Debian Linux Security Advisory 5132-1 - It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature consisting only of zeroes was always considered valid, making it trivial to forge signatures.
bab2651056eec34cd38c153621217cc6e58c7743c8c929188f51fbfec5fc2427Debian Linux Security Advisory 5133-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
57990d647a23586c852204bc219b23e57c397992ca00db3c856fe2e4844ce6d4Debian Linux Security Advisory 5134-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
cd9bfbaa976483120b68c8b03af947fe533ef547e5c7b967065f5a35af94391aDebian Linux Security Advisory 5135-1 - Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox.
1b401aa5d4faa58548f69e0c306dce3fb91d1605a94358de2d2d830a3feb50ecDebian Linux Security Advisory 5136-1 - Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox.
4c672e27969980ce314a521bcf42a8214533fcf51ff7393b899bb81a6e6a4124Debian Linux Security Advisory 5137-1 - Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
4052b1ab98ef2e147520dccc60d5f2db6e5257cadadb6200c821a45e46034e08Debian Linux Security Advisory 5138-1 - It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy.
2241679089dfb2966fd3c78912099e814e096ae44b74700360ba421e521a24f4Debian Linux Security Advisory 5139-1 - Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.
ef79c3ca5c1efbccff9dc61bd33193432c830b87ff4fe6b1269b865f1331e44aDebian Linux Security Advisory 5140-1 - Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter is processed.
9897ab545bd716606e3e6dc857fdce950165ee9eb718713839521fe2b0e5c7acDebian Linux Security Advisory 5141-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
8c69e58ff6fd8a15b274c5e5925bd966552c280196add1a118f5482dd4db06ddDebian Linux Security Advisory 5142-1 - Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don't check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker can take advantage of this flaw for denial of service or execution of arbitrary code.
d4a5de6c433d8932bfac95c14e7d17313f17485d12ef245980c2d355ccea4c7fDebian Linux Security Advisory 5143-1 - Manfred Paul discovered two security issues in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.
8b87e1bbb584ee22014d3de52a20b9892c1b3cb895f0b4f0b2ddfa3f1c9f1754Debian Linux Security Advisory 5144-1 - Several flaws have been discovered in HTCondor, a distributed workload management system, which allow users with only READ access to any daemon to use a different authentication method than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user and submit or remove jobs.
221966fc0d5bbbb92aa90c216a0a0d749b2d2c360a5f461a9ee3da7a2fcb032bDebian Linux Security Advisory 5145-1 - Multiple vulnerabilities have been discovered in the lrzip compression program which could result in denial of service or potentially the execution of arbitrary code.
66f94d48f94a0dbdd6f674c936616ecb8a04e5c301a5d1dcfcfd395568527befDebian Linux Security Advisory 5146-1 - Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure.
875d2755cc0a513d860625e8cd44e53f4aa7ee7212205db738d63af27b06de7aDebian Linux Security Advisory 5147-1 - Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.
ccab37e95da7246c12fd05c22d773941aa0f6800abc88e264138bd5800ed2fe6Debian Linux Security Advisory 5148-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
11b4c3b58a4df38465e63100eaa00ffa6fa91183274f0304e9dce28606c84261Debian Linux Security Advisory 5149-1 - Joshua Mason discovered that a logic error in the validation of the secret key used in the "local" authorisation mode of the CUPS printing system may result in privilege escalation.
74aae0a48fa08ffb2fafa3f3655e5642898226415b1ab6ee8b3cc0c988ef5a47Debian Linux Security Advisory 5150-1 - Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code.
e4778e769832dd9146a37a7c1719d90772ee712460dc84d2d00fa1c1d0f9272eDebian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369Debian Linux Security Advisory 5152-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks.
dea8a4d186b3ba2374c2c35f162c853daba79271121331f7a2311b97adb1151cDebian Linux Security Advisory 5153-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks.
389b35955d8c0fde96ec34613a1833bbb3753f489c93840f576b033f9eafa474Red Hat Security Advisory 2022-4767-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.
255ffd60012a9cf4010d4d25aa5b735cffc4b23c57768179f1d086545260ced3Red Hat Security Advisory 2022-4774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
c2e80171284f4ddd237f860ff5d9e30440c56ecc650ac18d285e394dec038cdbRed Hat Security Advisory 2022-4773-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
90164a3813e71e6602ce5a8e1b5767092becc6c31e69d4b0bb7103b81ecf6713
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed