Debian Linux Security Advisory 5725-1 - Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages.
368570aecf0054c3f66d17ebf21f445fdadd3ce2525c2403e800b2ff0ae2cba7
Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
5e87f7e6953882200bcca86b932c1100ae34b3674c68208e709aa0522427b2f9
Debian Linux Security Advisory 5723-1 - Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot.
d094060e8a5ac5460ee1d5657bb0131b141cdcd9719a309de73e431830a6a133
Debian Linux Security Advisory 5722-1 - It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.
5d3f151b82ee756d4a34d786a92a8a5dab96760b41c39b657649c82e788752ed
Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
21f2b3845d96fca85e03c04655429cf93116bcb7f68ef7655ff33b835b19fd32
Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
b5b11c86d2db811480610e8bc947b766a72e512e4421fd27ff4ece52e3fd3a96
Debian Linux Security Advisory 5719-1 - It was discovered that Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.
6867997ba29e8c30921f352dca465370f79599a16550115897cef830ef680378
Debian Linux Security Advisory 5718-1 - It was discovered that Org Mode for Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.
982625e13e05ce51f2d301e754f3692a03c4e5c495335abe87d88c84814ce7b9
Debian Linux Security Advisory 5715-2 - The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue.
799d48eeda4b760050468f7932257572bcdca586d1c840f6771d5c91c6ee011e
Debian Linux Security Advisory 5717-1 - It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL) for php8.2.
92ed7c890449f531251500f1e95cc20da6b79cdac44af4854cc9cef9c48a5005
Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c62d6a8690b7d7a9cda4fa67811a45a88793b027295217474d757bb13d189d7c
Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.
47524eaef79a18432c3a4ae5e3acd5c797c5783aef817def7aece996f17e03da
CrowdStrike discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
76f384d98ec58b42d0845da5a6f6ff864308dde40b2b6c466e6e929407bc0f85
Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.
414fe28d43c63628c7727e7dc813f24ee3af646af63e4134e6bac8a3e7c9927f
Debian Linux Security Advisory 5712-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
97ff16eab403fc385d9f0212e630320c5a0ebb1797101a08bda0043e22658ef9
Debian Linux Security Advisory 5711-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
d17594a754beaf5d96a94c366b79d806553846db144bb60489c7c58df38c05ef
Debian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
a94c3400d965474f472a6470d2cc5de01f3d9ff6f801375e77f029d1246035ca
Debian Linux Security Advisory 5709-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.
c2910ec4cc30703a12d312a112edb843f49618f603c0a026191280e7dddfef3a
Debian Linux Security Advisory 5708-1 - Damian Poddebniak discovered that the Cyrus IMAP server didn't restrict memory allocation for some command arguments which may result in denial of service. This update backports new config directives which allow to configure limits, additional details can be found at.
70eb25942337ab76e9c7ad5d061a4d5ff4412f5b6e6995e25486cb408f6e8b66
Debian Linux Security Advisory 5707-1 - A buffer overflow was discovered in the MMS module of the VLC media player.
553c64480f66e1d6da6a0dbd03a9bb0004a704108cfb14edfd9dd82463652b90
Debian Linux Security Advisory 5706-1 - An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
2a4e12eae0d33618be5490a3952a80ff5a5eeb5c8d09c4ba09e08cd94d67c7a5
Debian Linux Security Advisory 5705-1 - A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.
f34f6962364c552d9256ca00602911cad4b15031c32415eecc13a05289d3ac2c
Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.
39d19c693f17390d6a2ae39c504630ddbff9dabe4a9550c53beda72dd79c2817
Debian Linux Security Advisory 5703-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
1476333bf5c1e2baed03920f541d970630980c5dab7ff43468471a8a13244d8e
Debian Linux Security Advisory 5702-1 - An integer overflow in the EXIF metadata parsing was discovered in the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
49549d83b64002c3eecffa31a3c209c6e5c93494c0d9069cb4e8a66a6873588a