Debian Linux Security Advisory 4503-1 - Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.
a8d8ada5efc7a1f7a8e0ec5f175f4037Debian Linux Security Advisory 4502-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
f0c2ebdce0160a5b9361d2c979193080Debian Linux Security Advisory 4501-1 - It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete.
2f494ed81876da4980a4886bf4a0cbadDebian Linux Security Advisory 4500-1 - Several vulnerabilities have been discovered in the chromium web browser.
0a26a94638f18d9d2afa5452b6afe5fbDebian Linux Security Advisory 4497-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
5cbc4a8b5b504c3bf0d4fe88ab472dd3Debian Linux Security Advisory 4499-1 - Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
fd554244b6002a982c4336cba3bbee55Debian Linux Security Advisory 4498-1 - Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,
f671feb5b6060ba3dc083b00a174930cDebian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
2e627acdcf6a1822096135fb2a5e4739Debian Linux Security Advisory 4495-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
554e753dba15cc884dc560e11fa9aaedDebian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.
d6ebae333ce6ae47cb75a91aa720eec9Debian Linux Security Advisory 4493-1 - Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure.
4425ba69c4e109bad5da897ac9cbe1e2Debian Linux Security Advisory 4492-1 - A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation.
4d9c0eb1a4850c00c8ceea2eb3aa4461Debian Linux Security Advisory 4491-1 - Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands.
551b43ae70f5cc4ea6e88ecad29980adDebian Linux Security Advisory 4490-1 - Several vulnerabilities were discovered in Subversion, a version control system.
9180a18cc26b18a537b825faa654f18aDebian Linux Security Advisory 4488-1 - Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items that can be controlled by an attacker.
d0e35d3fb2d2bc03487dc5cafecefb20Debian Linux Security Advisory 4489-1 - Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.
7bc5b4e2bed563d32a8ab42c7caff1e1Debian Linux Security Advisory 4487-1 - User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features.
5bbf6d066b8bea4773e4a0ade1710cf6Debian Linux Security Advisory 4485-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
7f54ddee42a27699ac1ee592447ec22aDebian Linux Security Advisory 4486-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
13f220b44369eaa4bdc6c7b8a77dad6fDebian Linux Security Advisory 4484-1 - Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
492216f4fa5e3ebcc3b8f8c6ba353108Debian Linux Security Advisory 4483-1 - Two security issues have been discovered in LibreOffice.
8a8647cc7bb2c4ae00c94ccdad86b50eDebian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
98a6d07eeef8d662beb2fa0f236cb9d3Debian Linux Security Advisory 4481-1 - Harsh Jaiswal discovered a remote shell execution vulnerability in ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitable when using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input.
d13f864cfef099af22088b79edee68a4This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.
5d1fdb4c7a1abc1fbc3c13a84a4a2eefDebian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
e5f6048460ebffda11af0a60dbde63a3
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed