Debian Linux Security Advisory 5132-1 - It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature consisting only of zeroes was always considered valid, making it trivial to forge signatures.
bab2651056eec34cd38c153621217cc6e58c7743c8c929188f51fbfec5fc2427
Debian Linux Security Advisory 5133-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
57990d647a23586c852204bc219b23e57c397992ca00db3c856fe2e4844ce6d4
Debian Linux Security Advisory 5134-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
cd9bfbaa976483120b68c8b03af947fe533ef547e5c7b967065f5a35af94391a
Debian Linux Security Advisory 5135-1 - Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox.
1b401aa5d4faa58548f69e0c306dce3fb91d1605a94358de2d2d830a3feb50ec
Debian Linux Security Advisory 5136-1 - Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox.
4c672e27969980ce314a521bcf42a8214533fcf51ff7393b899bb81a6e6a4124
Debian Linux Security Advisory 5137-1 - Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
4052b1ab98ef2e147520dccc60d5f2db6e5257cadadb6200c821a45e46034e08
Debian Linux Security Advisory 5138-1 - It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy.
2241679089dfb2966fd3c78912099e814e096ae44b74700360ba421e521a24f4
Debian Linux Security Advisory 5139-1 - Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.
ef79c3ca5c1efbccff9dc61bd33193432c830b87ff4fe6b1269b865f1331e44a
Debian Linux Security Advisory 5140-1 - Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter is processed.
9897ab545bd716606e3e6dc857fdce950165ee9eb718713839521fe2b0e5c7ac
Debian Linux Security Advisory 5141-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
8c69e58ff6fd8a15b274c5e5925bd966552c280196add1a118f5482dd4db06dd
Debian Linux Security Advisory 5142-1 - Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don't check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker can take advantage of this flaw for denial of service or execution of arbitrary code.
d4a5de6c433d8932bfac95c14e7d17313f17485d12ef245980c2d355ccea4c7f
Debian Linux Security Advisory 5143-1 - Manfred Paul discovered two security issues in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.
8b87e1bbb584ee22014d3de52a20b9892c1b3cb895f0b4f0b2ddfa3f1c9f1754
Debian Linux Security Advisory 5144-1 - Several flaws have been discovered in HTCondor, a distributed workload management system, which allow users with only READ access to any daemon to use a different authentication method than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user and submit or remove jobs.
221966fc0d5bbbb92aa90c216a0a0d749b2d2c360a5f461a9ee3da7a2fcb032b
Debian Linux Security Advisory 5145-1 - Multiple vulnerabilities have been discovered in the lrzip compression program which could result in denial of service or potentially the execution of arbitrary code.
66f94d48f94a0dbdd6f674c936616ecb8a04e5c301a5d1dcfcfd395568527bef
Debian Linux Security Advisory 5146-1 - Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure.
875d2755cc0a513d860625e8cd44e53f4aa7ee7212205db738d63af27b06de7a
Debian Linux Security Advisory 5147-1 - Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.
ccab37e95da7246c12fd05c22d773941aa0f6800abc88e264138bd5800ed2fe6
Debian Linux Security Advisory 5148-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
11b4c3b58a4df38465e63100eaa00ffa6fa91183274f0304e9dce28606c84261
Debian Linux Security Advisory 5149-1 - Joshua Mason discovered that a logic error in the validation of the secret key used in the "local" authorisation mode of the CUPS printing system may result in privilege escalation.
74aae0a48fa08ffb2fafa3f3655e5642898226415b1ab6ee8b3cc0c988ef5a47
Debian Linux Security Advisory 5150-1 - Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code.
e4778e769832dd9146a37a7c1719d90772ee712460dc84d2d00fa1c1d0f9272e
Debian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369
Debian Linux Security Advisory 5152-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks.
dea8a4d186b3ba2374c2c35f162c853daba79271121331f7a2311b97adb1151c
Debian Linux Security Advisory 5153-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks.
389b35955d8c0fde96ec34613a1833bbb3753f489c93840f576b033f9eafa474
Red Hat Security Advisory 2022-4767-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.
255ffd60012a9cf4010d4d25aa5b735cffc4b23c57768179f1d086545260ced3
Red Hat Security Advisory 2022-4774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
c2e80171284f4ddd237f860ff5d9e30440c56ecc650ac18d285e394dec038cdb
Red Hat Security Advisory 2022-4773-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
90164a3813e71e6602ce5a8e1b5767092becc6c31e69d4b0bb7103b81ecf6713