Find the information you need for your favorite open source distribution .
Several vulnerabilities were discovered in rsyslog, a system and kernel logging daemon. When a log server is configured to accept logs from remote clients through specific modules such as 'imptcp', an attacker can cause a denial of service (DoS) and possibly execute code
It was found that libpgjava, the official PostgreSQL JDBC Driver, would be vulnerable if an attacker controlled jdbc url or properties. The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary
Fabian Vogt and Dominik Penner discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.
A vulnerability was reported in src:elog, a logbook system to manage notes through a Web interface. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not
Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate
Felix Wilhelm discovered that libxml2, the GNOME XML library, did not correctly check for integer overflows or used wrong types for buffer sizes. This could result in out-of-bounds writes or other memory errors when working on large, multi-gigabyte buffers.
Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other unspecified impact.
A couple of vulnerabilities were found in src:cifs-utils, a Common Internet File System utilities, and are as follows: CVE-2022-27239
The ffmpeg project released the new version 3.2.18 with fixes for various issues found by the OSS-Fuzz project. For Debian 9 stretch, this release is packaged in version 7:3.2.18-0+deb9u1.
