Debian LTS Linux Distribution - Page 37
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Evgeny Legerov reported a heap-based buffer overflow vulnerability in the inflate operation in zlib, which could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed.
Linux 5.10 has been packaged for Debian 10 as linux-5.10. This provides a supported upgrade path for systems that currently use kernel packages from the "buster-backports" suite.
Two vulnerabilities were discovered in libxslt, an XSLT processing runtime library, that could result in denial of service or potentially the execution of arbitrary code if malicious files are processed.
It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code.
A heap-based buffer overflow flaw was found in libmodbus, a library for the Modbus protocol, which can be abused for a denial of service attack or memory corruption.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Two vulnerabilities were discovered in `ruby-rack`, a popular Ruby webserver: CVE-2022-30122:
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.
A heap-based buffer over write vulnerability was found in GhostScript, the GPL PostScript/PDF interpreter. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
The following vulnerabilities have been discovered in rails, a ruby based MVC frame work for web development. CVE-2022-21831
The following vulnerabilities have been discovered in the sofia-sip, a SIP user-agent library. CVE-2022-31001
A buffer overflow was discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.
It was discovered that there was an arbitrary object deserialization vulnerability in php-horde-turba, an address book component for the Horde groupware suite.
It was discovered that there was a potential XSS vulnerability in php-horde-mime-viewer, a MIME viewer library for the Horde groupware platform.
Yu Zhang and Nanyu Zhong discovered several vulnerabilities in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32893
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
Two security issues have been discovered in ndpi: deep packet inspection library.