Debian Essential And Critical Security Patch Updates - Page 40

Debian: DSA-5076-1: h2database security update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console

LinuxSecurity.com Team
Feb 15, 2022

Debian: DSA-5075-1: minetest security update

Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if

LinuxSecurity.com Team
Feb 13, 2022

Debian: DSA-5074-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed

LinuxSecurity.com Team
Feb 13, 2022

Debian: DSA-5073-1: expat security update

Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

LinuxSecurity.com Team
Feb 12, 2022

Debian: DSA-5072-1: debian-edu-config security update

Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

LinuxSecurity.com Team
Feb 11, 2022

Debian: DSA-5071-1: samba security update

Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2021-44142

LinuxSecurity.com Team
Feb 11, 2022

Debian: DSA-5070-1: cryptsetup security update

CVE-2021-4122 Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk encryption configuration tool for Linux.

LinuxSecurity.com Team
Feb 10, 2022

Debian: DSA-5069-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

LinuxSecurity.com Team
Feb 09, 2022

Debian: DSA-5068-1: chromium security update

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

LinuxSecurity.com Team
Feb 07, 2022

Secure your Debian system: Ruby 2.7 patch DSA-5067-1 available!

Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service.

LinuxSecurity.com Team
Feb 03, 2022

Debian 11: DSA-5066-1 moderate: ruby2.5 multiple vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.

LinuxSecurity.com Team
Feb 03, 2022

Debian 10 & 11: DSA-5065-1 critical: ipython cross-user exploit

It was discovered that IPython, an enhanced interactive Python shell, executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to.

LinuxSecurity.com Team
Jan 31, 2022

Debian DSA-5064-1: python-nbxmpp critical DoS issue

It was discovered that missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it (such as Gajim).

LinuxSecurity.com Team
Jan 29, 2022

Debian Buster, Bullseye: DSA-5047-2 critical: prosody memory leak

The update for prosody released as DSA 5047 introduced a memory leak. Updated prosody packages are now available to correct this issue. For the oldstable distribution (buster), this problem has been fixed

LinuxSecurity.com Team
Jan 29, 2022

Debian 11 & 10: DSA-5063-1 critical: uriparser denial of service

Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code.

LinuxSecurity.com Team
Jan 26, 2022

Debian 11 DSA-5062-1 moderate: nss denial of service

Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in nss, the Mozilla Network Security Service library, may result in denial of service.

LinuxSecurity.com Team
Jan 25, 2022

Debian 11: DSA-5061-1 critical: wpewebkit arbitrary code execution

The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30934

LinuxSecurity.com Team
Jan 25, 2022

Debian: DSA-5058-1 openjdk-17 moderate: multiple security concerns

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure.

LinuxSecurity.com Team
Jan 25, 2022

Debian 11: DSA-5060-1 critical: webkit2gtk arbitrary code execution

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30934

LinuxSecurity.com Team
Jan 25, 2022

Secure your Debian system: fix DSA-5059-1 local privilege escalation!

The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec. Details can be found in the Qualys advisory at

LinuxSecurity.com Team
Jan 25, 2022