Gentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.
7d524441ccd8474adf4b85bdd76aa9cb9c85c2b7ff7a88a04dffde4e91306901
Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.
0599be6b3cfb387f0c1c305c18e99a24d7e7aabf6f5bb1820cebfd59b75b191b
Red Hat Security Advisory 2021-0299-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.
47a6c099170886d0dfec4ce713a988a2cfc638ff6c8591e9a90a90b77ed1376e
Gentoo Linux Security Advisory 202101-37 - A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code. Versions less than 3.0.12.1 are affected.
4f3ec9b81da7090724694c74da49a355c57de39fca2fc9b1a27a44eb6f0dc55a
Gentoo Linux Security Advisory 202101-36 - A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution. Versions less than 6.9.11.41-r1 are affected.
c2ba100de84f7d1fd8ec3787eaeac17dfcce035fef1ed1f023f21d07def2b642
Red Hat Security Advisory 2021-0298-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.
3522adef5d9665bda2b6a20a4478bdf85a0af546dacec458397fbdd1752a84dc
Red Hat Security Advisory 2021-0297-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.
238fdcbe4d4917b8291e1febe41d0d12f2e523bf85472e50e2b701209c7c7d4b
If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.
c6a21c4fe097d825b800e707fc854c169f367c24e1653ab4813d566b22024d97
Debian Linux Security Advisory 4824-1 - Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.
78ae179da093a6a577d6550cb23d27e5e249f89eb26dccf78b4377df3c7b642d
Debian Linux Security Advisory 4825-1 - Several vulnerabilities have been discovered in the Dovecot email server.
cf693b635e996bdc26281c39413a36a22f79f81d8a17b14eed1e84213499f91a
Debian Linux Security Advisory 4826-1 - Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling.
e2b5d65d7f6f0ab587468c3f477ba1e069f60f0a6607c72f983e63a159263283
Debian Linux Security Advisory 4827-1 - A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
9416f0cae0c06d14ac73984ac9dc8c0775d5c30fe49312106293817720a26170
Debian Linux Security Advisory 4828-1 - Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling.
23076c5eeea51b7e0850ffd341eb9d56280a3057689e9fd411b78f5822b86f73
Debian Linux Security Advisory 4829-1 - A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses (127.x.x.x and ::1). A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the loopback interface. If listening on IPv6 the loopback interface can also be reached by using either [::1] or [::] as the address.
0e50e94f21084349379aee27ae6a0c950c9d141059b68a995c92c65ef2de6f30
Debian Linux Security Advisory 4830-1 - Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).
bc10e6a3a810afe88ce0900a3775ebba92614ba5c237107563fc42249fbbfdb4
Debian Linux Security Advisory 4830-2 - The update for flatpak released as DSA 4830-1 introduced regressions with flatpak build and in the extra-data mechanism. Updated flatpak packages are now available to correct this issue.
9a05357fb42191b23127bcf9b39593397fad5dc139a8541bf2faed24ee7012d9
Debian Linux Security Advisory 4831-1 - Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack.
c44d3382c1f80e8cf0550616c6754cf2d8909778050390bda5bc76cc7db10c35
Debian Linux Security Advisory 4833-1 - Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.
c2777b102bdfdee0452abcc6cfcef4778c25b2bdc0dbd5a8f64f82e7cb34eb30
Debian Linux Security Advisory 4833-2 - The update for gst-plugins-bad1.0 released as DSA 4833-1 choosed a package version incompatible with binNMUs and prevented upgrades to the fixed packages. Updated gst-plugins-bad1.0 packages are now available to correct this issue.
aa2703f9e2d7d434d025b60e7125e8730a007730118983af5de3116a493f80fc
Debian Linux Security Advisory 4834-1 - Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened.
544bd3fed5024bcefffcb2650cfc527c9dd86b0bc5d1dfb373dfa244f6ba1f62
Debian Linux Security Advisory 4835-1 - Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.
7f3756a8dc94a8beea932a635225c00aecca17b7645a6dfc7cb9022698d5f74f
Debian Linux Security Advisory 4836-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, a software-based Ethernet virtual switch, which could result in denial of service.
c2367cc4a03bf127469d0dadf14f09a6ec978d53c85712c68d452cdbd6c5656c
Debian Linux Security Advisory 4837-1 - Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH client.
1265eaac9da5321225abc341caa107482a2babd057291d3ade1956f641263f64
Debian Linux Security Advisory 4838-1 - Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipient parsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which could result in denial of service.
de785fa3ca42c9061cabf4657b2fc7f4d0a6b05b48e2daa4a2647917a226ef71
Debian Linux Security Advisory 4839-1 - The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.
e618531d43ceeb3d6e8d6ee5e3baaee28ecc28d7ebb4a21ac4e2bbab7d16d3f1