The security update announced as DLA 3093-1 which included fix for CVE-2022-32224 caused a regression due to incompatibility with ruby 2.5 version. We have dropped aforementioned fix. Updated rails packages are now available.
It was found that authenticated users could trigger a fault in Nova, a cloud computing fabric controller, to cause information leak. In addition, this update includes some fixes for volume live migration,
It was discovered that there was credential disclosure vulnerability python-oslo.utils, a set of utilities used by OpenStack. For Debian 10 buster, this problem has been fixed in version
It was discovered that there were two issues in connman, a daemon for managing internet connections within embedded devices: * CVE-2022-32292: Prevent an issue where remote attackers able to
Evgeny Legerov reported a heap-based buffer overflow vulnerability in the inflate operation in zlib, which could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed.
Linux 5.10 has been packaged for Debian 10 as linux-5.10. This provides a supported upgrade path for systems that currently use kernel packages from the "buster-backports" suite.
Two vulnerabilities were discovered in libxslt, an XSLT processing runtime library, that could result in denial of service or potentially the execution of arbitrary code if malicious files are processed.
It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code.
A heap-based buffer overflow flaw was found in libmodbus, a library for the Modbus protocol, which can be abused for a denial of service attack or memory corruption.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.
A heap-based buffer over write vulnerability was found in GhostScript, the GPL PostScript/PDF interpreter. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
A buffer overflow was discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.
It was discovered that there was an arbitrary object deserialization vulnerability in php-horde-turba, an address book component for the Horde groupware suite.
