Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
82af8b5f2df1dbee5f397fdec283ce1312ffcfd090e73923701d2913c7d88366
Red Hat Security Advisory 2021-2147-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
6aee07fca9b8500397e195d8b44bf16ccde143d5e4e22f12dbb91af89d120f57
Red Hat Security Advisory 2021-2145-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime.
92bbc6eb9ea686ce33c222dbcf938d193f7b48b7fead884a832d0a3f105fc160
Red Hat Security Advisory 2021-2144-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
742bf71ea07a32f9899dc8ae4b57c27371cfb3e9a6e4e3b8868c253deb322207
Debian Linux Security Advisory 4899-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.11.
f70ba620a0f91af5f16feb81d31fee9120de509e3d414a516cbeb63fb061c53c
Debian Linux Security Advisory 4909-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
cc2264904e48cc7cf43a7849bdc0b950295b34a952297af0c847735cf51a4c53
Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239
Debian Linux Security Advisory 4911-1 - Several vulnerabilities have been discovered in the chromium web browser.
9deddc747716a9eff5ebd513469e72f12768fb8e205c29e0ae517708389745cb
Debian Linux Security Advisory 4912-1 - The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.
986ef7b5faca7b5ab9eda7cfc9036602582d7c35963a2717cb60fd735a20e638
Debian Linux Security Advisory 4913-1 - Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files.
d5975d6183305aa7875bda6e752956e293def2561c07d0ff9a6e81105723d04c
Debian Linux Security Advisory 4914-1 - A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file.
5e62c3aecd9f57c1900b6a2895922bf1fbc5c8e2c7146e715c7a80bbfdd3ed22
Debian Linux Security Advisory 4915-1 - Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content.
749e89fc19223613bc0b6d01019d6a1ee0542a88c8aab17b2b1997127d5c70d6
Debian Linux Security Advisory 4916-1 - Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure.
cb46dc40512c3421c85d51fd617a841d7e020b87c87e4b6e511a33c6a0457dda
Debian Linux Security Advisory 4916-2 - The update for prosody released as DSA 4916-1 introduced a regression in websocket support. Updated prosody packages are now available to correct this issue.
dc006cd45dc6b2832b43551e25922ce746feecf07bca993f55194aa3fa68da82
Debian Linux Security Advisory 4917-1 - Several vulnerabilities have been discovered in the chromium web browser.
f6da704e89650adf1400be4cf1e03dfd6ea356481e8c080e1b7405b82d00e77e
Debian Linux Security Advisory 4918-1 - Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources.
aad43033fd2d923343981ed3f9f6cf6e629a5e445a969a1991a2feeb576f243c
Debian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.
41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91
Debian Linux Security Advisory 4920-1 - Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code.
4394a56178b38b24b98deb1792eadb7d5bae57faddf795c0673c26d8cf9b1b4f
Debian Linux Security Advisory 4921-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
09f330ad84d8d271d1fb4c1e34cc1a82845cc410ad88e9e1ad526b84cb5e3cec
Debian Linux Security Advisory 4922-1 - Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed.
285e96294fff62bc4ef42f9493107e61acf632573049b66584b40c1760babad2
Debian Linux Security Advisory 4923-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
107386cc474594875c7686aa1fdf20fd6c91795fe2bf2fa5c4f38b265efe74ea
Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755
QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880
Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.
e9cc2d12e74cf591ba5ef27f62ce025cf56eca8cf710a2e58d5e1102895452d6
Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.
be06ea6c2a98df3627755ff70eeb0760f093153455bffd6255cef51b438c3d29