Debian: DSA-5138-1: waitress security update
It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed
It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed
Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.
Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate
Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the “security-restricted operation” sandbox. For additional information please refer to the upstream announcement
Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the “security-restricted operation” sandbox. For additional information please refer to the upstream announcement
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature consisting only of zeroes was always considered valid, making it trivial to forge signatures.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in information disclosure or denial of service. For the oldstable distribution (buster), this problem has been fixed
Two vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in information disclosure, incorrect validation of ECDSA signatures or denial of service.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
cleemy desu wayo reported that incorrect handling of filenames by xzgrep in xz-utils, the XZ-format compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.
cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.
A security issue was discovered in Chromium, which could result in the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities were discovered in Subversion, a version control system. CVE-2021-28544
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. For the stable distribution (bullseye), these problems have been fixed in
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22624
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22624
Sergei Glazunov discovered a security issue in Chromium, which could result in the execution of arbitrary code if a malicious website is visited.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Danilo Ramos discovered that incorrect memory handling in zlib’s deflate handling could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed.
A security issue was discovered in Chromium, which could result in the execution of arbitrary code if a malicious website is visited. For the stable distribution (bullseye), this problem has been fixed in
61 queries. 8.5 mb Memory usage. 4.791 seconds.