1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
<< Mandriva | Distributions | Gentoo >>
Debian Security Notices
- DSA-5292 snapd - security update
The Qualys Research Team discovered a race condition in the snapd-confinebinary which could result in local privilege escalation.
- DSA-5291 mujs - security update
- DSA-5290 commons-configuration2 - security update
Apache Commons Configuration, a Java library providing a generic configurationinterface, performs variable interpolation, allowing properties to bedynamically evaluated and expanded. Starting with version 2.4 and continuingthrough 2.7, the set of default Lookup instances included interpolators thatcould result in arbitrary code execution or contact with remote servers. Theselookups are:
- DSA-5288 graphicsmagick - security update
It was discovered that a buffer overflow in GraphicsMagick, a collectionof image processing tools, could potentially result in the execution ofarbitrary code when processing a malformed MIFF image.
- DSA-5286 krb5 - security update
Greg Hudson discovered integer overflow flaws in the PAC parsing inkrb5, the MIT implementation of Kerberos, which may result in remotecode execution (in a KDC, kadmin, or GSS or Kerberos application serverprocess), information exposure (to a cross-realm KDC actingmaliciously), or denial of service (KDC or kadmind process crash).
- DSA-5285 asterisk - security update
Multiple security vulnerabilities have been found in Asterisk, an Open SourcePrivate Branch Exchange. Buffer overflows and other programming errors could beexploited for information disclosure or the execution of arbitrary code.
- DSA-5282 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, information disclosure, spoofing or bypass of the SameSite cookiepolicy.
- DSA-5281 nginx - security update
It was discovered that parsing errors in the mp4 module of Nginx, ahigh-performance web and reverse proxy server, could result in denialof service, memory disclosure or potentially the execution of arbitrarycode when processing a malformed mp4 file.
- DSA-5280 grub2 - security update
Several issues were found in GRUB2's font handling code, which couldresult in crashes and potentially execution of arbitrary code. Thesecould lead to by-pass of UEFI Secure Boot on affected systems.
- DSA-5279 wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform SQL injection, createopen redirects, bypass authorization access, or perform Cross-SiteRequest Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
- DSA-5278 xorg-server - security update
It was discovered that a buffer overflow in the _getCountedString()function of the Xorg X server may result in denial of service orpotentially the execution of arbitrary code.
- DSA-5277 php7.4 - security update
Multiple security issues were discovered in PHP, a widely-used opensource general purpose scripting language which could result in denialof service, information disclosure, insecure cookies handling orpotentially the execution of arbitrary code.
- DSA-5276 pixman - security update
Maddie Stone reported a heap-based buffer overflow flaw in pixman, apixel-manipulation library for X and cairo, which could result in denialof service or potentially the execution of arbitrary code.
- DSA-5275 chromium - security update
Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.
- DSA-5272 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, whichcould result in privilege escalation, denial of service or information leaks.
- DSA-5270 ntfs-3g - security update
Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, aread-write NTFS driver for FUSE, due to incorrect validation of some ofthe NTFS metadata. A local user can take advantage of this flaw forlocal root privilege escalation.
- DSA-5269 pypy3 - security update
Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, afast, compliant alternative implementation of the Python language.