Debian LTS Essential and Critical Security Patch Updates - Page 109
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
In the recently uploaded systemd security update (215-17+deb8u12 via DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.
Several issues have been found for gpac, an Open Source multimedia framework. Using crafted files one can trigger buffer overflow issues that could be used to crash the application.
It was discovered that there was a path traversal vulnerability in the "mercurial" distributed revision version control system. Symbolic links and subrepositories could be used defeat Mercurial's
Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be
Two vulnerabilities have been addressed in the systemd components systemd-tmpfiles and pam_systemd.so.
Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.
Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI) in wget, a network utility to retrieve files from the web, which could result in the execution of
Out-of-bounds read and write conditions have been fixed in clamav. CVE-2019-1787
debian-security-support, the Debian security support coverage checker, has been updated in jessie. The jessie relevant changes are: * Mark spice-xpi as end-of-life for Jessie.
It was discovered that there were a number of cross-site scripting vulnerabilities (XSS) in cacti, a web-based front-end for the RRDTool monitoring tool.
It was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format.
Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer over-reads and a memory leak may lead to a denial-of-service or information disclosure.
The update of jasper issued as DLA-1628-1 caused a regression due to the fix for CVE-2018-19542, a NULL pointer dereference in the function jp2_decode, which could lead to a denial-of-service. In some cases not only invalid jp2 files but also valid jp2 files were rejected.
Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service.
A security issue was discovered in the poppler PDF rendering shared library.
Multiple vulnerabilities have been found in suricata, the network threat detection engine: CVE-2018-10242
Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217
It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary
This regression update follows up on an upstream regression update [1] regarding CVE-2019-3859.