The webkit2gtk update released as 5527-1 introduced a regression that is causing programs such as yelp, liferea or gnucash to stop working in certain cases.
Francois Diakhate discovered that several race conditions in file processing of the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, could result in denial of service by overwriting arbitrary files.
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation
The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-28709
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure
Maxim Suhanov discovered multiple vulnerabilities in GURB2’s code to handle NTFS filesystems, which may result in a Secure Boot bypass. For the oldstable distribution (bullseye), these problems have been fixed
It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.
Multiple security vulnerabilities were discovered in libx11, the X11 client-side library, which may result in denial of service or the execution of arbitrary code.
Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code.
A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
The Qualys Research Labs discovered a buffer overflow in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the
Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.
Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. CVE-2021-34434
A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.
Mickael Karatekin discovered that the GNOME session locking didn’t restrict a keyboard shortcut used for taking screenshots in GNOME Screenshot which could result in information disclosure.
Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the stable distribution (bookworm), this problem has been fixed in
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed
60 queries. 8.75 mb Memory usage. 1.272 seconds.