Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language. For the stable distribution (bullseye), this problem has been fixed in
Comment
Posts Tagged Debian Linux Distribution – Security Advisories
1153 results.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Nicky Mouha discovered a buffer overflow in ‘sha3’, a Python library for the SHA-3 hashing functions. For the stable distribution (bullseye), this problem has been fixed in
A heap use-after-free vulnerability after overeager destruction of a shared DTD in the XML_ExternalEntityParserCreate function in Expat, an XML parsing C library, may result in denial of service or potentially the execution of arbitrary code.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-43980
It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For the stable distribution (bullseye), these problems have been fixed in
A security issue was discovered in Chromium, which could result in the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.
The security update announced as DSA 5257-1 caused regressions on certain systems using the amdgpu driver. Updated packages are now available to correct this issue.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. In Debian the vulnerable code is in the bcel source package.
An integer overflow flaw was discovered in the CRL parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.
Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, SQL injection or cross-site scripting.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
It was discovered that insufficient validation of “vnd.libreoffice.command” URI schemes could result in the execution of arbitrary macro commands.
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. CVE-2022-2928
Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a simple interprocess messaging system, which may result in denial of service by an authenticated user.
Lahav Schlesinger discovered a vulnerability in the revocation plugin of strongSwan, an IKE/IPsec suite. The revocation plugin uses OCSP URIs and CRL distribution points (CDP) which
Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service.
Douglas Mendizabal discovered that Barbican, the OpenStack Key Management Service, incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policies.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-32886