275 matches found
CLSA-2024-1710786562 Fix CVE(s): CVE-2023-46218
SECURITY UPDATE: Improper cookie domain verification allows malicious HTTP server to set 'super cookies' in package - debian/control: Build-Depends: add libpsl-dev - debian/patches/CVE-2023-46218.patch: Lowercase domain names before PSL checks to ensure proper comparison - CVE-2023-46218...
DEBIAN-CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
DEBIAN-CVE-2023-52570
In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdevunregisterparent Inject fault while probing mdpy.ko, if kstrdup of createdir fails in kobjectaddinternal in kobjectinitandadd in mdevtypeadd in parentcreatesysfsfiles, it will return 0...
DEBIAN-CVE-2021-46997
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...
DEBIAN-CVE-2021-46992
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
DEBIAN-CVE-2021-46934
In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...
DEBIAN-CVE-2023-52472
In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...
CLSA-2024-1708427752 Fix CVE(s): CVE-2023-48795
Fix: possible segfault in the CVE-2023-48795 fix - debian/patches/CVE-2023-48795-post-fix.patch...
CLSA-2024-1707419801 Fix CVE(s): CVE-2023-5981
SECURITY UPDATE: timing side-channel in the RSA-PSK ClientKeyExchange - debian/patches/nettle-pk-randomness-level.patch: nettle/pk use the appropriate level of randomness for each operation. - debian/patches/pk-gnutlsswitchlibstate.patch: pk always use gnutlsswitchlibstate. -...
CLSA-2024-1706026919 Fix CVE(s): CVE-2023-50269
SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...
CLSA-2024-1706026686 Fix CVE(s): CVE-2023-50269
SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...
CLSA-2023-1700835779 Fix CVE(s): CVE-2023-3961
SECURITY UPDATE: open socket out of the dedicated directory - debian/patches/CVE-2023-3961.patch: prevents a traversal out the dedicated directory - CVE-2023-3961...
CLSA-2023-1700593692 Fix CVE(s): CVE-2023-3446
SECURITY UPDATE: Denial of service could be encountered if a DH key or DH parameters check experience long delays. - debian/patches/CVE-2023-3446.patch: Adds check to prevent the testing of an excessively large modulus in DHcheck. - CVE-2023-3446...
DEBIAN-CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CLSA-2023-1697462566 Fix CVE(s): CVE-2022-48566
SECURITY UPDATE: Constant-time-defeating optimisations issue - debian/patches/CVE-2022-48566.patch: Make comparedigest more constant-time - CVE-2022-48566...
CLSA-2023-1695835334 Fix CVE(s): CVE-2020-22218
SECURITY UPDATE: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. - debian/patches/CVE-2020-22218.patch: doing totalnum zero length check. - CVE-2020-22218...
CLSA-2023-1691576076 Fix CVE(s): CVE-2023-2828
SECURITY UPDATE: cache size limit exceeding may cause Denial of Service - debian/patches/CVE-2023-2828.patch: prevents the cache going over the configured memory limit max-cache-size - CVE-2023-2828...
DEBIAN-CVE-2023-25652
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...
CLSA-2023-1678396353 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse.urlparse does not enforce that a scheme must begin with an ASCII-character - debian/patches/CVE-2023-24329.patch: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character - CVE-2023-24329...
SUSE CVE-2013-4577
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...