Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Archive for Debian Linux Distribution – Security Advisories
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
cleemy desu wayo reported that incorrect handling of filenames by xzgrep in xz-utils, the XZ-format compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.
cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.
A security issue was discovered in Chromium, which could result in the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities were discovered in Subversion, a version control system. CVE-2021-28544
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. For the stable distribution (bullseye), these problems have been fixed in
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22624
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22624
Sergei Glazunov discovered a security issue in Chromium, which could result in the execution of arbitrary code if a malicious website is visited.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Danilo Ramos discovered that incorrect memory handling in zlib’s deflate handling could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed.
A security issue was discovered in Chromium, which could result in the execution of arbitrary code if a malicious website is visited. For the stable distribution (bullseye), this problem has been fixed in
Multiple vulnerabilities have been discovered in the freeware Advanced Audio Decoder, which may result in denial of service or potentially the execution of arbitrary code if malformed media files are processed.
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service if malformed image files are processed.
Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the oldstable distribution (buster), these problems have been fixed
Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning. For the oldstable distribution (buster), this problem has been fixed
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.
A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the “Set-Cookie2” header, which can result in an unbounded loop, causing a denial of service.
The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (‘:’ in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now
Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string. Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other
Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.