Debian: DSA-4749-1: firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
Several vulnerabilities were discovered in net-snmp, a suite of Simple Network Management Protocol applications, which could lead to privilege escalation.
Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-12100
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to cross-site scripting vulnerabilities in handling invalid svg and math tag content.
A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the {::options /} extension is used together with the ‘template’ option.
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367
Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9862
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory.
The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue.
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary
Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-10713
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or an information leak.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure.
It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.
Two security issues were discovered in the Squid proxy caching server, which could result in cache poisoning, request smuggling and incomplete validation of hostnames in cachemgr.cgi.
An integer overflow flaw leading to a stack-based buffer overflow was discovered in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service (application crash).
Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the “relaxed” or a custom config allowing certain elements. Content in a
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in
Two security issues were found in libopenmpt, a cross-platform C++ and C library to decode tracked music files, which could result in denial of service and potentially the execution of arbitrary if malformed music files are processed.
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service.
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. For the stable distribution (buster), these problems have been fixed in
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9802
Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks.
The previous update for chromium released as DSA 4714-2 contained a flaw in the service worker implementation. This problem causes the browser to crash when a connection error occurs. Updated chromium packages are now available that correct this issue.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
61 queries. 8.5 mb Memory usage. 1.517 seconds.