Debian LTS Essential and Critical Security Patch Updates - Page 39

Debian LTS: DLA-3267-1: libxstream-java security update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

XStream serializes Java objects to XML and back again. Versions prior to 1.4.11.1-1+deb10u4 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code

LinuxSecurity.com Team
Jan 11, 2023

Debian LTS: DLA-3266-1: viewvc security update

It was discovered that there were two issues in viewvc, a web-based interface for browsing Subversion and CVS repositories. The attack vectors involved files with unsafe names; names that, when embedded into an HTML stream, could cause the browser to run unwanted code.

LinuxSecurity.com Team
Jan 11, 2023

Debian LTS: DLA-3264-1: ruby-sinatra security update

It was discovered that there was a potential reflected file download (RFD) vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename.

LinuxSecurity.com Team
Jan 10, 2023

Debian LTS: DLA-3265-1: exiv2 security update

This update fixes a number of memory access violations and other input validation failures that can be triggered by passing specially crafted files to exiv2.

LinuxSecurity.com Team
Jan 10, 2023

Debian LTS: DLA-3263-1: libtasn1-6 security update

It was discovered that there was an off-by-one array size issue in libtasn1-6, a library to manage the generic ASN.1 data structure. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
Jan 09, 2023

Debian LTS: DLA-3262-1: smarty3 security update

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
Jan 05, 2023

Debian LTS: DLA-3261-1: libetpan security update

It was discovered that there was a potential null pointer dereference vulnerability in libetpan, an low-level library for handling email. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
Jan 05, 2023

Debian LTS: DLA-3260-1: node-xmldom security update

It was discovered that node-xmldom, a standard XML DOM (Level2 CORE) implementation in pure javascript, processed ill-formed XML, which may result in bugs and security holes in downstream applications.

LinuxSecurity.com Team
Jan 01, 2023

Debian LTS: DLA-3257-1: emacs security update

It was discovered that there was an issue in Emacs where where attackers could have executed arbitrary commands via shell metacharacters in the name of a source-code file.

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3259-1: libjettison-java security update

Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3258-1: node-loader-utils security update

Supraja Baskar discovered prototype pollution vulnerability in node-loader-utils, a Node.js module for webpack loaders. For Debian 10 buster, this problem has been fixed in version

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3253-1: openvswitch security update

It was discovered that there was an out-of-bounds read and integer underflow vulnerability in open vSwitch, a software-based Ethernet virtual switch.

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3254-1: exuberant-ctags security update

A flaw was found in the way the exubertant-ctags source code parser handled the "-o" command-line option which specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file could have resulted in arbitrary command

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3256-1: xorg-server security update

Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3255-1: mplayer security update

Several issues have been found in mplayer, a movie player for Unix-like systems. They are basically related to buffer overflows, divide by zero or out of

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3252-1: cacti security update

Multiple security vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems, which may result in information disclosure, authentication bypass, or remote code execution.

LinuxSecurity.com Team
Dec 31, 2022

Debian LTS: DLA-3251-1: libcommons-net-java security update

ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the

LinuxSecurity.com Team
Dec 29, 2022

Debian LTS: DLA-3250-1: multipath-tools security update

Multiple issues were found in multipath-tools, a tool-chain to manage disk multipath device maps, which may be used by local attackers to obtain root privileges or create a directories or overwrite files via symlink attacks.

LinuxSecurity.com Team
Dec 29, 2022

Debian LTS: DLA-3249-1: mbedtls security update

Multiple security vulnerabilities have been discovered in mbedtls, a lightweight crypto and SSL/TLS library, which may allow attackers to obtain sensitive information like the RSA private key or cause a denial of service (application or server crash).

LinuxSecurity.com Team
Dec 26, 2022

Debian LTS: DLA-3248-1: libksba security update

An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.

LinuxSecurity.com Team
Dec 24, 2022