Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
Archive for December 27th, 2019
It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211
Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. For the oldstable distribution (stretch), this problem has been fixed
It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed. For the oldstable distribution (stretch), this problem has been fixed