Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial-of-service or the execution of arbitrary code.
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.62, which includes additional changes. Please see the MySQL
CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
It was discovered that there was a cross-site scripting (XSS) vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 8 "Jessie", this problem has been fixed in version
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.
A regression was found in the recent security update for 389-ds-base (the 389 Directory Server), announced as DLA-1554-2, caused by an incomplete fix for CVE-2018-14648. The regression caused the server to crash when processing requests with empty attributes.
It was discovered that 389-ds-base (the 389 Directory Server) is vulnerable to search queries with malformed values in the do_search() function (servers/slapd/search.c). Attackers could leverage this vulnerability by sending crafted queries in a loop to cause DoS.
ClamAV is an anti-virus utility for Unix, whose upstream developers have released the version 0.100.2. Installing this new version is required to make use of all current virus signatures and to avoid warnings.
This is a follow-up update for the recently discovered -dSAFER issues reported by Tavis Ormandy. Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an
A vulnerability has been discovered in exiv2 (CVE-2018-16336), a C++ library and a command line utility to manage image metadata, resulting in remote denial of service (heap-based buffer over-read/overflow) via
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.
