Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876
Archive for Debian
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17481
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code.
Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.
Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of “apply_extra” scripts which could potentially result in privilege escalation.
The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information.
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer.
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (jessie), these problems have been fixed