Debian LTS Linux Distribution - Page 9
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
This is a routine update of the distro-info-data database for Debian LTS users. It includes Ubuntu 24.10, and makes some minor updates to older EoL
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
A vulnerability has been found in the OpenJDK Java runtime, which may result in denial of service. For Debian 10 buster, this problem has been fixed in version
An upper bound check issue in `dsaVerify` function has been discovered in node-browserify-sign. This allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications.
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
Denys Klymenko discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code via a malicious text/html e-mail message with a crafted SVG document.
Multiple vulnerabilities were fixed in Ceph, a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.
It was found that D-Bus, a simple interprocess messaging system, was susceptible to a denial of service vulnerability if a monitor was being run.
It was discovered that there was a authentication bypass vulnerability in Redis, a popular key-value database similar to memcached.
Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c was fixed in krb5, the MIT implementation of the Kerberos network authentication protocol.
A memory leak was found in ruby-magick an interface between Ruby and ImageMagick, that could lead to a Deny of Service (DOS) by memory exhaustion.
It was discovered that there was a potential authorisation bypass vulnerability in Apache Zookeeper, a co-ordination service for reliable distributed applications.
The last update required an update to the database scheme, but as zabbix does not support upgrading the database scheme if SQlite3 is used, using zabbix-proxy-sqlite3 requires the user to drop the database and recreate it with a supplied sql template file.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or
Letian Yuan discovered a flaw in Apache Axis 1.x, a SOAP implementation written in Java. It may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.