Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945
Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.
ee33fda52165e0797d00ba28edf1c0746142b6af8db3080011d86af844a64baa
Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
4cbadb48dda00be85d46d8fcccadc0b92923c8219c7569b6d2df731ece4d0271
Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.
8a07ccb73b022376fe2ad526d9e79f96a2d1684fb96135ae73b42313547393c9
Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.
a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Debian Linux Security Advisory 5636-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
45d2b3cd49f8d7b927168d63079c93e103a1882ab4c21a082c2c055ab0617188
Debian Linux Security Advisory 5635-1 - Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting.
dcdab1d7f7cf4e649af57210018d82164536fd3183f20fc49dc2b55a1e94d866
Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
5032165cc7d2def71ec656d9925738a3e7469e9cac4fa279cf0253001be4725e
Debian Linux Security Advisory 5633-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against Knot Resolver, a caching, DNSSEC- validating DNS resolver.
8e6d005043bd7886936a3247ec7c5c1129b630b1592e9f24492ea9653d4467d0
Debian Linux Security Advisory 5631-1 - It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode.
47a934b5ac3f1708759ab799a958d93a60179f6a1700104e3edfe19ebc9732ce
Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
d28bce415e0153870f51c0a3a90c6dc32c960f44d25427214d3938b5389f18eb
Debian Linux Security Advisory 5629-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
fe6f1b5481a47f52acca8337fa69156b933a7a36fb449ecf930207ee4aae57f8
Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
f3cb8b62b33597d095e3b6b6dd3d138b869540fe77fdd212e1777a113e936759
Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
fecc020dcddb2184341c57558aa3f486e8ee301dd59c165be89472e03edd082b
Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.
49eaeb41d9120ce6fe9d1df8ab49ae3be8aab753012780b8c6b75059b99b0463
Debian Linux Security Advisory 5625-1 - It was discovered that Engrampa, an archive manager for the MATE desktop environment was susceptible to path traversal when handling CPIO archives.
9a1c7ac8fc318436774871b923098a3518f8bb8e1317c906db1ea7b583840645
Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
edeab3ca9fb62395b5cb0f4a0f796af3d4f2e0bf05a3127e4d9d601b63ad671c
Debian Linux Security Advisory 5623-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
60cfc70c245b50a553abe7492f6f4796b0b1935d25a2303d17029506ca738d31
Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
40f3d30ceb5a2b0a18009f042e47d7918427787875623bbdcfcb50b9a8856397
Debian Linux Security Advisory 5621-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.
c8c07e1985655854dd15f5e76e52c42de91372742f9064ab63788fb3a08e6280
Debian Linux Security Advisory 5620-1 - Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.
2128e1a0af0c67ffe2e1ffb50d3a9242efd9702a50aab4893ca90d85956fa4c9
Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
b5b61e9260d27d3a7d3bb35be908e3bb339c27baee2663ef2807a5082827d7b9
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
6da18f2f63505ce1e7bc16caeda8561a73818bb23b24d17427a1f16b8fcfce64
Debian Linux Security Advisory 5617-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
fc899430ebda7fcd3a6599b53dfe6281119ed904cdfca2a5fa83b6eeff455142
Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.
cb1891138c71065ba8a31de094547c27038e14dbb35d632d940934fd3474f59c