Debian Linux Security Advisory 5344-1 - Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in incorrect validation of message integrity codes.
7c5ace0a61c41b914bf85d0ce46cb1382133026bec34cdba70e3112755a5d2d6Debian Linux Security Advisory 5343-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure.
4916517dff3b6d3fb82a697282b6e0fd5fe217beb0223ca7d7db63be7baf4ac1Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
d9cd986f6b68c068a98e8f263690e16240a4bad3bcee76be602630f0b4931e29Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
212adcea258405c894269cd25e16fe7f3b2e83a0c7c6ce5cef79396b0daf8325Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
7323df2630b7f04b8478335b4fa0c1fb95f5d7a7d242de527b89c6fa32c63eb3Debian Linux Security Advisory 5339-1 - Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes.
bf8cb8b66ff079009ce37d09bcafe99b7218495bbb1c7dae58b492f0c5bb6b15This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the tomcat user to root and fully compromise the target system.
0ac41921eb75c8008e9f94786db836a9f76e614d54c6925c606eecf1de5fb188Debian Linux Security Advisory 5338-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure.
c604abec12f33da162e6c4871d2162415ea1379e4e8220b00729b55a718ac756Debian Linux Security Advisory 5337-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure.
41d1c5abc2a1a62c08ba3eb73066cbcbc458374ae26b3e2144ac64570b6837b0Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.
bc6ab4a0b7055df6421e280d8c79365890cc6208df474d9e8eea9c6511672a72Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
38f95ee57d63d0e8b884ef1127b64a2ad246bd3ea2088d67b53d2f1ae8e3140bDebian Linux Security Advisory 5334-1 - Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability.
252078af082c9fffe4f816b645478a49bd303397f4456b2a82cf40274f3aa196Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641dDebian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
e8e33bb105428cea88e46086e63362e8bad0286aef80d357f8678c42d5b9f9b6Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
6cb75512f22c4b10076ab44d7a5c8a9b721c51a7afe86c31ff28c113d4b380f1Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
c6fc6848e50216229db276b6a61ea17d23706f3f9aadd8dd9c2779ef72f1c34eDebian Linux Security Advisory 5328-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
91c35b4374630099df6e3e88101b38be86922f1f9a29a741ff7a332e18ff8403Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
ba64112fea14b7f12cde8326a8cfc48e62b9135aea71c2d573ae11c8f1f09c61Debian Linux Security Advisory 5327-1 - Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure.
20319f5694f359b3f5e6755bbc554332f58cee3bf53b49ff6c8a343c2b78a07aDebian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
72e5be8502372f25a305cf0e5e848f49100f6c4c07231ed340c9052cb558a635Debian Linux Security Advisory 5325-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to SQL injection attacks, or bypass authorization access.
22c7169c00d84e1a0d28755fee189ae87a60630052483debb57ec686b0541e8cDebian Linux Security Advisory 5324-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
4738a5dd5b6f53a56ab15c9bc642f4b021b4a873119259aea80dd67e167ed354Debian Linux Security Advisory 5323-1 - It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.
313b77c59c1f5cfeb179c460ce914a4540b0ef907c09eba7848df15bdf973f2aDebian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
eb4baacbcf64fe1cdd00c7283b49fcb3f7f1bbde124afc14c22a6e4c843a15eeDebian Linux Security Advisory 5321-1 - Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the security policy, resulting in privilege escalation.
fed19510b58aa2b08c2e6cd8afc7e6d9a748bc823a0346d85f06d484c9fb17fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed