Debian Linux Security Advisory 4581-1 - Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.
138a8c7ad170b8b560c153c2f2dd3395Debian Linux Security Advisory 4580-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
5176500062acdb776a9d23f488f2b8a8Debian Linux Security Advisory 4579-1 - Two vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service and potentially the execution of arbitrary code.
2bef598cf156091dbae46fa68159b7c8Debian Linux Security Advisory 4578-1 - Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
8d73be098508bd36c628ce84936f91c2Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
136682b36788547ff6b9f48e09a65017pari/gp versions 2.9.1 on Debian Stretch and 2.11 on Debian Buster allow arbitrary file write and hence arbitrary code execution.
0ecadd450355ff88db28e7b58b63b32aDebian Linux Security Advisory 4576-1 - An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code.
1c0c97a2183857fe2d941f5ce7401bafDebian Linux Security Advisory 4575-1 - Several vulnerabilities have been discovered in the chromium web browser.
5f48a85cea6403bd24799545742c25aeDebian Linux Security Advisory 4571-2 - DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster.
921ba93c0e55c93d1331776b5d4ceaffDebian Linux Security Advisory 4574-1 - Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting.
6bfddcb9e5a9bb231d148e5d90237d2aDebian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
acccbf4720ec0e008144ea8d17fd7c82Debian Linux Security Advisory 4572-1 - It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection.
a1179cf3fb2ace5df8619e84b931b2c5Debian Linux Security Advisory 4571-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.
efc9c0ea3531da747ebe551da4587b93Debian Linux Security Advisory 4570-1 - A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy.
d38cc5361b20fa3f0859c5027206cd80Debian Linux Security Advisory 4569-1 - Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
959d9141e9c917a14eafabc0da27c985Debian Linux Security Advisory 4568-1 - Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
d197437ba4eb0f0378e07f5635ab426bDebian Linux Security Advisory 4563-1 - These vulnerabilities have been discovered in the webkit2gtk web engine.
bdae95b27392a87d80e9b9cd0dff8b49Debian Linux Security Advisory 4567-1 - It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.
c9d3e2983ddd71f19660262b821b45f9Debian Linux Security Advisory 4566-1 - This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors (cf. DSA 4564-1).
6c10651280ea0b6c570a099acae56fa9Debian Linux Security Advisory 4565-1 - This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DSA 4564-1.
30b6f81bb1d50603c7ed82337d5113a2Debian Linux Security Advisory 4564-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
c9f2f8f2ab7eb7ff20f4ea3572236714Debian Linux Security Advisory 4562-1 - Several vulnerabilities have been discovered in the chromium web browser.
51e287808c40898ffae74b8b36159d0aDebian Linux Security Advisory 4561-1 - Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in denial of service or potentially the execution of arbitrary code, when processing a large number of unicode isolate directional characters.
ce1d8a43a11a6aafc4ddd0b0df7d4d8fDebian Linux Security Advisory 4560-1 - It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.
7e7a6b8efe14b279c471b4e19b7d85beDebian Linux Security Advisory 4559-1 - Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop.
0593df4978da5dc1e51ff3e39f464d16
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed