Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829
Comment
Archive for Debian Linux Distribution – Security Advisories
1153 results.
Several vulnerabilities have been discovered in the X.Org X server. Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges. In addition an ASLR bypass was fixed.
Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927
Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.
Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with
Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8619
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.
It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
Several vulnerabilities were discovered in net-snmp, a suite of Simple Network Management Protocol applications, which could lead to privilege escalation.
Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-12100
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to cross-site scripting vulnerabilities in handling invalid svg and math tag content.
A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the {::options /} extension is used together with the ‘template’ option.
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367
Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9862
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory.
The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue.
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary
Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-10713
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or an information leak.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure.
It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.
Two security issues were discovered in the Squid proxy caching server, which could result in cache poisoning, request smuggling and incomplete validation of hostnames in cachemgr.cgi.