Debian LTS Linux Distribution - Page 38.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Matthias Gerstner discovered that the --join option of Firejail, a sandbox to restrict an application environment, was susceptible to local privilege escalation to root.
Several issues have been found in blender, a very fast and versatile 3D modeller/renderer.
Two issues have been found in libsndfile, a library for reading/writing audio files.
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
This update includes the latest changes to the leap second list, including an update to its expiry date, which was set for the end of June.
Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other unspecified impact.
It was discovered that the Cyrus IMAP server was prone to a denial of service attack via input that is mishandled during hash-table interaction. Furthermore it allowed privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over
Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened.
Several vulnerabilities were discovered in Mailman, a web-based mailing list manager. An attacker could impersonate more privileged accounts through different vectors.
Bottle, which is a fast, simple and lightweight WSGI micro web-framework for Pytho, mishandles errors during early request binding.
It was discovered that the Debian package of Avahi, a framework for Multicast DNS Service Discovery, executed the script avahi-daemon-check-dns.sh with root privileges which would allow a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under
Several security vulnerabilities were found in glib2.0, a general-purpose utility library for the GNOME environment. CVE-2021-27218
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original
Several vulnerabilities have been found in the ClamAV antivirus toolkit, that could result in denial of service or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version
Multiple security issues have been found in Thunderbird, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processed.
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security to mark the end of life of the following packages:
Several integer overflows have been discovered in TurboJPEG, a JPEG image library, which can lead to a denial of service (application crash) if someone attempts to compress or decompress gigapixel images with the TurboJPEG API.