NTLUG | Debian / Debian browse

<< Mandriva | Distributions | Gentoo >>

On this page... (hide)

Community
Support
Debian Planet
Debian Security Notices
Debian Forum at linuxquestions.org

Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

DSA-5673-1 glibc - security update
Charles Fol discovered that the iconv() function in the GNU C library isprone to a buffer overflow vulnerability when converting strings to theISO-2022-CN-EXT character set, which may lead to denial of service(application crash) or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5673-1

DSA-5672-1 openjdk-17 - security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5672-1

DSA-5671-1 openjdk-11 - security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5671-1

DSA-5670-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldresult in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5670-1

DSA-5669-1 guix - security update
It was discovered that insufficient restriction of unix daemon socketsin the GNU Guix functional package manager could result in sandboxbypass.
https://security-tracker.debian.org/tracker/DSA-5669-1

DSA-5668-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5668-1

DSA-5667-1 tomcat9 - security update
Several security vulnerabilities have been discovered in the Tomcatservlet and JSP engine.
CVE-2023-46589
Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.
https://security-tracker.debian.org/tracker/DSA-5667-1

DSA-5666-1 flatpak - security update
Gergo Koteles discovered that sandbox restrictions in Flatpak, anapplication deployment framework for desktop apps, could by bypassed incombination with xdg-desktop-portal.
https://security-tracker.debian.org/tracker/DSA-5666-1

DSA-5665-1 tomcat10 - security update
Several security vulnerabilities have been discovered in the Tomcatservlet and JSP engine.
CVE-2023-46589
Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.

https://security-tracker.debian.org/tracker/DSA-5665-1

DSA-5664-1 jetty9 - security update
Jetty 9 is a Java based web server and servlet engine. It was discovered thatremote attackers may leave many HTTP/2 connections in ESTABLISHED state (notclosed), TCP congested and idle. Eventually the server will stop accepting newconnections from valid clients which can cause a denial of service.
https://security-tracker.debian.org/tracker/DSA-5664-1

DSA-5663-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode or clickjacking.
https://security-tracker.debian.org/tracker/DSA-5663-1

DSA-5655-2 cockpit - regression update
The update of cockpit released in DSA 5655-1 did not correctly builtbinary packages due to unit test failures when building against libssh0.10.6. This update corrects that problem.
https://security-tracker.debian.org/tracker/DSA-5655-2

DSA-5662-1 apache2 - security update
Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in HTTP response splitting or denial of service.
https://security-tracker.debian.org/tracker/DSA-5662-1

DSA-5661-1 php8.2 - security update
Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language which could result in secure cookiebypass, XXE attacks or incorrect validation of password hashes.
https://security-tracker.debian.org/tracker/DSA-5661-1

DSA-5660-1 php7.4 - security update
Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language which could result in secure cookiebypass, XXE attacks or incorrect validation of password hashes.
https://security-tracker.debian.org/tracker/DSA-5660-1

DSA-5659-1 trafficserver - security update
Bartek Nowotarski discovered that Apache Traffic Server, a reverse andforward proxy server, was susceptible to denial of service via HTTP2continuation frames.
https://security-tracker.debian.org/tracker/DSA-5659-1

DSA-5658-1 linux - security update
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or informationleaks.
https://security-tracker.debian.org/tracker/DSA-5658-1

DSA-5657-1 xorg-server - security update
Several vulnerabilities were discovered in the Xorg X server, which mayresult in privilege escalation if the X server is running privilegedor denial of service.
https://security-tracker.debian.org/tracker/DSA-5657-1

DSA-5656-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5656-1

DSA-5655-1 cockpit - security update
It was discovered that Cockpit, a web console for Linux servers, wassusceptible to arbitrary command execution if an administrative userwas tricked into opening an sosreport file with a malformed filename.
https://security-tracker.debian.org/tracker/DSA-5655-1

DSA-5654-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5654-1

DSA-5653-1 gtkwave - security update
Claudio Bozzato discovered multiple security issues in gtkwave, a filewaveform viewer for VCD (Value Change Dump) files, which may result in theexecution of arbitrary code if malformed files are opened.
https://security-tracker.debian.org/tracker/DSA-5653-1

DSA-5652-1 py7zr - security update
A directory traversal vulnerability was discovered in py7zr, a libraryand command-line utility to process 7zip archives.
https://security-tracker.debian.org/tracker/DSA-5652-1

DSA-5651-1 mediawiki - security update
Two security issues were discovered in MediaWiki, a website engine forcollaborative work, which could result in cross-site scripting or denialof service.
https://security-tracker.debian.org/tracker/DSA-5651-1

DSA-5650-1 util-linux - security update
Skyler Ferrante discovered that the wall tool from util-linux does notproperly handle escape sequences from command line arguments. A localattacker can take advantage of this flaw for information disclosure.
With this update wall and write are not anymore installed with setgidtty.
https://security-tracker.debian.org/tracker/DSA-5650-1

DSA-5649-1 xz-utils - security update
https://security-tracker.debian.org/tracker/DSA-5649-1

DSA-5648-1 chromium - security update
Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5648-1

DSA-5647-1 samba - security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,print, and login server for Unix, which might result in denial of serviceor information disclosure.
https://security-tracker.debian.org/tracker/DSA-5647-1

DSA-5646-1 cacti - security update
Multiple security vulnerabilities have been discovered in Cacti, a webinterface for graphing of monitoring systems, which could result incross-site scripting, SQL injection, or command injection.
https://security-tracker.debian.org/tracker/DSA-5646-1

DSA-5645-1 firefox-esr - security update
Manfred Paul discovered a flaw in the Mozilla Firefox web browser,allowing an attacker to inject an event handler into a privileged objectthat would allow arbitrary JavaScript execution in the parent process.
https://security-tracker.debian.org/tracker/DSA-5645-1

Community

Support

Debian Planet

Debian Security Notices

Debian Forum at linuxquestions.org