Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.
c7cd6edc99b5ce7844173fe4d604a48697cb21e1fdd4652f16343b8de2a04955
Debian Linux Security Advisory 5542-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
21987c129e7f038834496daa8b4bb9533290aebfe3172991bd4e6b20ca3959b7
Debian Linux Security Advisory 5541-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
c0e0249164fd47321acc5693b290a1534941789af87d3a335b2f846ab218b78d
Debian Linux Security Advisory 5540-1 - Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
19d34104164c646ad6b0f2161a5af11a88009b06f4e5e247a2834dd69e90401a
Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
bd4d2f5bb4a56492acf5a0f3f5a7176edb7f3f2a9e00ffd9fa12ec5357176f21
Debian Linux Security Advisory 5538-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
13d430a698ce0376929e6fb9fcb25cf1473b6d7614ae60cd378159bce26b0833
Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.
0eeed70553bfb9531621dba4f488f4691219e3d5cde4d3a4e900f1210dea1363
Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
8dc27122c27d00fc7f75791b3d0ac5dda33c19caad3ed212f62aa04a79188200
Debian Linux Security Advisory 5535-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.
31326e3bd72b90ad6621e9d37862b27a7cad328df1c95186a8f867b22ff92361
Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
2d877389e6dc5bf119f1d41ac788f45ac3278834d8f069872721785ab249a780
Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
e81e72b3f33ad104bd4e5d6d63cad2f41395d2a21ad58de85a5bb5b09cd20348
Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.
0805665325be039bebf1106b9e5ef924fa2a8fe8807bc8c416268fe331d060a2
Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.
961824a129d751981518c8ecfbe654d441e2922aec3a9645d77dae20b42b7ecd
Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559f
Debian Linux Security Advisory 5527-2 - The webkit2gtk update released as 5527-1 introduced a regression that is causing programs such as yelp, liferea or gnucash to stop working in certain cases.
909e79d93d0d38387f3f75341947b7b503ff64d91efd8229a63c7f692cc14684
Debian Linux Security Advisory 5529-1 - Francois Diakhate discovered that several race conditions in file processing of the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, could result in denial of service by overwriting arbitrary files.
2cab2219e1844c1e5042a5b8b60c052e98d2ea56538c5e952de91f15a9d11ad3
Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
24e294103b57531588198722a8954c8fef2961b6fe2c3e09f03d5ab90505e314
Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.
8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ff
Debian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
b17a58234680a0c5aafdce8c0723d0bcd3b37e52e58f503e9d474637684d07e9
Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
d62707100da90e7c8560c32373576a042f7f047cdbc704242f9e1e1c250d8e49
Debian Linux Security Advisory 5526-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
46cb308795f98ff9a9e444ff6b114afd63592578e7be19a637bbd471ef7fa013
Debian Linux Security Advisory 5525-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
796922c8109c26f29b46a6c85521b96598f1e79e22b650b1166a48c9207bd4e0
Debian Linux Security Advisory 5524-1 - Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
0dc64d4ebf0f6239a32a14b6769b865a9f52d1ecca767b643d7833243549abdb
Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.
6f8cac21edc730d0834c13186c9df39c586cd8ff7546f9e0e8f727ca7b9552ec
Debian Linux Security Advisory 5522-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
f983a0a85802b2763746bf3bfa97b1786563f79ce2c2bd56f8c915338b5146ae