Debian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
b17a58234680a0c5aafdce8c0723d0bcd3b37e52e58f503e9d474637684d07e9
Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450
Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.
e72295d670e7e8b3f6c6c48e0ae95f800f20359a421a53e4c43f767c101a0216
Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
71b51ce0cbe692a4624106eb180f6e02df450db451499c2178a3cc4a7dce2ff3
Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968
Debian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.
7c01fb86e171c48aa3e6e49b606b9a1e9e94d6901619b80a625f9b7c0c78d71d
Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.
848c3eb00844f54221e2042582ec3fba9c8596a608dd661ee1ed3f8fdc13fcb6
Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.
82de0800c15326cda8e2ec48a7a9ac834e43a7b5df1a83b728c5aa0d720510f6
Debian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.
b6337585790cbaa70a41e8a15f2ad98e6536faf0969ee375b41118d80a7b921e
Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.
da1a2bf303b76bf5b59ef18ad2eeec728100c65453b3bc10e1110a4736295ee6
Debian Linux Security Advisory 2521-1 - Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service.
e656b5f8b74e0105d5b6c25f41ba8ad7377e56f0f8c359117989a9809d927026
Debian Linux Security Advisory 2519-2 - It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process.
56cde2d842365388e86b4e3822e43e10f8a15d275662e2a0613a84e1fe731f1c
Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
01058fb3e73899f5614de4378a1f281d11b663b075a75d78a87026487124e896
Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.
e479c19eca6b0a977ba08f2378c2c6d472b961bb6278e8c807d1506c363ab2e5
Debian Linux Security Advisory 2518-1 - Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.
c345c3a09eb83c7948689c2f863b0f6c17f32c2ddaaa2bf52d96090953f5df04
Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.
1264cbf6ebe6d856f52045f33b4880823f6d6637579867ab6419f12fcd0c8aa0
Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.
074f53e4757eadf5549b496a0e1a2f3052b4631cb7e6cc36d0f0d9d7d8165ad8
Debian Linux Security Advisory 2508-1 - Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
7aebd5ce5840f094d51d7679c7d9ff0704d0af681bb872fa59cd27000b552673
Debian Linux Security Advisory 2515-1 - Marek Varusa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.
3ecea29cebf4040755be7ba8d1e9e672935487aed2514cec7fe75aaf04f83bbd
Debian Linux Security Advisory 2513-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
ecdacb7db4117e0389ca3b7ac3b6bbf964b7f0e66d078e72b75033ee15856f52
Debian Linux Security Advisory 2514-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
08ed07a52f9fc632f7d8f0aac7a681d5acb3c3af3b1df7538cb4e59ae3d36fa4
Debian Linux Security Advisory 2510-1 - John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7a307ddf24090eefa041b944a0af6e44012d5cbdc1073972a4d8197542e67756
Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
dd9f44430c3792f55cfd3b79094cd29f9db03840ccee1c6521b22f3081775a29
Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937
Debian Linux Security Advisory 2509-1 - Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.
34f459309c2d1dcbc50629b0c7d27153a6e3700d8fdab0296501357511e10da3
Debian Linux Security Advisory 2507-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
b0244e3fc8a1587ecc002656ff83e52a4aae4842334ff06a0187de6bedf0d996