Debian LTS Essential and Critical Security Patch Updates - Page 31

Debian LTS: DLA-3420-1: golang-websocket security update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An integer overflow vulnerability exists in golang-websocket, a Go package implementing the WebSocket protocol connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

LinuxSecurity.com Team
May 13, 2023

Debian LTS: DLA-3419-1: webkit2gtk security update

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-0108

LinuxSecurity.com Team
May 12, 2023

Debian LTS: DLA-3418-1: nvidia-graphics-drivers-legacy-390xx

NVIDIA has released a software security update for the NVIDIA GPU Display Driver R390 linux driver branch. This update addresses issues that may lead to denial of service, escalation of privileges, information disclosure, data tampering or undefined behavior.

LinuxSecurity.com Team
May 11, 2023

Debian LTS: DLA-3417-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or permission request bypass.

LinuxSecurity.com Team
May 11, 2023

Debian LTS: DLA-3416-1: emacs security update

Xi Lu discovered that missing input sanitizing in Emacs could result in the execution of arbitrary shell commands. For Debian 10 buster, these problems have been fixed in version

LinuxSecurity.com Team
May 09, 2023

Debian LTS: DLA-3415-1: python-django security update

It was discovered that there was a potential validation bypass in Django, a popular Python-based web development framework. Uploading multiple files using one form field has never been

LinuxSecurity.com Team
May 05, 2023

Debian LTS: DLA-3403-1: linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

LinuxSecurity.com Team
May 03, 2023

Debian LTS: DLA-3404-1: linux-5.10 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

LinuxSecurity.com Team
May 02, 2023

Debian LTS: DLA-3414-1: avahi security update

It was discovered that there was a local Denial of Service (DoS) vulnerability in Avahi, a system that facilitates service discovery on a local network.

LinuxSecurity.com Team
May 02, 2023

Debian LTS: DLA-3413-1: libdatetime-timezone-perl new timezone database

This update includes the changes in tzdata 2023c for the Perl bindings. For the list of changes, see DLA-3412-1. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
May 02, 2023

Debian LTS: DLA-3412-1: tzdata new timezone database

This update includes the changes in tzdata 2023c. Notable changes are: - - Revert Lebanon DST changes.

LinuxSecurity.com Team
May 02, 2023

Debian LTS: DLA-3411-1: distro-info-data database update

This is a routine update of the distro-info-data database for Debian LTS users. It includes the expected release date for Debian 12, adds Debian 14,

LinuxSecurity.com Team
May 01, 2023

Debian LTS: DLA-3410-1: openvswitch security update

David Marchand discovered that Open vSwitch, a multilayer, software-based, Ethernet virtual switch, was vulnerable to crafted IP packets with ip proto set to 0, potentially causing a denial of service.

LinuxSecurity.com Team
May 01, 2023

Debian LTS: DLA-3409-1: libapache2-mod-auth-openidc security update

Several vulnerabilities were fixed in libapache2-mod-auth-openidc, an OpenID Connect Relying Party implementation for Apache. CVE-2019-20479

LinuxSecurity.com Team
Apr 30, 2023

Debian LTS: DLA-3408-1: jruby security update

Several vulnerabilities were fixed in JRuby, a Java implementation of the Ruby programming language. CVE-2017-17742

LinuxSecurity.com Team
Apr 30, 2023

Debian LTS: DLA-3407-1: jackson-databind security update

One more gadget type (ignite-jta) is being blocked in the Jackson Data Processor library for processing JSON and other data formats in Java. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
Apr 30, 2023

Debian LTS: DLA-3406-1: sniproxy security update

An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS

LinuxSecurity.com Team
Apr 30, 2023

Debian LTS: DLA-3405-1: libxml2 security update

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

LinuxSecurity.com Team
Apr 30, 2023

Debian LTS: DLA-3402-1: wireshark security update

Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2023-1161

LinuxSecurity.com Team
Apr 29, 2023

Debian LTS: DLA-3401-1: apache2 security update

Several vulnerabilities have been discovered in apache2, a webserver that may be used as front-end proxy for other applications. These vulnerabilities may lead to HTTP request smuggling, and thus to front-end security controls being bypassed.

LinuxSecurity.com Team
Apr 24, 2023