network service, which allowed a reconfiguration of dnsmasq via crafted dhcp_extra_opts parameters.
Read more...
Debian: DSA-4982-1: apache2 security update
LinuxSecurity Advisories Oct 8, 2021 | 16:56 pm
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition a vulnerability was discovered in mod_proxy with which an attacker could trick the server to forward requests to arbitrary origin servers.
Read more...
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Debian ≈ Packet Storm Jul 21, 2021 | 16:10 pm
Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more...
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pm
Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more...
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pm
Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more...
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pm
Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more...
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pm
Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more...
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pm
Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more...
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pm
Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more...
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pm
Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more...
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pm
Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more...
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pm
Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...