Debian Linux Security Advisory 4946-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.12.
c68262c97d919eb578386a6d0bafebde010db2b518d3a8fc42fc6793711fbefdDebian Linux Security Advisory 4948-1 - A buffer overflow was discovered in the Aspell spell checker, which could result in the execution of arbitrary code.
db6ae2c528bbe2c12a3a26d362ab8c9477a19f2ded052f1126bc55ad336525a9Debian Linux Security Advisory 4949-1 - Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service.
36aa94d69a18cbcbfbe8632d49d6587502da2bc7f601b1dddaab1fd811d2bbcdDebian Linux Security Advisory 4950-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection. In addition a race condition in become_user was fixed.
ebc20b43ab01a59fe77b2563453e04e2e0c224cd419dac6ce5d62cf99236915eDebian Linux Security Advisory 4951-1 - Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack.
431d311d6156400aa4dd4fd7ef9b5e86f90421e808c0e7e5aa7f6a4c7ef192feDebian Linux Security Advisory 4952-1 - Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.
a979059d294f12b3682119262569f6b694fd38574412bff91d56a295359b1332Debian Linux Security Advisory 4953-1 - Thorsten Glaser and Axel Beckert reported that lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data.
35b46ce033be8cf57b331621640999d4df96db1956c4a4dc7bde2a5a846aae22Debian Linux Security Advisory 4954-1 - Philipp Jeitner and Haya Shulman discovered a flaw in c-ares, a library that performs DNS requests and name resolution asynchronously. Missing input validation of hostnames returned by DNS servers can lead to output of wrong hostnames (leading to Domain Hijacking).
0afbe743df467a029837a5ef0d6b4aca372c7816ee3d9c7768d240a3039adcedDebian Linux Security Advisory 4955-1 - Philipp Jeitner and Haya Shulman discovered a stack-based buffer overflow in libspf2, a library for validating mail senders with SPF, which could result in denial of service, or potentially execution of arbitrary code when processing a specially crafted SPF record.
6564d32f37928be06a9316fcdbbad6ae35a20a9b97b6589dd788e5a94c66328eDebian Linux Security Advisory 4956-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
159314f03c94060d1101ae48c34f241e429ec9fd329b884ff87cfda5209508e7Debian Linux Security Advisory 4957-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or cache poisoning.
ba6d55ba4643d5019068c3a8db53edc311218b25702c1dab84615cded98e95edDebian Linux Security Advisory 4958-1 - Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.
ce39898f17e1fdc88655eae8c1df6a05ea93369c0eca23b7aadf728f15c01b45Debian Linux Security Advisory 4959-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
ff98129ebd1fa410559c670f3f44a955e5253b4e998d707541f680b29e1ab353Debian Linux Security Advisory 4960-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling. By carefully crafting HTTP/2 requests, it is possible to smuggle another HTTP request to the backend selected by the HTTP/2 request. With certain configurations, it allows an attacker to send an HTTP request to a backend, circumventing the backend selection logic.
74a02124421182397f21d86ca1b1ff0cf7b0c64bd9aa38186fa98eaad1c5a405Debian Linux Security Advisory 4961-1 - Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service.
d8fd46641386674cf3a52e8f81848a25ad7fddb7438c710b83873a461be4de4cDebian Linux Security Advisory 4962-1 - The update for ledgersmb released as DSA 4862-1 introduced a regression in the display of some search results. Updated ledgersmb packages are now available to correct this issue.
4f9d4bf6b0e20a288cb975a798832a4dc31c818f95dace609059a514d2777a32Debian Linux Security Advisory 4963-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
7f1c8fe693e955cee08270c3932882796ea0d36a94ccf9ffa0552f25e4502d26Debian Linux Security Advisory 4964-1 - Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks.
9e6f0a7dbfa410df4fbfb4fdd4d7afb87834d40f87fd2d39991e605d11f976adDebian Linux Security Advisory 4965-1 - It was discovered that a buffer overflow in rekeying in libssh could result in denial of service or potentially the execution of arbitrary code.
51cf4039278881bec9f067e5cdcadada9c752de725e77c89140310d82ef1fcb8Debian Linux Security Advisory 4966-1 - Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code.
f9408c4f545796fa96a49fcae04173143c198d71051f29aba976ab36c3f54891Red Hat Security Advisory 2021-3235-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, bypass, code execution, out of bounds write, and privilege escalation vulnerabilities.
f286c4f6d85e2f33403a2dacd758e8f35f083b2b3b3b066fb546a1d7034c2479MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
240e952077e7ac9cc14568f3252a861b85070fac8297495363d4dcd7e1c1b786Red Hat Security Advisory 2021-3234-01 - Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Issues addressed include a buffer overflow vulnerability.
8ffa6e8c2b84659d3c0861d3b909f98b7167a2b94a019d9622740741fd969678
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed