Debian LTS Linux Distribution - Page 5.95
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. CVE-2023-37457
Ansible a configuration management, deployment, and task execution system was affected by multiple vulnerabilities. CVE-2019-10206
Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617
A Buffer Overflow vulnerability has been found in osslsigncode, a OpenSSL based Authenticode signing tool for PE/MSI/Java CAB files, which possibly allows an malicious attacker to execute arbitrary code when signing a crafted file.
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool. Additionally, the command line tool does now:
Multiple security issues were discovered in SPIP, a content management system, which could lead to denial of service or information disclosure. For Debian 10 buster, this problem has been fixed in version
The initial fix for CVE-2023-6377 as applied in DLA 3686-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available.
Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors
It was discovered that there was a keyboard injection attack in Bluez, a set of services and tools for interacting with wireless Bluetooth devices.
It was discovered that there was a potential information disclosure vulnerability in HAProxy, a reverse proxy server used to load balance HTTP requests across multiple servers.
RabbitMQ is a multi-protocol messaging and streaming broker. The HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages by an authenticated user with sufficient credentials.
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
debian-security-support, the Debian security support coverage checker, has been updated in buster-security to mark the end of life of the following packages: * gnupg1: see #982258.
This update includes the latest changes to the leap second list, including an update to its expiry date, which was set for the end of December.
Rene Rehme discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code from attachment preview/download via crafted Content-Type and/or
Issues were found in ncurses, a collection of shared libraries for terminal handling, which could lead to denial of service. CVE-2021-39537
Multiple vulnerabilties have been found in Amanda,a backup system designed to archive many computers on a network to a single large-capacity tape drive. The vulnerabilties potentially allows local privilege escalation from the backup user to root or leak information
An issue (CVE-2022-48521) was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address
zbar, a barcode and qrcode scanner was vulnerable. CVE-2023-40889
[ NB: The original message sent included the wrong DLA reference ID. This message corrects the reference ID in the subject line. Everything else about the content of the former message, including the CVE identified as fixed and the version of the package in which it is fixed,