Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
debian-archive-keyring is a package containing GnuPG archive keys of the Debian archive. New GPG-keys are being constantly added with every new Debian release. For Debian 10 buster, GPG-keys for 12/bullseye Debian release are added
An out-of-bounds read was found in sctp_load_addresses_from_init. For Debian 10 buster, this problem has been fixed in version 0.9.3.0+20190127-2+deb10u1.
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Two denial of service vulnerabilities have been discovered in golang-yaml.v2, a library which provides YAML support for the Go language.
A memory leak has been found in yajl, a JSON parser / small validating JSON generator written in ANSI C, which might allow an attacker to cause an out of memory situation and potentially causing a crash.
Several vulnerabilities were fixed in the Python3 interpreter. CVE-2015-20107
An issue has been found in cups, the Common UNIX Printing System(tm). Due to a use-after-free bug an attacker could cause a denial-of-service. In case of having access to the log files, an attacker could also
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. CVE-2022-47184
A buffer overrun in format_timespan() has been fixed in systemd, the default init system in Debian. Additionally, fixes for getting property OnExternalPower via D-Bus
A flaw was found in the '/v2/_catalog' endpoint in 'distribution/distribution', which accepts a parameter to control the maximum number of records returned (query string: 'n'). This vulnerability allows a malicious user to
Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: CVE-2023-31130
Missing input validation in various functions may have resulted in denial of service in various functions provided by libx11, the X11 client-side library.
In OWSLib, a Python client library for Open Geospatial web services, the XML parser did not disable entity resolution which could lead to arbitrary file reads from an attacker-controlled XML payload.
Issues were found in lua5.3, a powerful, light-weight programming language designed for extending applications, which may result in denial of service.
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output
Avahi a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery, was affected by a Deny of Service. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.
Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery. For Debian 10 buster, this problem has been fixed in version
Multiple vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash or information leak.