Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service if malformed image files are processed.
Archive for Debian Linux Distribution – Security Advisories
Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the oldstable distribution (buster), these problems have been fixed
Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning. For the oldstable distribution (buster), this problem has been fixed
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.
A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the “Set-Cookie2” header, which can result in an unbounded loop, causing a denial of service.
The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (‘:’ in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now
Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string. Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other
Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or sandbox bypass.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code. For the oldstable distribution (buster), this problem has been fixed
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images. For the stable distribution (bullseye), this problem has been fixed in
Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Brief introduction CVE-2021-36740
It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for
An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message. For the oldstable distribution (buster), this problem has been fixed
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22589
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22589
Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.
Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation.
Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database. For the oldstable distribution (buster), this problem has been fixed